Bug 16288
| Summary: | REGRESSION: Crash in KJS::Interpreter::createObjectsForGlobalObjectProperties() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ggaren |
| Priority: | P1 | Keywords: | Regression |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
| URL: | http://www.news.com/?tag=hdrgif | ||
David Kilzer (:ddkilzer)
* SUMMARY
Reloading <http://www.news.com/?tag=hdrgif> a few times to test the fix for Bug 16220, I saw a different crash in KJS::Interpreter::createObjectsForGlobalObjectProperties().
* STEPS TO REPRODUCE
1. Apply the patch for Bug 16220 and recompile WebKit.
2. Launch WebKit/Safari.
3. Go to URL: http://www.news.com/?tag=hdrgif
4. Hit "Reload" until it crashes.
* RESULTS
Safari/WebKit crash in KJS::Interpreter::createObjectsForGlobalObjectProperties().
* REGRESSION
This is a regression from shipping Safari 3.0.4 (523.12) on Mac OS X 10.4.11 (8S165).
* NOTES
Crash log:
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000044
Thread 0 Crashed:
0 com.apple.JavaScriptCore 0x005b668c KJS::Interpreter::createObjectsForGlobalObjectProperties() + 2988 (interpreter.cpp:241)
1 com.apple.JavaScriptCore 0x005b6d08 KJS::Interpreter::init() + 276 (interpreter.cpp:115)
2 com.apple.JavaScriptCore 0x005b74c4 KJS::Interpreter::Interpreter[not-in-charge]() + 104 (interpreter.cpp:90)
3 com.apple.WebCore 0x01501510 KJS::ScriptInterpreter::ScriptInterpreter[in-charge](KJS::JSGlobalObject*, WebCore::Frame*) + 44 (kjs_binding.cpp:144)
4 com.apple.WebCore 0x0150969c WebCore::KJSProxy::initScript() + 224 (kjs_proxy.cpp:157)
5 com.apple.WebCore 0x017e5a28 WebCore::KJSProxy::initScriptIfNeeded() + 56 (kjs_proxy.h:74)
6 com.apple.WebCore 0x01509aa4 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 52 (kjs_proxy.cpp:74)
7 com.apple.WebCore 0x011a8a08 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 128 (FrameLoader.cpp:759)
8 com.apple.WebCore 0x01228790 WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 388 (HTMLTokenizer.cpp:520)
9 com.apple.WebCore 0x0122a334 WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1664 (HTMLTokenizer.cpp:470)
10 com.apple.WebCore 0x0122a994 WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 1208 (HTMLTokenizer.cpp:319)
11 com.apple.WebCore 0x0122cf90 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7936 (HTMLTokenizer.cpp:1229)
12 com.apple.WebCore 0x0122d8f4 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1504 (HTMLTokenizer.cpp:1445)
13 com.apple.WebCore 0x0119b038 WebCore::FrameLoader::write(char const*, int, bool) + 1288 (FrameLoader.cpp:989)
14 com.apple.WebCore 0x0119b1a4 WebCore::FrameLoader::addData(char const*, int) + 320 (FrameLoader.cpp:1738)
15 com.apple.WebCore 0x014bf064 -[WebCoreFrameBridge addData:] + 232 (WebCoreFrameBridge.mm:297)
16 com.apple.WebCore 0x014c654c -[WebCoreFrameBridge receivedData:textEncodingName:] + 316 (WebCoreFrameBridge.mm:1300)
17 com.apple.WebKit 0x00353b80 -[WebHTMLRepresentation receivedData:withDataSource:] + 296
18 com.apple.WebKit 0x00332274 -[WebDataSource(WebInternal) _receivedData:] + 116
19 com.apple.WebKit 0x0034984c WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 184 (WebFrameLoaderClient.mm:747)
20 com.apple.WebCore 0x011940c4 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 92 (FrameLoader.cpp:3248)
21 com.apple.WebCore 0x0114ce60 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:351)
22 com.apple.WebCore 0x0114d0c8 WebCore::DocumentLoader::receivedData(char const*, int) + 104 (DocumentLoader.cpp:364)
23 com.apple.WebCore 0x01192d7c WebCore::FrameLoader::receivedData(char const*, int) + 60 (FrameLoader.cpp:2184)
24 com.apple.WebCore 0x0133e290 WebCore::MainResourceLoader::addData(char const*, int, bool) + 92 (MainResourceLoader.cpp:138)
25 com.apple.WebCore 0x01455a3c WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 104 (ResourceLoader.cpp:229)
26 com.apple.WebCore 0x0133e4d8 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 288 (MainResourceLoader.cpp:293)
27 com.apple.WebCore 0x0145538c WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 108 (ResourceLoader.cpp:357)
28 com.apple.WebCore 0x01452c0c -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 300 (ResourceHandleMac.mm:435)
29 com.apple.Foundation 0x92c18574 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
30 com.apple.Foundation 0x92c16a14 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
31 com.apple.Foundation 0x92c167b0 _sendCallbacks + 156
32 com.apple.CoreFoundation 0x907de42c __CFRunLoopDoSources0 + 384
33 com.apple.CoreFoundation 0x907dd95c __CFRunLoopRun + 452
34 com.apple.CoreFoundation 0x907dd3dc CFRunLoopRunSpecific + 268
35 com.apple.HIToolbox 0x9329eb20 RunCurrentEventLoopInMode + 264
36 com.apple.HIToolbox 0x9329e1b4 ReceiveNextEventCommon + 380
37 com.apple.HIToolbox 0x9329e020 BlockUntilNextEventMatchingListInMode + 96
38 com.apple.AppKit 0x937a4bc4 _DPSNextEvent + 384
39 com.apple.AppKit 0x937a4888 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
40 com.apple.Safari 0x000095e0 0x1000 + 34272
41 com.apple.AppKit 0x937a0dcc -[NSApplication run] + 472
42 com.apple.AppKit 0x93891974 NSApplicationMain + 452
43 com.apple.Safari 0x0009bad4 0x1000 + 633556
44 com.apple.Safari 0x000022fc 0x1000 + 4860
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Rowe (bdash)
*** This bug has been marked as a duplicate of 16266 ***