Bug 20214
| Summary: | Crash in profiler dereferencing null frame or page | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Oliver Hunt <oliver> |
| Component: | Web Inspector (Deprecated) | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | kmccullough |
| Priority: | P2 | Keywords: | HasReduction, InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.5 | ||
Oliver Hunt
While profiler is running it's possible to trigger a crash through the following steps:
1. Go to http://280slides.com/Editor
2. Open inspector, go to profile pane, start profile
3. hit cmd-w, cmd-n
You get the following crash (looks like the profiler is being terminated by the gc sweep, rather than the window closing):
Thread 0 Crashed:
0 com.apple.WebCore 0x01400376 WebCore::Frame::page() const + 6 (Frame.cpp:1740)
1 com.apple.WebCore 0x012bf528 WebCore::Console::finishedProfiling(WTF::PassRefPtr<KJS::Profile>) + 24 (Console.cpp:308)
2 com.apple.JavaScriptCore 0x004346bb KJS::Profiler::didFinishAllExecution(KJS::ExecState*) + 267 (PassRefPtr.h:44)
3 com.apple.JavaScriptCore 0x003ce3fe KJS::JSGlobalObject::~JSGlobalObject() + 942 (JSGlobalObject.cpp:88)
4 com.apple.WebCore 0x0180360c WebCore::JSDOMWindowBase::~JSDOMWindowBase() + 796 (JSDOMWindowBase.cpp:242)
5 com.apple.JavaScriptCore 0x003fbbe5 unsigned long KJS::Heap::sweep<(KJS::Heap::HeapType)0>() + 581 (collector.cpp:854)
6 com.apple.JavaScriptCore 0x0036898f KJS::Heap::collect() + 127 (collector.cpp:948)
7 com.apple.WebCore 0x0142b442 WebCore::Timer<WebCore::GCController>::fired() + 82 (Timer.h:99)
8 com.apple.WebCore 0x01771959 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 137 (Timer.cpp:350)
9 com.apple.WebCore 0x01771a22 WebCore::TimerBase::sharedTimerFired() + 162 (Timer.cpp:370)
10 com.apple.WebCore 0x01756ea4 WebCore::timerFired(__CFRunLoopTimer*, void*) + 68 (SharedTimerMac.mm:85)
11 com.apple.CoreFoundation 0x96cd4b45 CFRunLoopRunSpecific + 4469
12 com.apple.CoreFoundation 0x96cd4cf8 CFRunLoopRunInMode + 88
13 com.apple.HIToolbox 0x93c8bda4 RunCurrentEventLoopInMode + 283
14 com.apple.HIToolbox 0x93c8bbbd ReceiveNextEventCommon + 374
15 com.apple.HIToolbox 0x93c8ba31 BlockUntilNextEventMatchingListInMode + 106
16 com.apple.AppKit 0x9331a505 _DPSNextEvent + 657
17 com.apple.AppKit 0x93319db8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
18 com.apple.Safari 0x000086be 0x1000 + 30398
19 com.apple.AppKit 0x93312df3 -[NSApplication run] + 795
20 com.apple.AppKit 0x932e0030 NSApplicationMain + 574
21 com.apple.Safari 0x000ba4d6 0x1000 + 758998
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Rowe (bdash)
<rdar://problem/6110314>
Kevin McCullough
Committed revision 35459.