Bug 16919
| Summary: | Crash in FunctionCallDotNode::evaluate @ partlyhuman.com | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Geoffrey Garen <ggaren> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Critical | CC: | mjs, zwarich |
| Priority: | P1 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
Geoffrey Garen
<rdar://problem/5694080>
Visit http://www.partlyhuman.com/blog/roger/aliased-text-mac-eclipse
--> crash
Regressed at r29425, the ActivationImp change.
Thread 0 Crashed:
0 com.apple.JavaScriptCore 0x0030c0a9 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 281
1 com.apple.JavaScriptCore 0x00364639 KJS::AssignLocalVarNode::evaluate(KJS::ExecState*) + 25
2 com.apple.JavaScriptCore 0x0030e649 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
3 com.apple.JavaScriptCore 0x0030b870 KJS::BlockNode::execute(KJS::ExecState*) + 64
4 com.apple.JavaScriptCore 0x0035c65e KJS::IfElseNode::execute(KJS::ExecState*) + 78
5 com.apple.JavaScriptCore 0x0030b870 KJS::BlockNode::execute(KJS::ExecState*) + 64
6 com.apple.JavaScriptCore 0x003119e6 KJS::ForNode::execute(KJS::ExecState*) + 102
7 com.apple.JavaScriptCore 0x0035c92a KJS::CaseBlockNode::executeBlock(KJS::ExecState*, KJS::JSValue*) + 586
8 com.apple.JavaScriptCore 0x003257bf KJS::SwitchNode::execute(KJS::ExecState*) + 79
9 com.apple.JavaScriptCore 0x003815e1 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 433
10 com.apple.JavaScriptCore 0x0030e7a9 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 73
11 com.apple.JavaScriptCore 0x00312b70 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 896
12 com.apple.JavaScriptCore 0x0036071b KJS::ArgumentListNode::evaluateList(KJS::ExecState*, KJS::List&) + 43
13 com.apple.JavaScriptCore 0x0030c13b KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 427
14 com.apple.JavaScriptCore 0x00364639 KJS::AssignLocalVarNode::evaluate(KJS::ExecState*) + 25
15 com.apple.JavaScriptCore 0x0030e649 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
16 com.apple.JavaScriptCore 0x0030b870 KJS::BlockNode::execute(KJS::ExecState*) + 64
17 com.apple.JavaScriptCore 0x003119e6 KJS::ForNode::execute(KJS::ExecState*) + 102
18 com.apple.JavaScriptCore 0x003815e1 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 433
19 com.apple.JavaScriptCore 0x0030e7a9 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 73
20 com.apple.JavaScriptCore 0x00312b70 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 896
21 com.apple.JavaScriptCore 0x00364639 KJS::AssignLocalVarNode::evaluate(KJS::ExecState*) + 25
22 com.apple.JavaScriptCore 0x0030ba29 KJS::VarStatementNode::execute(KJS::ExecState*) + 25
23 com.apple.JavaScriptCore 0x003815e1 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 433
24 com.apple.JavaScriptCore 0x0030e7a9 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 73
25 com.apple.JavaScriptCore 0x0034b1dc KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 588
26 com.apple.JavaScriptCore 0x0030c2b6 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 806
27 com.apple.JavaScriptCore 0x0030e649 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
28 com.apple.JavaScriptCore 0x0030b870 KJS::BlockNode::execute(KJS::ExecState*) + 64
29 com.apple.JavaScriptCore 0x003119e6 KJS::ForNode::execute(KJS::ExecState*) + 102
30 com.apple.JavaScriptCore 0x003815e1 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 433
31 com.apple.JavaScriptCore 0x0030e7a9 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 73
32 com.apple.JavaScriptCore 0x00321237 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 135
33 com.apple.WebCore 0x00a93eb9 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1401
34 com.apple.WebCore 0x00a0a906 WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 166
35 com.apple.WebCore 0x00a0a670 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 192
36 com.apple.WebCore 0x009fb236 WebCore::Document::implicitClose() + 262
37 com.apple.WebCore 0x009bcd9a WebCore::FrameLoader::checkCompleted() + 170
38 com.apple.WebCore 0x00a278c2 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 290
39 com.apple.WebCore 0x00a255a1 WebCore::SubresourceLoader::didFinishLoading() + 49
40 com.apple.WebCore 0x00a23888 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 72
41 com.apple.Foundation 0x94a9d907 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87
42 com.apple.Foundation 0x94a9d894 _NSURLConnectionDidFinishLoading + 68
43 com.apple.CFNetwork 0x958c97eb sendDidFinishLoadingCallback + 148
44 com.apple.CFNetwork 0x958c6918 _CFURLConnectionSendCallbacks + 1994
45 com.apple.CFNetwork 0x958c60d1 muxerSourcePerform + 283
46 com.apple.CoreFoundation 0x9260f62e CFRunLoopRunSpecific + 3166
47 com.apple.CoreFoundation 0x9260fd18 CFRunLoopRunInMode + 88
48 com.apple.HIToolbox 0x94cd9780 RunCurrentEventLoopInMode + 283
49 com.apple.HIToolbox 0x94cd9599 ReceiveNextEventCommon + 374
50 com.apple.HIToolbox 0x94cd940d BlockUntilNextEventMatchingListInMode + 106
51 com.apple.AppKit 0x95c69771 _DPSNextEvent + 657
52 com.apple.AppKit 0x95c69026 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
53 com.apple.Safari 0x0000e7ae 0x1000 + 55214
54 com.apple.AppKit 0x95c6205d -[NSApplication run] + 795
55 com.apple.AppKit 0x95c2f2a2 NSApplicationMain + 574
56 com.apple.Safari 0x00007b96 0x1000 + 27542
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Cameron Zwarich (cpst)
I couldn't reproduce this myself, but does it still happen after r29997?
Cameron Zwarich (cpst)
This no longer happens.