Bug 11477

Summary:

REGRESSION: GMail crashes in KJS::FunctionImp::callerGetter

Product:

WebKit

Reporter:

Justin Garcia <justin.garcia>

Component:

JavaScriptCore

Assignee:

Geoffrey Garen <ggaren>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

GoogleBug, Regression

Priority:

Version:

420+

Hardware:

Mac

OS:

OS X 10.4

Bug Depends on:

Bug Blocks:

9638

Attachments:

Description	Flags
fix w/layout test and changelog	bdakin: review+

Description Justin Garcia 2006-10-31 17:08:52 PST

Goto http://mail.google.com/
Login

Crash:
0   com.apple.JavaScriptCore 	0x00324460 KJS::FunctionImp::callerGetter(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) + 32
1   com.apple.JavaScriptCore 	0x003407a0 KJS::JSObject::get(KJS::ExecState*, KJS::Identifier const&) const + 176
2   com.apple.JavaScriptCore 	0x00333cfc KJS::ArgumentListNode::evaluateList(KJS::ExecState*) + 92
3   com.apple.JavaScriptCore 	0x003347e4 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 452
4   com.apple.JavaScriptCore 	0x003333f8 KJS::AddNode::evaluate(KJS::ExecState*) + 120
5   com.apple.JavaScriptCore 	0x0033279c KJS::AssignResolveNode::evaluate(KJS::ExecState*) + 364
6   com.apple.JavaScriptCore 	0x00338a88 KJS::ExprStatementNode::execute(KJS::ExecState*) + 104
7   com.apple.JavaScriptCore 	0x0033bf38 KJS::SourceElementsNode::execute(KJS::ExecState*) + 472
8   com.apple.JavaScriptCore 	0x003389b8 KJS::BlockNode::execute(KJS::ExecState*) + 152
9   com.apple.JavaScriptCore 	0x00338cf8 KJS::IfNode::execute(KJS::ExecState*) + 392
10  com.apple.JavaScriptCore 	0x0033bf38 KJS::SourceElementsNode::execute(KJS::ExecState*) + 472
11  com.apple.JavaScriptCore 	0x003389b8 KJS::BlockNode::execute(KJS::ExecState*) + 152
12  com.apple.JavaScriptCore 	0x0033ba0c KJS::TryNode::execute(KJS::ExecState*) + 108
13  com.apple.JavaScriptCore 	0x0033be5c KJS::SourceElementsNode::execute(KJS::ExecState*) + 252
14  com.apple.JavaScriptCore 	0x003389b8 KJS::BlockNode::execute(KJS::ExecState*) + 152
15  com.apple.JavaScriptCore 	0x003257a8 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56
16  com.apple.JavaScriptCore 	0x00325110 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 448
17  com.apple.JavaScriptCore 	0x003415e4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116
18  com.apple.JavaScriptCore 	0x00334878 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 600
19  com.apple.JavaScriptCore 	0x003333f8 KJS::AddNode::evaluate(KJS::ExecState*) + 120
20  com.apple.JavaScriptCore 	0x0033279c KJS::AssignResolveNode::evaluate(KJS::ExecState*) + 364
21  com.apple.JavaScriptCore 	0x00338a88 KJS::ExprStatementNode::execute(KJS::ExecState*) + 104
22  com.apple.JavaScriptCore 	0x0033bf38 KJS::SourceElementsNode::execute(KJS::ExecState*) + 472
23  com.apple.JavaScriptCore 	0x003389b8 KJS::BlockNode::execute(KJS::ExecState*) + 152
24  com.apple.JavaScriptCore 	0x00338cf8 KJS::IfNode::execute(KJS::ExecState*) + 392
25  com.apple.JavaScriptCore 	0x0033bf38 KJS::SourceElementsNode::execute(KJS::ExecState*) + 472
26  com.apple.JavaScriptCore 	0x003389b8 KJS::BlockNode::execute(KJS::ExecState*) + 152
27  com.apple.JavaScriptCore 	0x0033ba0c KJS::TryNode::execute(KJS::ExecState*) + 108

...

Comment 1 Geoffrey Garen 2006-10-31 17:34:02 PST

I have a fix.

Comment 2 Geoffrey Garen 2006-10-31 18:08:20 PST

Created attachment 11316 [details]
fix w/layout test and changelog

Comment 3 Beth Dakin 2006-10-31 18:16:33 PST

Comment on attachment 11316 [details]
fix w/layout test and changelog

r=me!

Comment 4 Geoffrey Garen 2006-10-31 18:21:17 PST

Committed revision 17507.