Bug 112954

Summary:	REGRESSION: Crash under createNotAnObjectError visiting SES test page
Product:	WebKit	Reporter:	Mark S. Miller <erights>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED DUPLICATE
Severity:	Critical	CC:	ap, erights, fpizlo, ggaren, oliver
Priority:	P1	Keywords:	InRadar
Version:	528+ (Nightly build)
Hardware:	Mac (Intel)
OS:	OS X 10.8
URL:	http://google-caja.googlecode.com/svn/trunk/src/com/google/caja/ses/explicit.html

Mark S. Miller

Reported 2013-03-21 12:52:40 PDT

I just now installed the latest version of WebKit Nightly Version 6.0.2 (8536.26.17, 537+). It crashes the browser as a whole when visiting the SES test page at http://google-caja.googlecode.com/svn/trunk/src/com/google/caja/ses/explicit.html . The immediately previous version does fine on that page. Safari Version 6.0.2 (8536.26.17) also does fine on that page. Since the entire browser crashes, I have no idea what on that page is causing the problem. I also cannot tell for sure that the component at issue is JSC, though I expect it is. Feel free to reclassify. I'm classifying this as Critical/P1 not because I expect you think SES is that important, but because this is a browser-crashing bug.

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2013-03-22 15:53:46 PDT

0 com.apple.JavaScriptCore 0x0000000108f91ad5 JSC::JSCell::toPrimitive(JSC::ExecState*, JSC::PreferredPrimitiveType) const + 21 1 com.apple.JavaScriptCore 0x0000000108f928d6 JSC::JSValue::toStringSlowCase(JSC::ExecState*) const + 886 2 com.apple.JavaScriptCore 0x0000000108dfc049 JSC::createNotAnObjectError(JSC::ExecState*, JSC::JSValue) + 57 3 com.apple.JavaScriptCore 0x0000000108df9854 JSC::JSValue::synthesizePrototype(JSC::ExecState*) const + 132 4 com.apple.JavaScriptCore 0x0000000108e55795 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 53 5 com.apple.JavaScriptCore 0x0000000108de0910 cti_op_get_by_id_generic + 80

Geoffrey Garen

Comment 2 2013-03-22 17:38:15 PDT

<rdar://problem/13489189>

Mark S. Miller

Comment 3 2021-05-07 12:51:56 PDT

That test page works fine in Safari Version 14.1 (16611.1.21.161.3). Should this be closed?

Alexey Proskuryakov

Comment 4 2021-05-07 13:04:54 PDT

Thank you for the update! For some reason, this got fixed as bug 113236 without a mention here. *** This bug has been marked as a duplicate of bug 113236 ***

Note You need to log in before you can comment on or make changes to this bug.