Bug 12357

Summary: Reproducible crash in WebCore::Settings::isJavaScriptEnabled in svg/custom/js-update-bounce.svg under guard-malloc
Product: WebKit Reporter: Mark Rowe (bdash) <mrowe>
Component: New BugsAssignee: Mark Rowe (bdash) <mrowe>
Status: RESOLVED FIXED    
Severity: Major Keywords: LayoutTestFailure
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Patch mjs: review+

Mark Rowe (bdash)
Reported 2007-01-21 19:04:26 PST
To reproduce: run-webkit-tests --debug --guard-malloc svg/custom/js-update-bounce.svg Crashes with: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xb9d5cffc 0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82 82 bool isJavaScriptEnabled() const { return m_isJavaScriptEnabled; } (gdb) bt #0 0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82 #1 0x010dac5b in WebCore::Frame::scriptProxy (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:258 #2 0x0126a164 in KJS::Window::retrieve (p=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:400 #3 0x0126a1ad in KJS::Window::retrieveWindow (f=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:384 #4 0x010e0480 in WebCore::Frame::~Frame (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:203 warning: internal error: no C/C++ fundamental type 1 #5 0x010e4b63 in WebCore::FrameMac::~FrameMac (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/mac/FrameMac.mm:152 #6 0x014c8e5e in WebCore::Shared<WebCore::Frame>::deref (this=0xb9db0fd4) at Shared.h:52 #7 0x014c8e86 in WTF::RefPtr<WebCore::Frame>::~RefPtr (this=0xb9d56ffc) at RefPtr.h:41 #8 0x015537c4 in WebCore::FocusController::~FocusController (this=0xb9d56ff8) at FocusController.h:40 #9 0x015537e7 in WTF::OwnPtr<WebCore::FocusController>::safeDelete (this=0xb9d50fd4) at OwnPtr.h:54 #10 0x01553805 in WTF::OwnPtr<WebCore::FocusController>::~OwnPtr (this=0xb9d50fd4) at OwnPtr.h:34 #11 0x011a1b6c in WebCore::Page::~Page (this=0xb9d50fc8) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:92 #12 0x0025d6c2 in -[WebView(WebPrivate) _close] (self=0xb9b04fac, _cmd=0x90a6b1dc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:647 #13 0x002621e3 in -[WebView close] (self=0xb9b04fac, _cmd=0x90a9bb2c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1764 #14 0x000061a1 in dumpRenderTree (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:431 #15 0x000062d6 in main (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:459
Attachments
Patch (1.34 KB, patch)
2007-01-21 19:09 PST, Mark Rowe (bdash) 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2007-01-21 19:09:07 PST
Created attachment 12595 [details] Patch
Darin Adler
Comment 2 2007-01-21 19:12:42 PST
Comment on attachment 12595 [details] Patch Need a nil check of m_jscript which can be 0 if JavaScript was disabled or never used. Should not have a space in Window*.
Mark Rowe (bdash)
Comment 3 2007-01-21 19:16:49 PST
The code is inside "if (d->m_jscript && d->m_jscript->haveInterpreter())", so d->m_jscript can never be nil.
David Kilzer (:ddkilzer)
Comment 4 2007-01-21 19:25:12 PST
Comment on attachment 12595 [details] Patch Resetting review? flag per Comment #3.
Maciej Stachowiak
Comment 5 2007-01-21 20:00:25 PST
Comment on attachment 12595 [details] Patch r=me
Mark Rowe (bdash)
Comment 6 2007-01-21 20:03:54 PST
Landed in r19023.
Note You need to log in before you can comment on or make changes to this bug.