Bug 12357

Summary: Reproducible crash in WebCore::Settings::isJavaScriptEnabled in svg/custom/js-update-bounce.svg under guard-malloc
Product: WebKit Reporter: Mark Rowe (bdash) <mrowe>
Component: New BugsAssignee: Mark Rowe (bdash) <mrowe>
Status: RESOLVED FIXED    
Severity: Major Keywords: LayoutTestFailure
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Patch mjs: review+

Description Mark Rowe (bdash) 2007-01-21 19:04:26 PST 
To reproduce:
run-webkit-tests --debug --guard-malloc svg/custom/js-update-bounce.svg

Crashes with:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xb9d5cffc
0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82
82              bool isJavaScriptEnabled() const { return m_isJavaScriptEnabled; }
(gdb) bt
#0  0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82
#1  0x010dac5b in WebCore::Frame::scriptProxy (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:258
#2  0x0126a164 in KJS::Window::retrieve (p=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:400
#3  0x0126a1ad in KJS::Window::retrieveWindow (f=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:384
#4  0x010e0480 in WebCore::Frame::~Frame (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:203
warning: internal error: no C/C++ fundamental type 1
#5  0x010e4b63 in WebCore::FrameMac::~FrameMac (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/mac/FrameMac.mm:152
#6  0x014c8e5e in WebCore::Shared<WebCore::Frame>::deref (this=0xb9db0fd4) at Shared.h:52
#7  0x014c8e86 in WTF::RefPtr<WebCore::Frame>::~RefPtr (this=0xb9d56ffc) at RefPtr.h:41
#8  0x015537c4 in WebCore::FocusController::~FocusController (this=0xb9d56ff8) at FocusController.h:40
#9  0x015537e7 in WTF::OwnPtr<WebCore::FocusController>::safeDelete (this=0xb9d50fd4) at OwnPtr.h:54
#10 0x01553805 in WTF::OwnPtr<WebCore::FocusController>::~OwnPtr (this=0xb9d50fd4) at OwnPtr.h:34
#11 0x011a1b6c in WebCore::Page::~Page (this=0xb9d50fc8) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:92
#12 0x0025d6c2 in -[WebView(WebPrivate) _close] (self=0xb9b04fac, _cmd=0x90a6b1dc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:647
#13 0x002621e3 in -[WebView close] (self=0xb9b04fac, _cmd=0x90a9bb2c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1764
#14 0x000061a1 in dumpRenderTree (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:431
#15 0x000062d6 in main (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:459
Comment 1 Mark Rowe (bdash) 2007-01-21 19:09:07 PST 
Created attachment 12595 [details]
Patch
Comment 2 Darin Adler 2007-01-21 19:12:42 PST 
Comment on attachment 12595 [details]
Patch

Need a nil check of m_jscript which can be 0 if JavaScript was disabled or never used.

Should not have a space in Window*.
Comment 3 Mark Rowe (bdash) 2007-01-21 19:16:49 PST 
The code is inside "if (d->m_jscript && d->m_jscript->haveInterpreter())", so d->m_jscript can never be nil.
Comment 4 David Kilzer (:ddkilzer) 2007-01-21 19:25:12 PST 
Comment on attachment 12595 [details]
Patch

Resetting review? flag per Comment #3.
Comment 5 Maciej Stachowiak 2007-01-21 20:00:25 PST 
Comment on attachment 12595 [details]
Patch

r=me
Comment 6 Mark Rowe (bdash) 2007-01-21 20:03:54 PST 
Landed in r19023.