Bug 20214

Summary: Crash in profiler dereferencing null frame or page
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: Web Inspector (Deprecated)Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: kmccullough
Priority: P2 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   

Description Oliver Hunt 2008-07-29 14:23:18 PDT 
While profiler is running it's possible to trigger a crash through the following steps:
1. Go to http://280slides.com/Editor
2. Open inspector, go to profile pane, start profile
3. hit cmd-w, cmd-n

You get the following crash (looks like the profiler is being terminated by the gc sweep, rather than the window closing):

Thread 0 Crashed:
0   com.apple.WebCore             	0x01400376 WebCore::Frame::page() const + 6 (Frame.cpp:1740)
1   com.apple.WebCore             	0x012bf528 WebCore::Console::finishedProfiling(WTF::PassRefPtr<KJS::Profile>) + 24 (Console.cpp:308)
2   com.apple.JavaScriptCore      	0x004346bb KJS::Profiler::didFinishAllExecution(KJS::ExecState*) + 267 (PassRefPtr.h:44)
3   com.apple.JavaScriptCore      	0x003ce3fe KJS::JSGlobalObject::~JSGlobalObject() + 942 (JSGlobalObject.cpp:88)
4   com.apple.WebCore             	0x0180360c WebCore::JSDOMWindowBase::~JSDOMWindowBase() + 796 (JSDOMWindowBase.cpp:242)
5   com.apple.JavaScriptCore      	0x003fbbe5 unsigned long KJS::Heap::sweep<(KJS::Heap::HeapType)0>() + 581 (collector.cpp:854)
6   com.apple.JavaScriptCore      	0x0036898f KJS::Heap::collect() + 127 (collector.cpp:948)
7   com.apple.WebCore             	0x0142b442 WebCore::Timer<WebCore::GCController>::fired() + 82 (Timer.h:99)
8   com.apple.WebCore             	0x01771959 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 137 (Timer.cpp:350)
9   com.apple.WebCore             	0x01771a22 WebCore::TimerBase::sharedTimerFired() + 162 (Timer.cpp:370)
10  com.apple.WebCore             	0x01756ea4 WebCore::timerFired(__CFRunLoopTimer*, void*) + 68 (SharedTimerMac.mm:85)
11  com.apple.CoreFoundation      	0x96cd4b45 CFRunLoopRunSpecific + 4469
12  com.apple.CoreFoundation      	0x96cd4cf8 CFRunLoopRunInMode + 88
13  com.apple.HIToolbox           	0x93c8bda4 RunCurrentEventLoopInMode + 283
14  com.apple.HIToolbox           	0x93c8bbbd ReceiveNextEventCommon + 374
15  com.apple.HIToolbox           	0x93c8ba31 BlockUntilNextEventMatchingListInMode + 106
16  com.apple.AppKit              	0x9331a505 _DPSNextEvent + 657
17  com.apple.AppKit              	0x93319db8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
18  com.apple.Safari              	0x000086be 0x1000 + 30398
19  com.apple.AppKit              	0x93312df3 -[NSApplication run] + 795
20  com.apple.AppKit              	0x932e0030 NSApplicationMain + 574
21  com.apple.Safari              	0x000ba4d6 0x1000 + 758998
Comment 1 Mark Rowe (bdash) 2008-07-29 14:25:49 PDT 
<rdar://problem/6110314>
Comment 2 Kevin McCullough 2008-07-30 13:18:28 PDT 
Committed revision 35459.