Bug 149480

Summary: Regression(r190134): Crash in JSDOMTokenListOwner::isReachableFromOpaqueRoots()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: BindingsAssignee: Chris Dumez <cdumez>
Status: RESOLVED INVALID    
Severity: Normal CC: darin, ggaren, zalan
Priority: P2    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 149418    

Chris Dumez
Reported 2015-09-22 15:53:15 PDT
Regression(r190134): Crash in JSDOMTokenListOwner::isReachableFromOpaqueRoots(): Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Application Specific Information: CRASHING TEST: fast/dom/HTMLScriptElement/script-set-src.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000011044b0c7 WebCore::JSDOMTokenListOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void*, JSC::SlotVisitor&) + 39 1 com.apple.JavaScriptCore 0x000000010ee14774 JSC::WeakBlock::visit(JSC::HeapRootVisitor&) + 212 (WeakBlock.cpp:123) 2 com.apple.JavaScriptCore 0x000000010ecb97cb JSC::VisitWeakSet::ReturnType JSC::MarkedSpace::forEachBlock<JSC::VisitWeakSet>(JSC::VisitWeakSet&) + 651 (MarkedSpace.h:242) 3 com.apple.JavaScriptCore 0x000000010ecb8b21 JSC::MarkedSpace::visitWeakSets(JSC::HeapRootVisitor&) + 145 (MarkedSpace.cpp:156) 4 com.apple.JavaScriptCore 0x000000010eacc59a JSC::Heap::visitWeakHandles(JSC::HeapRootVisitor&) + 106 (Heap.cpp:484) 5 com.apple.JavaScriptCore 0x000000010eacbd5a JSC::Heap::markRoots(double, void*, void*, int (&) [37]) + 1018 (Heap.cpp:563) 6 com.apple.JavaScriptCore 0x000000010eacdccd JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [37]) + 733 (Heap.cpp:1011) 7 com.apple.JavaScriptCore 0x000000010eacd9bd JSC::Heap::collect(JSC::HeapOperation) + 237 (Heap.cpp:962) 8 com.apple.JavaScriptCore 0x000000010e82f89d JSC::GCActivityCallback::doWork() + 125 (GCActivityCallback.cpp:81) 9 com.apple.JavaScriptCore 0x000000010ead341a JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 186 (HeapTimer.cpp:101) 10 com.apple.CoreFoundation 0x00007fff87e7c2e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 11 com.apple.CoreFoundation 0x00007fff87e7bf73 __CFRunLoopDoTimer + 1059 12 com.apple.CoreFoundation 0x00007fff87eef53d __CFRunLoopDoTimers + 301 13 com.apple.CoreFoundation 0x00007fff87e37608 __CFRunLoopRun + 2024 14 com.apple.CoreFoundation 0x00007fff87e36bd8 CFRunLoopRunSpecific + 296 15 DumpRenderTree 0x000000010e60846f runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 2144 (DumpRenderTree.mm:2031) 16 DumpRenderTree 0x000000010e6079dc dumpRenderTree(int, char const**) + 3053 (DumpRenderTree.mm:1288) 17 DumpRenderTree 0x000000010e608f9f DumpRenderTreeMain(int, char const**) + 1400 (DumpRenderTree.mm:1424) 18 libdyld.dylib 0x00007fff886f35c9 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-09-22 16:06:47 PDT
Patch was rolled out.
Note You need to log in before you can comment on or make changes to this bug.