Bug 13550

Summary: Reproducible Crash in Javascript visiting http://whoissick.org/sickness/
Product: WebKit Reporter: Brady Eidson <beidson>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal Keywords: InRadar
Priority: P1    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
URL: http://whoissick.org/sickness/

Brady Eidson
Reported 2007-04-30 12:18:14 PDT
0 <<00000000>> 0x00000000 0 + 0 1 com.apple.WebCore 0x01239111 KJS::DOMNodeListFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 183 (kjs_dom.cpp:783) 2 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 3 com.apple.JavaScriptCore 0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790) 4 com.apple.JavaScriptCore 0x006a3e85 KJS::AssignExprNode::evaluate(KJS::ExecState*) + 43 (nodes.cpp:1579) 5 com.apple.JavaScriptCore 0x006d6dc6 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 88 (nodes.cpp:1596) 6 com.apple.JavaScriptCore 0x006d6d0f KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 51 (nodes.cpp:1644) 7 com.apple.JavaScriptCore 0x006d6b6d KJS::VarStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1668) 8 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 9 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 10 com.apple.JavaScriptCore 0x006d5c25 KJS::ForNode::execute(KJS::ExecState*) + 777 (nodes.cpp:1871) 11 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 12 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 13 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 14 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 15 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 16 com.apple.JavaScriptCore 0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790) 17 com.apple.JavaScriptCore 0x006a3e85 KJS::AssignExprNode::evaluate(KJS::ExecState*) + 43 (nodes.cpp:1579) 18 com.apple.JavaScriptCore 0x006d6dc6 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 88 (nodes.cpp:1596) 19 com.apple.JavaScriptCore 0x006d6d0f KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 51 (nodes.cpp:1644) 20 com.apple.JavaScriptCore 0x006d6b6d KJS::VarStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1668) 21 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 22 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 23 com.apple.JavaScriptCore 0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742) 24 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 25 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 26 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 27 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 28 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 29 com.apple.JavaScriptCore 0x006d9933 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 613 (nodes.cpp:694) 30 com.apple.JavaScriptCore 0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723) 31 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 32 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 33 com.apple.JavaScriptCore 0x006d696c KJS::IfNode::execute(KJS::ExecState*) + 468 (nodes.cpp:1750) 34 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 35 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 36 com.apple.JavaScriptCore 0x006d696c KJS::IfNode::execute(KJS::ExecState*) + 468 (nodes.cpp:1750) 37 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 38 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 39 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 40 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 41 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 42 com.apple.JavaScriptCore 0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790) 43 com.apple.JavaScriptCore 0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723) 44 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 45 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 46 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 47 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 48 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 49 com.apple.JavaScriptCore 0x006bd945 KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1621 (function_object.cpp:139) 50 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 51 com.apple.JavaScriptCore 0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790) 52 com.apple.JavaScriptCore 0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723) 53 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 54 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 55 com.apple.JavaScriptCore 0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742) 56 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 57 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 58 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 59 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 60 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 61 com.apple.JavaScriptCore 0x006d96b4 KJS::FunctionCallBracketNode::evaluate(KJS::ExecState*) + 1002 (nodes.cpp:748) 62 com.apple.JavaScriptCore 0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723) 63 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 64 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 65 com.apple.JavaScriptCore 0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742) 66 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 67 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 68 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 69 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 70 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 71 com.apple.JavaScriptCore 0x006d9933 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 613 (nodes.cpp:694) 72 com.apple.JavaScriptCore 0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723) 73 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 74 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 75 com.apple.JavaScriptCore 0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742) 76 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 77 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 78 com.apple.JavaScriptCore 0x006c7d21 KJS::TryNode::execute(KJS::ExecState*) + 143 (nodes.cpp:2346) 79 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 80 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 81 com.apple.JavaScriptCore 0x006d5c25 KJS::ForNode::execute(KJS::ExecState*) + 777 (nodes.cpp:1871) 82 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 83 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 84 com.apple.JavaScriptCore 0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742) 85 com.apple.JavaScriptCore 0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529) 86 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 87 com.apple.JavaScriptCore 0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319) 88 com.apple.JavaScriptCore 0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104) 89 com.apple.JavaScriptCore 0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 90 com.apple.JavaScriptCore 0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790) 91 com.apple.JavaScriptCore 0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723) 92 com.apple.JavaScriptCore 0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523) 93 com.apple.JavaScriptCore 0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700) 94 com.apple.JavaScriptCore 0x006d0e77 KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 973 (interpreter.cpp:365) 95 com.apple.WebCore 0x01247c87 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&, WebCore::Node*) + 319 (kjs_proxy.cpp:78) 96 com.apple.WebCore 0x013863b9 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::Node*, WebCore::String const&) + 99 (FrameLoader.cpp:711) 97 com.apple.WebCore 0x01386467 WebCore::FrameLoader::executeScript(WebCore::Node*, WebCore::String const&, bool) + 123 (FrameLoader.cpp:699) 98 com.apple.WebCore 0x0124ec0f KJS::ScheduledAction::execute(KJS::Window*) + 891 (kjs_window.cpp:1937) 99 com.apple.WebCore 0x01251c08 KJS::Window::timerFired(KJS::DOMWindowTimer*) + 424 (kjs_window.cpp:2054) 100 com.apple.WebCore 0x01251c75 KJS::DOMWindowTimer::fired() + 47 (kjs_window.cpp:2640) 101 com.apple.WebCore 0x011e7baa WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 196 (Timer.cpp:322) 102 com.apple.WebCore 0x011e7c47 WebCore::TimerBase::sharedTimerFired() + 109 (Timer.cpp:355) 103 com.apple.WebCore 0x011e72fe WebCore::timerFired(__CFRunLoopTimer*, void*) + 22 (SharedTimerMac.cpp:47) 104 com.apple.CoreFoundation 0x9082e7e2 CFRunLoopRunSpecific + 3341 105 com.apple.CoreFoundation 0x9082dace CFRunLoopRunInMode + 61 106 com.apple.HIToolbox 0x92de98d8 RunCurrentEventLoopInMode + 285 107 com.apple.HIToolbox 0x92de8fe2 ReceiveNextEventCommon + 385 108 com.apple.HIToolbox 0x92de8e39 BlockUntilNextEventMatchingListInMode + 81 109 com.apple.AppKit 0x9328f465 _DPSNextEvent + 572 110 com.apple.AppKit 0x9328f056 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 111 com.apple.Safari 0x00022bc9 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 171 (BrowserApplication.m:161) 112 com.apple.AppKit 0x93288ddb -[NSApplication run] + 512 113 com.apple.AppKit 0x9327cd2f NSApplicationMain + 573 114 com.apple.Safari 0x000aa1f3 main + 95 (main.m:27) 115 com.apple.Safari 0x00002e76 _start + 216 116 com.apple.Safari 0x00002d9d start + 41
Attachments
Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2007-04-30 12:19:06 PDT
<rdar://problem/5171285>
Andrew Wellington
Comment 2 2007-05-13 05:40:00 PDT
I tried to reproduce this with r21441 and couldn't. Are you still seeing it Brady?
Geoffrey Garen
Comment 3 2007-06-19 15:38:47 PDT
DOMNodeListFunc doesn't exist anymore, nor does the crashing page. => Cannot reproduce.
Note You need to log in before you can comment on or make changes to this bug.