Bug 19038

Summary: Crash in JavaScriptDebugServer::returnEvent when inspecting an attached Inspector
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: Web Inspector (Deprecated)Assignee: Timothy Hatcher <timothy>
Status: RESOLVED FIXED    
Severity: Normal CC: mrowe, rik, timothy
Priority: P2 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
testcase
none
Proposed patch kmccullough: review+

Adam Roben (:aroben)
Reported 2008-05-13 16:35:05 PDT
I'm seeing a crash in JavaScriptDebugServer::returnEvent when inspecting an Inspector that is attached as a debugger. Steps to reproduce: 1. Go to any page 2. Open the Inspector and attach its debugger 3. Right-click in the Inspector and choose Inspect Element m_currentCallFrame is 0. > WebKit_debug.dll!WebCore::JavaScriptCallFrame::invalidate() Line 42 + 0x11 bytes C++ WebKit_debug.dll!WebCore::JavaScriptDebugServer::returnEvent(KJS::ExecState * exec=0x0012f104, int sourceID=120, int lineNumber=265, KJS::JSObject * __formal=0x05c06600) Line 455 C++ WebKit_debug.dll!KJS::FunctionBodyNodeWithDebuggerHooks::execute(KJS::ExecState * exec=0x0012f104) Line 4912 + 0x2e bytes C++ WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f3ac, KJS::JSObject * thisObj=0x05c06900, const KJS::List & args={...}) Line 78 + 0x21 bytes C++ WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012f3ac, KJS::JSObject * thisObj=0x05c06900, const KJS::List & args={...}) Line 99 + 0x1b bytes C++ WebKit_debug.dll!KJS::functionProtoFuncApply(KJS::ExecState * exec=0x0012f3ac, KJS::JSObject * thisObj=0x05c06600, const KJS::List & args={...}) Line 107 + 0x14 bytes C++ WebKit_debug.dll!KJS::PrototypeFunction::callAsFunction(KJS::ExecState * exec=0x0012f3ac, KJS::JSObject * thisObj=0x05c06600, const KJS::List & args={...}) Line 905 + 0x16 bytes C++ WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012f3ac, KJS::JSObject * thisObj=0x05c06600, const KJS::List & args={...}) Line 99 + 0x1b bytes C++ WebKit_debug.dll!KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState * exec=0x0012f3ac) Line 1495 + 0x14 bytes C++ WebKit_debug.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012f3ac) Line 1501 C++ WebKit_debug.dll!KJS::ReturnNode::execute(KJS::ExecState * exec=0x0012f3ac) Line 4354 + 0x21 bytes C++ WebKit_debug.dll!KJS::BreakpointCheckStatement::execute(KJS::ExecState * exec=0x0012f3ac) Line 420 + 0x21 bytes C++ WebKit_debug.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x0012f3ac) Line 3946 + 0x29 bytes C++ WebKit_debug.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f3ac) Line 3971 + 0x10 bytes C++ WebKit_debug.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x0012f3ac) Line 4891 C++ WebKit_debug.dll!KJS::FunctionBodyNodeWithDebuggerHooks::execute(KJS::ExecState * exec=0x0012f3ac) Line 4907 + 0xc bytes C++ WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0795b3d0, KJS::JSObject * thisObj=0x072f6140, const KJS::List & args={...}) Line 78 + 0x21 bytes C++ WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0795b3d0, KJS::JSObject * thisObj=0x072f6140, const KJS::List & args={...}) Line 99 + 0x1b bytes C++ WebKit_debug.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event * ele=0x0804c240, bool isWindowEvent=false) Line 100 + 0x14 bytes C++ WebKit_debug.dll!WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode * referenceNode=0x07c31de0, WebCore::Event * evt=0x0804c240, bool useCapture=false) Line 314 + 0x2e bytes C++ WebKit_debug.dll!WebCore::EventTargetNode::handleLocalEvents(WebCore::Event * evt=0x0804c240, bool useCapture=false) Line 106 C++ WebKit_debug.dll!WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode * referenceNode=0x07c31de0, WTF::PassRefPtr<WebCore::Event> e={...}, int & __formal=0, bool tempEvent=true) Line 212 + 0x1d bytes C++ WebKit_debug.dll!WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event> e={...}, int & ec=0, bool tempEvent=true) Line 121 + 0x1e bytes C++ WebKit_debug.dll!WebCore::EventTargetNode::dispatchHTMLEvent(const WebCore::AtomicString & eventType={...}, bool canBubbleArg=false, bool cancelableArg=false) Line 358 C++ WebKit_debug.dll!WebCore::HTMLScriptElement::notifyFinished(WebCore::CachedResource * o=0x078b2fe8) Line 167 C++ WebKit_debug.dll!WebCore::CachedScript::checkNotify() Line 95 + 0x13 bytes C++ WebKit_debug.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 86 C++ WebKit_debug.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader * loader=0x0804b620) Line 269 C++ WebKit_debug.dll!WebCore::SubresourceLoader::didFinishLoading() Line 193 + 0x21 bytes C++ WebKit_debug.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x07b08198) Line 389 + 0xf bytes C++ WebKit_debug.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x07c753f8, const void * clientInfo=0x07b08198) Line 117 + 0x1e bytes C++
Attachments
testcase (554 bytes, text/html)
2008-05-14 14:31 PDT, Adam Roben (:aroben) 		no flags
Details
Proposed patch (10.46 KB, patch)
2008-05-14 18:42 PDT, Timothy Hatcher 		kmccullough: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-05-13 16:36:17 PDT
<rdar://problem/5933443>
Timothy Hatcher
Comment 2 2008-05-13 18:36:23 PDT
The callEvent and returnEvent calls seem to unbalanced.
Adam Roben (:aroben)
Comment 3 2008-05-14 14:31:33 PDT
Created attachment 21137 [details] testcase
Timothy Hatcher
Comment 4 2008-05-14 18:42:04 PDT
Created attachment 21149 [details] Proposed patch
Timothy Hatcher
Comment 5 2008-05-14 18:59:58 PDT
Landed in r33473.
Adam Roben (:aroben)
Comment 6 2008-05-14 21:47:56 PDT
Comment on attachment 21149 [details] Proposed patch @@ -457,9 +530,8 @@ bool JavaScriptDebugServer::returnEvent(ExecState* exec, int sourceID, int lineN { if (m_paused) return true; + updateCurrentCallFrame(m_currentCallFrame, exec, sourceID, lineNumber, m_pauseOnExecState); pauseIfNeeded(exec, sourceID, lineNumber); - m_currentCallFrame->invalidate(); - m_currentCallFrame = m_currentCallFrame->caller(); return true; } Doesn't this change reintroduce the bug that was fixed by r33453? <http://trac.webkit.org/changeset/33453>
Adam Roben (:aroben)
Comment 7 2008-05-14 21:48:40 PDT
(In reply to comment #6) > (From update of attachment 21149 [details] [edit]) > @@ -457,9 +530,8 @@ bool JavaScriptDebugServer::returnEvent(ExecState* exec, > int sourceID, int lineN > { > if (m_paused) > return true; > + updateCurrentCallFrame(m_currentCallFrame, exec, sourceID, lineNumber, > m_pauseOnExecState); > pauseIfNeeded(exec, sourceID, lineNumber); > - m_currentCallFrame->invalidate(); > - m_currentCallFrame = m_currentCallFrame->caller(); > return true; > } > > Doesn't this change reintroduce the bug that was fixed by r33453? > <http://trac.webkit.org/changeset/33453> (We really need a testcase for that bug, btw!)
Timothy Hatcher
Comment 8 2008-05-14 22:25:26 PDT
I doesn't reintroduce that bug because things are updated more with atStatement.
Note You need to log in before you can comment on or make changes to this bug.