| Summary: | Crash in PluginPackage::hash | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Joey Geraci <joey2264> | ||||||
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Major | CC: | aroben, dev+webkit | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | PC | ||||||||
| OS: | Windows XP | ||||||||
| URL: | http://www.google.com/reader | ||||||||
| Attachments: |
|
||||||||
|
Description
Joey Geraci
2008-04-18 21:44:49 PDT
Created attachment 20682 [details]
Dr. Watson dmp file from crash
Stack trace from dump:
> WebKit.dll!WebCore::PluginPackage::hash() Line 364 C++
WebKit.dll!WTF::HashTable<int,int,WTF::IdentityExtractor<int>,WebCore::PluginPackageHash,WTF::HashTraits<int>,WTF::HashTraits<int> >::add<WTF::RefPtr<WebCore::PluginPackage>,WTF::RefPtr<WebCore::PluginPackage>,WTF::HashSetTranslator<0,WTF::RefPtr<WebCore::PluginPackage>,WTF::HashTraits<WTF::RefPtr<WebCore::PluginPackage> >,WTF::HashTraits<int>,WebCore::PluginPackageHash> >(const WTF::RefPtr<WebCore::PluginPackage> & key={...}, const WTF::RefPtr<WebCore::PluginPackage> & extra={...}) Line 613 + 0x16 bytes C++
WebKit.dll!WebCore::PluginDatabase::add(WTF::PassRefPtr<WebCore::PluginPackage> prpPackage={...}) Line 251 + 0x1b bytes C++
WebKit.dll!WebCore::PluginDatabase::refresh() Line 109 + 0x3b bytes C++
WebKit.dll!WebCore::PluginDatabase::installedPlugins() Line 47 C++
WebKit.dll!WebCore::PluginData::initPlugins() Line 32 C++
WebKit.dll!WebCore::PluginData::PluginData(const WebCore::Page * page=0x7feb9a28) Line 34 C++
WebKit.dll!WebCore::PluginData::create(const WebCore::Page * page=0x7feb9a28) Line 49 + 0x69 bytes C++
WebKit.dll!WebCore::Page::pluginData() Line 260 + 0xa bytes C++
WebKit.dll!WebCore::PluginArray::length() Line 42 C++
WebKit.dll!KJS::staticValueGetter<WebCore::JSPluginArray>(KJS::ExecState * exec=0x0012ef70, KJS::JSObject * __formal=0x045e6000, KJS::JSObject * __formal=0x045e6000, const KJS::PropertySlot & slot={...}) Line 109 + 0xb bytes C++
WebKit.dll!KJS::JSObject::get(KJS::ExecState * exec=0x10276270, const KJS::Identifier & propertyName={...}) Line 174 + 0x16 bytes C++
WebKit.dll!KJS::DotAccessorNode::evaluate(KJS::ExecState * exec=0x0012ef70) Line 966 + 0x15 bytes C++
WebKit.dll!KJS::LogicalAndNode::evaluateToBoolean(KJS::ExecState * exec=0x0012ef70) Line 3366 + 0xf bytes C++
WebKit.dll!KJS::IfElseNode::execute(KJS::ExecState * exec=0x0012ef70) Line 4044 C++
WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3947 C++
WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000005) Line 4890 + 0x8 bytes C++
WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012f0c8, KJS::JSObject * thisObj=0x045e0000, const KJS::List & args={...}) Line 101 + 0x191 bytes C++
WebKit.dll!KJS::ScopedVarFunctionCallNode::evaluate(KJS::ExecState * exec=0x0012f0c8) Line 1320 + 0x11 bytes C++
WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f0c8) Line 3556 C++
WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f0c8) Line 3994 C++
WebKit.dll!KJS::IfNode::execute(KJS::ExecState * exec=0x0012f0c8) Line 4030 + 0xb bytes C++
WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3947 C++
WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000009) Line 4890 + 0x8 bytes C++
WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012f270, KJS::JSObject * thisObj=0x045e0000, const KJS::List & args={...}) Line 101 + 0x191 bytes C++
WebKit.dll!KJS::ScopedVarFunctionCallNode::evaluate(KJS::ExecState * exec=0x0012f270) Line 1320 + 0x11 bytes C++
WebKit.dll!KJS::ReadModifyLocalVarNode::evaluate(KJS::ExecState * exec=) Line 3537 + 0x138 bytes C++
WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3947 C++
WebKit.dll!KJS::IfNode::execute(KJS::ExecState * exec=0x0012f270) Line 4030 + 0xb bytes C++
WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3947 C++
WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000006) Line 4890 + 0x8 bytes C++
WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012f3a4, KJS::JSObject * thisObj=0x045e0000, const KJS::List & args={...}) Line 101 + 0x191 bytes C++
WebKit.dll!KJS::ScopedVarFunctionCallNode::evaluate(KJS::ExecState * exec=0x0012f3a4) Line 1320 + 0x11 bytes C++
WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f3a4) Line 3994 C++
WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3947 C++
WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x0000000c) Line 4890 + 0x8 bytes C++
WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012f4e0, KJS::JSObject * thisObj=0x045e0000, const KJS::List & args={...}) Line 101 + 0x191 bytes C++
WebKit.dll!KJS::LocalVarFunctionCallNode::evaluate(KJS::ExecState * exec=0x0012f4e0) Line 1266 + 0x11 bytes C++
WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f4e0) Line 3994 C++
WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3947 C++
WebKit.dll!KJS::ProgramNode::execute(KJS::ExecState * exec=0x00000000) Line 4878 + 0x8 bytes C++
WebKit.dll!KJS::Interpreter::evaluate(KJS::ExecState * exec=0x7fead61c, const KJS::UString & sourceURL={...}, int startingLineNumber=70, const wchar_t * code=0x7fbc4dc0, int codeLength=165, KJS::JSValue * thisV=0x045e0000) Line 110 C++
WebKit.dll!WebCore::KJSProxy::evaluate(const WebCore::String & filename={...}, int baseLine=70, const WebCore::String & str={...}) Line 87 + 0x39 bytes C++
WebKit.dll!WebCore::FrameLoader::executeScript(const WebCore::String & url={...}, int baseLine=70, const WebCore::String & script={...}) Line 773 C++
WebKit.dll!WebCore::HTMLTokenizer::scriptExecution(const WebCore::String & str={...}, WebCore::HTMLTokenizer::State state={...}, const WebCore::String & scriptURL={...}, int baseLine=70) Line 543 C++
WebKit.dll!WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State state={...}) Line 480 + 0x1c bytes C++
WebKit.dll!WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 330 + 0xf bytes C++
WebKit.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1492 + 0x26 bytes C++
WebKit.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str=, bool appendData=) Line 1673 C++
WebKit.dll!WTF::HashMap<WebCore::Node *,WebCore::JSNode *,WTF::PtrHash<WebCore::Node *>,WTF::HashTraits<WebCore::Node *>,WTF::HashTraits<WebCore::JSNode *> >::take(WebCore::Node * const & key=) Line 333 C++
WebKit.dll!WebCore::Event::`scalar deleting destructor'() + 0x95 bytes C++
It looks like PluginPackage::createPackage is returning 0, leading to a null deref in HashTable. We should be able to fix this pretty easily by changing PluginDatabase::refresh not to call add() when createPackage returns 0. Created attachment 20737 [details]
Patch v1 with ChangeLog
Comment on attachment 20737 [details]
Patch v1 with ChangeLog
r=me
|