Bug 149392

Summary: Regression(r190023): fast/dom/navigation-with-sideeffects-crash.html is crashing
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: BindingsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, darin, rniwa, sam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 149376    
Attachments:
Description Flags
Patch none

Description Chris Dumez 2015-09-20 14:59:24 PDT 
fast/dom/navigation-with-sideeffects-crash.html is crashing after r190023:
    #0 0x1108df096 in WebCore::Location::setHref(WebCore::DOMWindow&, WebCore::DOMWindow&, WTF::String const&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x19e7096)
    #1 0x1101e0acb in WebCore::setJSDocumentLocation(JSC::ExecState*, JSC::JSObject*, long long, long long) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x12e8acb)
    #2 0x10e0b5ce7 in JSC::putEntry(JSC::ExecState*, JSC::HashTableValue const*, JSC::JSObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xa86ce7)
    #3 0x10d65401f in JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2501f)
    #4 0x10d8b5215 in llint_slow_path_put_by_id (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x286215)
Comment 1 Chris Dumez 2015-09-20 15:09:23 PDT 
I know that is happening and I have a speculative patch. I just need to confirm it works before uploading it. The good news is that I can reproduce the crash locally.
Comment 2 Chris Dumez 2015-09-20 15:20:36 PDT 
Created attachment 261616 [details]
Patch
Comment 3 Chris Dumez 2015-09-20 16:24:40 PDT 
Comment on attachment 261616 [details]
Patch

Clearing flags on attachment: 261616

Committed r190034: <http://trac.webkit.org/changeset/190034>
Comment 4 Chris Dumez 2015-09-20 16:24:45 PDT 
All reviewed patches have been landed.  Closing bug.