Bug 112954

Summary: REGRESSION: Crash under createNotAnObjectError visiting SES test page
Product: WebKit Reporter: Mark S. Miller <erights>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Severity: Critical CC: ap, erights, fpizlo, ggaren, oliver
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.8   
URL: http://google-caja.googlecode.com/svn/trunk/src/com/google/caja/ses/explicit.html

Description Mark S. Miller 2013-03-21 12:52:40 PDT
I just now installed the latest version of WebKit Nightly Version 6.0.2 (8536.26.17, 537+). It crashes the browser as a whole when visiting the SES test page at http://google-caja.googlecode.com/svn/trunk/src/com/google/caja/ses/explicit.html . The immediately previous version does fine on that page. Safari Version 6.0.2 (8536.26.17) also does fine on that page.

Since the entire browser crashes, I have no idea what on that page is causing the problem. I also cannot tell for sure that the component at issue is JSC, though I expect it is.

Feel free to reclassify. I'm classifying this as Critical/P1 not because I expect you think SES is that important, but because this is a browser-crashing bug.
Comment 1 Alexey Proskuryakov 2013-03-22 15:53:46 PDT
0   com.apple.JavaScriptCore      	0x0000000108f91ad5 JSC::JSCell::toPrimitive(JSC::ExecState*, JSC::PreferredPrimitiveType) const + 21
1   com.apple.JavaScriptCore      	0x0000000108f928d6 JSC::JSValue::toStringSlowCase(JSC::ExecState*) const + 886
2   com.apple.JavaScriptCore      	0x0000000108dfc049 JSC::createNotAnObjectError(JSC::ExecState*, JSC::JSValue) + 57
3   com.apple.JavaScriptCore      	0x0000000108df9854 JSC::JSValue::synthesizePrototype(JSC::ExecState*) const + 132
4   com.apple.JavaScriptCore      	0x0000000108e55795 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 53
5   com.apple.JavaScriptCore      	0x0000000108de0910 cti_op_get_by_id_generic + 80
Comment 2 Geoffrey Garen 2013-03-22 17:38:15 PDT
Comment 3 Mark S. Miller 2021-05-07 12:51:56 PDT
That test page works fine in Safari Version 14.1 (16611. Should this be closed?
Comment 4 Alexey Proskuryakov 2021-05-07 13:04:54 PDT
Thank you for the update! For some reason, this got fixed as bug 113236 without a mention here.

*** This bug has been marked as a duplicate of bug 113236 ***