Bug 15785

Summary:

REGRESSION(r27344): Crash on load at finance.yahoo.com

Product:

WebKit

Reporter:

Mark Rowe (bdash) <mrowe>

Component:

JavaScriptCore

Assignee:

Geoffrey Garen <ggaren>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

ggaren

Priority:

Keywords:

Regression

Version:

523.x (Safari 3)

Hardware:

Mac

OS:

OS X 10.5

URL:

http://finance.yahoo.com

Attachments:

Description	Flags
Backtrace from assertion failure	none
Patch	mjs: review+

Description Mark Rowe (bdash) 2007-11-01 10:14:48 PDT

Steps to reproduce:
1. Load http://finance.yahoo.com/
2. There is no step 2.

Results:
I have seen three different results: an assertion failure, a crash, and a unrecoverable hang.  I'll attach the backtrace of the assertion failure as that is by far the most common symptom.

Comment 1 Mark Rowe (bdash) 2007-11-01 10:15:47 PDT

Created attachment 16983 [details]
Backtrace from assertion failure

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x039f8e0f in WTF::HashTable<KJS::UString::Rep*, std::pair<KJS::UString::Rep*, unsigned long>, WTF::PairFirstExtractor<std::pair<KJS::UString::Rep*, unsigned long> >, KJS::IdentifierRepHash, WTF::PairHashTraits<WTF::HashTraits<KJS::UString::Rep*>, KJS::SymbolTableIndexHashTraits>, WTF::HashTraits<KJS::UString::Rep*> >::lookup<KJS::UString::Rep*, WTF::IdentityHashTranslator<KJS::UString::Rep*, std::pair<KJS::UString::Rep*, unsigned long>, KJS::IdentifierRepHash> > (this=0x1abdcfc4, key=@0xbfffd1b4) at HashTable.h:414
414	        ASSERT(m_table);
(gdb) bt
#0  0x039f8e0f in WTF::HashTable<KJS::UString::Rep*, std::pair<KJS::UString::Rep*, unsigned long>, WTF::PairFirstExtractor<std::pair<KJS::UString::Rep*, unsigned long> >, KJS::IdentifierRepHash, WTF::PairHashTraits<WTF::HashTraits<KJS::UString::Rep*>, KJS::SymbolTableIndexHashTraits>, WTF::HashTraits<KJS::UString::Rep*> >::lookup<KJS::UString::Rep*, WTF::IdentityHashTranslator<KJS::UString::Rep*, std::pair<KJS::UString::Rep*, unsigned long>, KJS::IdentifierRepHash> > (this=0x1abdcfc4, key=@0xbfffd1b4) at HashTable.h:414
#1  0x039f8f7a in WTF::HashTable<KJS::UString::Rep*, std::pair<KJS::UString::Rep*, unsigned long>, WTF::PairFirstExtractor<std::pair<KJS::UString::Rep*, unsigned long> >, KJS::IdentifierRepHash, WTF::PairHashTraits<WTF::HashTraits<KJS::UString::Rep*>, KJS::SymbolTableIndexHashTraits>, WTF::HashTraits<KJS::UString::Rep*> >::lookup (this=0x1abdcfc4, key=@0xbfffd1b4) at HashTable.h:321
#2  0x039f8fad in WTF::HashMap<KJS::UString::Rep*, unsigned long, KJS::IdentifierRepHash, WTF::HashTraits<KJS::UString::Rep*>, KJS::SymbolTableIndexHashTraits>::get (this=0x1abdcfc4, key=@0xbfffd1b4) at HashMap.h:299
[..]

Comment 2 Geoffrey Garen 2007-11-01 12:30:06 PDT

Finishing up a patch.

Comment 3 Geoffrey Garen 2007-11-01 12:33:32 PDT

Created attachment 16985 [details]
Patch

Comment 4 Maciej Stachowiak 2007-11-01 13:53:00 PDT

Comment on attachment 16985 [details]
Patch

r=me

Comment 5 Geoffrey Garen 2007-11-01 14:07:14 PDT

Committed revision 27359.