Bug 20386

Summary: REGRESSION (r35445): In Gmail, a crash occurs at KJS::Machine::privateExecute() when applying list styling to text after a quote had been removed
Product: WebKit Reporter: Geoffrey Garen <ggaren>
Component: JavaScriptCoreAssignee: Cameron Zwarich (cpst) <zwarich>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, oliver, zwarich
Priority: P1 Keywords: InRadar, NeedsReduction, Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://gmail.com
Attachments:
Description Flags
fix none

Geoffrey Garen
Reported 2008-08-14 14:09:03 PDT
* SUMMARY In Gmail, a crash occurs at KJS::Machine::privateExecute() when applying list styling to text after a quote had been removed This looks like a crash in JS core but sending to Justin to take a look. * STEPS TO REPRODUCE 1. With TOT , log into your Gmail account. 2. Create a rich text message and type the following: oranges<return>limes 3.Select both words and click on the Numbered list icon 4. After list has been applied, press the indent more icon so the selected list indents. 5. With this list still selected, click the Quote toolbar icon 6. With the quote applied, click the Unordered list icon once 7. Notice the quote is removed and the list is now unordered. However, the selection around this list is removed. 8. At this point, click the Unordered list icon again 9. A crash occurs now. Process: Safari [1869] Path: /Volumes/Untitled/Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.1.2 (5525.20.1) Build Info: WebBrowser-55252001~1 Code Type: X86 (Native) Parent Process: bash [1696] Date/Time: 2008-08-14 12:12:32.272 -0700 OS Version: Mac OS X 10.5.4 (9E17) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000004 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x003c3242 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 6834 1 com.apple.JavaScriptCore 0x003cba0b KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 731 2 com.apple.JavaScriptCore 0x00352586 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 102 3 com.apple.JavaScriptCore 0x0037b64c KJS::functionProtoFuncCall(KJS::ExecState*, KJS::JSObject*, KJS::JSValue*, KJS::ArgList const&) + 252 4 com.apple.JavaScriptCore 0x003ca9ef KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 37471 5 com.apple.JavaScriptCore 0x003cba0b KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 731 6 com.apple.JavaScriptCore 0x00352586 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 102 7 com.apple.JavaScriptCore 0x0037b990 KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::JSValue*, KJS::ArgList const&) + 560 8 com.apple.JavaScriptCore 0x003ca9ef KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 37471 9 com.apple.JavaScriptCore 0x003cba0b KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 731 10 com.apple.JavaScriptCore 0x00352586 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 102 11 com.apple.JavaScriptCore 0x0037b64c KJS::functionProtoFuncCall(KJS::ExecState*, KJS::JSObject*, KJS::JSValue*, KJS::ArgList const&) + 252 12 com.apple.JavaScriptCore 0x003ca9ef KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 37471 13 com.apple.JavaScriptCore 0x003cba0b KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 731 14 com.apple.JavaScriptCore 0x00352586 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 102 15 com.apple.WebCore 0x00df4ddd WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1261 16 com.apple.WebCore 0x00d68c26 WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode*, WebCore::Event*, bool) + 182 17 com.apple.WebCore 0x00d68b4f WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 79 18 com.apple.WebCore 0x00d685e6 WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode*, WTF::PassRefPtr<WebCore::Event>, int&, bool) + 454 19 com.apple.WebCore 0x00d6832f WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 255 20 com.apple.WebCore 0x00ef6e1a WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 746 21 com.apple.WebCore 0x00ef6ae5 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 165 22 com.apple.WebCore 0x00ef65cb WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 107 23 com.apple.WebCore 0x00e7661b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 731 24 com.apple.WebCore 0x00e76249 WebCore::EventHandler::mouseUp(NSEvent*) + 393 25 com.apple.WebKit 0x001a60bc -[WebHTMLView mouseUp:] + 220 26 com.apple.WebCore 0x00eae70e WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*, WebCore::HitTestResult*) + 558 27 com.apple.WebCore 0x00ed7ae7 WebCore::EventHandler::passMouseReleaseEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 39 28 com.apple.WebCore 0x00e76508 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 456 29 com.apple.WebCore 0x00e76249 WebCore::EventHandler::mouseUp(NSEvent*) + 393 30 com.apple.WebKit 0x001a60bc -[WebHTMLView mouseUp:] + 220 31 com.apple.AppKit 0x903f8929 -[NSWindow sendEvent:] + 5539 32 com.apple.Safari 0x0002bb53 0x1000 + 174931 33 com.apple.AppKit 0x903c5431 -[NSApplication sendEvent:] + 2941 34 com.apple.Safari 0x0002b5d8 0x1000 + 173528 35 com.apple.AppKit 0x90322e27 -[NSApplication run] + 847 36 com.apple.AppKit 0x902f0030 NSApplicationMain + 574 37 com.apple.Safari 0x000ba4d6 0x1000 + 758998 Thread 1: 0 libSystem.B.dylib 0x9351168e __semwait_signal + 10 1 libSystem.B.dylib 0x9353c36d pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x00d0945f WebCore::IconDatabase::syncThreadMainLoop() + 239 3 com.apple.WebCore 0x00cc3045 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 4 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 5 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x9350a4a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x93511c9c mach_msg + 72 2 com.apple.CoreFoundation 0x93d7d0ce CFRunLoopRunSpecific + 1790 3 com.apple.CoreFoundation 0x93d7dcf8 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x91a16a32 CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 6 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x9350a4a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x93511c9c mach_msg + 72 2 com.apple.CoreFoundation 0x93d7d0ce CFRunLoopRunSpecific + 1790 3 com.apple.CoreFoundation 0x93d7dcf8 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x925e1460 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x9257df1d -[NSThread main] + 45 6 com.apple.Foundation 0x9257dac4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 8 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x9355a5e2 select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 2 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x9350a4a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x93511c9c mach_msg + 72 2 ...romedia.Flash Player.plugin 0x1aa0b959 memcopy_mmx + 709497 3 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 4 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 6: 0 libSystem.B.dylib 0x9350a4ee semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x9353c866 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x93582371 pthread_cond_wait + 48 3 ...romedia.Flash Player.plugin 0x1a8d2928 0x1a540000 + 3746088 4 ...romedia.Flash Player.plugin 0x1a90a230 Flash_EnforceLocalSecurity + 125000 5 ...romedia.Flash Player.plugin 0x1a8d2bd2 0x1a540000 + 3746770 6 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 7 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 7: 0 libSystem.B.dylib 0x9350a4ee semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x9353c866 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x93582371 pthread_cond_wait + 48 3 ...romedia.Flash Player.plugin 0x1a8d2928 0x1a540000 + 3746088 4 ...romedia.Flash Player.plugin 0x1a90a230 Flash_EnforceLocalSecurity + 125000 5 ...romedia.Flash Player.plugin 0x1a8d2bd2 0x1a540000 + 3746770 6 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 7 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 8: 0 libSystem.B.dylib 0x9350a506 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x9353c84f _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x9353e0d3 pthread_cond_timedwait_relative_np + 47 3 com.apple.Foundation 0x925c3e8c -[NSCondition waitUntilDate:] + 236 4 com.apple.Foundation 0x925c3ca0 -[NSConditionLock lockWhenCondition:beforeDate:] + 144 5 com.apple.Foundation 0x925c3c05 -[NSConditionLock lockWhenCondition:] + 69 6 com.apple.AppKit 0x90390470 -[NSUIHeartBeat _heartBeatThread:] + 753 7 com.apple.Foundation 0x9257df1d -[NSThread main] + 45 8 com.apple.Foundation 0x9257dac4 __NSThread__main__ + 308 9 libSystem.B.dylib 0x9353b6f5 _pthread_start + 321 10 libSystem.B.dylib 0x9353b5b2 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000001 ebx: 0x003c17a1 ecx: 0x00000000 edx: 0x00000001 edi: 0x17db7a8c esi: 0xfffffdf6 ebp: 0xbfffc238 esp: 0xbfffb690 ss: 0x0000001f efl: 0x00010246 eip: 0x003c3242 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000004 Binary Images: 0x1000 - 0x133fef com.apple.Safari 3.1.2 (5525.20.1) <b8911db3c9f4e89257f40775a27be7c6> /Volumes/Untitled/Applications/Safari.app/Contents/MacOS/Safari 0x17b000 - 0x247fe7 com.apple.WebKit 5528 (5528.2) <69271d332a60965fd09c2a072fa94c09> /Volumes/Untitled/release/WebKit.framework/Versions/A/WebKit 0x2dc000 - 0x2ebff8 SyndicationUI ??? (???) <edde0133829971dbd8a0f3473cdb85fc> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x2fb000 - 0x3e3fef com.apple.JavaScriptCore 5528 (5528.2) <0a74333133dba87ad67f9e86f9d646f2> /Volumes/Untitled/release/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x7a4000 - 0x7a9ff3 libCGXCoreImage.A.dylib ??? (???) <32265ec157db98a33c5dcf0e6687dec2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0xcbc000 - 0x148cfff com.apple.WebCore 5528 (5528.2) <8aabbb8da73643a1ddc667f4bb7759f7> /Volumes/Untitled/release/WebCore.framework/Versions/A/WebCore 0x1978000 - 0x1a96ff7 com.apple.RawCamera.bundle 2.0.7 (2.0.7) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x172a0000 - 0x172a0ffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <2da800f2bba7c0670773b6305fe7625e> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x17c37000 - 0x17c3effd com.apple.JavaVM 12.0.2 (12.0.2) <2cd4cd0edace299c1d5231657d107b54> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x1a540000 - 0x1ab40ffb +com.macromedia.Flash Player.plugin 9.0.124 (1.0.4f60) <8355dcf076564b6784c517fd0eccb2f2> /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x1ac81000 - 0x1aca0fed com.apple.audio.CoreAudioKit 1.5 (1.5) <82f2e52c502db7f3b32349a54209a0fe> /System/Library/Frameworks/CoreAudioKit.framework/Versions/A/CoreAudioKit 0x8fe00000 - 0x8fe2da53 dyld 96.2 (???) <14ac3b684fa5a31932fa89c4bba7a29b> /usr/lib/dyld 0x90003000 - 0x9013bff7 libicucore.A.dylib ??? (???) <5031226ea28b371d8dfdbb32acfb48b5> /usr/lib/libicucore.A.dylib 0x9013c000 - 0x902bbfff com.apple.AddressBook.framework 4.1.1 (695) <24a448ba4f9f784189bd3183e3474d81> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x902e7000 - 0x902e8ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x902e9000 - 0x902e9ffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x902ea000 - 0x90ae7fef com.apple.AppKit 6.5.3 (949.33) <84b236f43802f4c15011513d18efa101> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x90ae8000 - 0x90af3ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x90b67000 - 0x90b8ffff libcups.2.dylib ??? (???) <ece20dff2a2c8ed3ae6ef735ef440c37> /usr/lib/libcups.2.dylib 0x90b90000 - 0x90b9ffff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x90ba0000 - 0x90d6efff com.apple.security 5.0.4 (34102) <f01d6cbd6a0f24f6c13952ed448e77d6> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x90d6f000 - 0x90db0fe7 libRIP.A.dylib ??? (???) <c8d988d3880d7268468112c64c626d86> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x90db1000 - 0x90e63ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x90e64000 - 0x90e82ff3 com.apple.DirectoryService.Framework 3.5.4 (3.5.4) <fe27e80e1a9e86403fd9ed16dcfe4e11> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x90e83000 - 0x90e9bfff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x90e9c000 - 0x90ea4fff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x914f6000 - 0x915bdff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x916c3000 - 0x919caff7 com.apple.HIToolbox 1.5.3 (???) <e36f5c553e5a32f64b7eb458dadadc71> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x919cb000 - 0x919daffe com.apple.DSObjCWrappers.Framework 1.3 (1.3) <09deb9e32d0d09dfb95ae569bdd2b7a4> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x919db000 - 0x91a0afe3 com.apple.AE 402.2 (402.2) <e01596187e91af5d48653920017b8c8e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91a0b000 - 0x91a8dff3 com.apple.CFNetwork 330.4 (330.4) <ce5b085df34a78b7f198aff9db5b52ec> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91a94000 - 0x91ac1feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91ac2000 - 0x91b8dfff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x91c01000 - 0x91c01ff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x91ccc000 - 0x91cecff2 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x91ced000 - 0x91dd2ff3 com.apple.CoreData 100.1 (186) <8e28162ef2288692615b52acc01f8b54> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x91dd3000 - 0x91deeff3 libPng.dylib ??? (???) <c0484bec6e2432b406755591924fe664> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91def000 - 0x91dffffc com.apple.LangAnalysis 1.6.4 (1.6.4) <8b7831b5f74a950a56cf2d22a2d436f6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91e01000 - 0x91e4bfe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x91e4c000 - 0x9220afea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9220b000 - 0x92212ff7 libCGATS.A.dylib ??? (???) <57f0aa6c1b3caaa19980ce4c8ff5dbf0> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x92213000 - 0x9223bff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x9223c000 - 0x9223ffff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92240000 - 0x9224afeb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x9224b000 - 0x92256fe7 libCSync.A.dylib ??? (???) <8011fc1963cebdde0c6f101dbee5afd7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x9228c000 - 0x92308feb com.apple.audio.CoreAudio 3.1.0 (3.1) <fd70d88739fd63baf0b05a18999ea080> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x924c5000 - 0x92521ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92573000 - 0x927eefe7 com.apple.Foundation 6.5.5 (677.19) <bfd4ebea1a7739dd6b523f15dca01a37> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x927ef000 - 0x92848ff7 libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92849000 - 0x92903fe3 com.apple.CoreServices.OSServices 226.5 (226.5) <7e10d25c615a39fe1ab4d48e24a3b555> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x92936000 - 0x92938ff5 libRadiance.dylib ??? (???) <717692320ef764beb41c8c791c9c60a4> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x92a9a000 - 0x92ad4fff com.apple.coreui 1.1 (61) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x92ae2000 - 0x92ae9fff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x92aea000 - 0x92b15fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib 0x92b16000 - 0x92b73ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x92c32000 - 0x92c56feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x92c57000 - 0x92c75fff libresolv.9.dylib ??? (???) <9602435a6eac87a0d1f41b8ca8541693> /usr/lib/libresolv.9.dylib 0x92d6b000 - 0x92dd1ffb com.apple.ISSupport 1.7 (38) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x92dd2000 - 0x92e11fef libTIFF.dylib ??? (???) <ee028aa1fc27ae5fda6b10fee10b2ed2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x92e6f000 - 0x92eb1fef com.apple.NavigationServices 3.5.2 (163) <91844980804067b07a0b6124310d3f31> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92eb7000 - 0x92eb7ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x92eb8000 - 0x92eb8fff com.apple.Carbon 136 (136) <27d42531a2cbeb05a7f4d05a28281bd7> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92eb9000 - 0x92ef7ff7 libGLImage.dylib ??? (???) <093b1b698ca93a0380f5fa262459ea28> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x92ef8000 - 0x92efcfff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x92f3f000 - 0x92f3fffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x92f40000 - 0x92f45fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92f46000 - 0x92fa0ff7 com.apple.CoreText 2.0.2 (???) <9fde11f84a72e890bbf2aa8b0b13b79a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x92ff0000 - 0x93014fff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x93015000 - 0x93034ffa libJPEG.dylib ??? (???) <c49cd4df9300255aa9d0bab6381586f4> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x93035000 - 0x93508ffe libGLProgrammability.dylib ??? (???) <475db64244e011cd8811e076035b2632> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x93509000 - 0x93669ff3 libSystem.B.dylib ??? (???) <98fc91f31f185411ddc46d3225e9af55> /usr/lib/libSystem.B.dylib 0x9366a000 - 0x9371afff edu.mit.Kerberos 6.0.12 (6.0.12) <1dc515ebe407292db8e603938c72d4e8> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x9371b000 - 0x937a6fff com.apple.framework.IOKit 1.5.1 (???) <60cfc4b175c4ef60bb8e9036716a29f4> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x937a7000 - 0x937a9fff com.apple.CrashReporterSupport 10.5.2 (157) <9d27f1fdd6a05b42f59b75da39d5940f> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x9384d000 - 0x938c7ff8 com.apple.print.framework.PrintCore 5.5.3 (245.3) <222dade7b33b99708b8c09d1303f93fc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x938c8000 - 0x939a9ff7 libxml2.2.dylib ??? (???) <1baef3d4972ee789d8fa6c1fa44da45c> /usr/lib/libxml2.2.dylib 0x93a8b000 - 0x93b8cfef com.apple.PubSub 1.0.3 (65.1.1) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x93bb3000 - 0x93cd7fe3 com.apple.audio.toolbox.AudioToolbox 1.5.1 (1.5.1) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93cd8000 - 0x93d0afff com.apple.LDAPFramework 1.4.4 (108) <00542ef6515aeb41a22ce0004a75b519> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x93d0b000 - 0x93e3dfff com.apple.CoreFoundation 6.5.3 (476.14) <7ef7f5db09ff6dd0135a6165872803cc> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x93e83000 - 0x93e91ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x93e92000 - 0x93ec9fff com.apple.SystemConfiguration 1.9.2 (1.9.2) <8b26ebf26a009a098484f1ed01ec499c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x93fdf000 - 0x940befff libobjc.A.dylib ??? (???) <a53206274b6c2d42691f677863f379ae> /usr/lib/libobjc.A.dylib 0x940bf000 - 0x944cffef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x944d0000 - 0x944d0ffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x944d1000 - 0x94507fef libtidy.A.dylib ??? (???) <f1d1742e06280444baa5637b209fd0af> /usr/lib/libtidy.A.dylib 0x94771000 - 0x94e0dfff com.apple.CoreGraphics 1.351.31 (???) <c97a42498636b2596764e48669f98e00> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x94e3f000 - 0x94ebcfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x94ebd000 - 0x94f03fef com.apple.Metadata 10.5.2 (398.18) <9466e348fc3c1fece377ae1238fe74a7> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x94f04000 - 0x94f54ff7 com.apple.HIServices 1.7.0 (???) <f7e78891a6d08265c83dca8e378be1ea> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x94f55000 - 0x94ffcfeb com.apple.QD 3.11.52 (???) <c72bd7bd2ce12694c3640a731d1ad878> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x94ffd000 - 0x94ffffff com.apple.securityhi 3.0 (30817) <31baaf7ea27b41480604ffc910fe827f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9500a000 - 0x95089ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x9508a000 - 0x95090fff com.apple.print.framework.Print 218.0.2 (220.1) <8bf7ef71216376d12fcd5ec17e43742c> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x95091000 - 0x95091ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x95092000 - 0x9511eff7 com.apple.LaunchServices 289.2 (289.2) <3577886e3a6d56ee3949850c4fde76c9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x9511f000 - 0x95126fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x95127000 - 0x9526dff7 com.apple.ImageIO.framework 2.0.2 (2.0.2) <77dfee73f4c0d230425a5151ee0bce05> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9533d000 - 0x95341fff libGIF.dylib ??? (???) <da31dae328e9310f0ee0e760e1934d10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x95342000 - 0x953c9ff7 libsqlite3.0.dylib ??? (???) <6978bbcca4277d6ae9f042beff643f7d> /usr/lib/libsqlite3.0.dylib 0x953fa000 - 0x9540eff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x9540f000 - 0x9540fffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x96556000 - 0x96877fea com.apple.QuickTime 7.5.0 (861) <e984a233c65e2182e853d71a9e0cdaeb> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x96878000 - 0x96884fe7 com.apple.opengl 1.5.6 (1.5.6) <125de77ea2434a91364e79a0905a7771> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x96885000 - 0x96918fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x96919000 - 0x96929fff com.apple.speech.synthesis.framework 3.7.1 (3.7.1) <06d8fc0307314f8ffc16f206ad3dbf44> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x9692a000 - 0x96cc0fff com.apple.QuartzCore 1.5.3 (1.5.3) <1b65c05f89e81a499302fd63295b242d> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x96e07000 - 0x96e41ffe com.apple.securityfoundation 3.0 (32989) <36f7f260187c435b2670bcb24acd4219> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x96e42000 - 0x96ed5ff3 com.apple.ApplicationServices.ATS 3.3 (???) <064eb6d96417afa38a80b1735c4113aa> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x96ed6000 - 0x971b0ff3 com.apple.CoreServices.CarbonCore 786.4 (786.4) <059c4803a7a95e3c1a95a332baeb1edf> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x971b1000 - 0x971c7fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x971c8000 - 0x97252fe3 com.apple.DesktopServices 1.4.6 (1.4.6) <1abd4175c3089704be6824c073f7cc33> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x97253000 - 0x97269fe7 com.apple.CoreVideo 1.5.1 (1.5.1) <3b35ff269d9962d11251ec027ef3f9da> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x9726a000 - 0x97271ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x97272000 - 0x97277fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x97278000 - 0x97281fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <73cf6b3c5ddf94d7ce9ae2c81c1b558c> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x97283000 - 0x97283ffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
Attachments
fix (1.48 KB, patch)
2008-08-17 06:02 PDT, Oliver Hunt 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Cameron Zwarich (cpst)
Comment 1 2008-08-16 14:27:23 PDT
I am assigning this to myself.
Cameron Zwarich (cpst)
Comment 2 2008-08-16 15:28:56 PDT
This works in r35417, but it crashes in r35531. Since this is the same range as bug 20391, it seems like they might be the same bug. It crashes in the same opcode, get_scoped_var, but it hits ASSERT(iter != end); instead of crashing on a later line. I'll bisect to find the exact point of regression.
Cameron Zwarich (cpst)
Comment 3 2008-08-17 03:54:21 PDT
The revision that causes this is r34445: http://trac.webkit.org/changeset/35445 It seems that the scope chain is being unwound too far. I'll try to make a test case.
Oliver Hunt
Comment 4 2008-08-17 05:53:00 PDT
Thr problem is that the depth() function does not account for a 0-depth function not having a full scope chain node. I have patch that rectifies this. SImple test case : function runTest() { var test = "FAIL"; with({test:"PASS"}) (function () { try { throw ""; } finally { print(test); }})() } runTest();
Oliver Hunt
Comment 5 2008-08-17 06:02:46 PDT
Created attachment 22842 [details] fix
Oliver Hunt
Comment 6 2008-08-17 16:39:30 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/VM/Machine.cpp M LayoutTests/ChangeLog A LayoutTests/fast/js/exception-try-finally-scope-error-expected.txt A LayoutTests/fast/js/exception-try-finally-scope-error.html A LayoutTests/fast/js/resources/exception-try-finally-scope-error.js Committed r35812
Note You need to log in before you can comment on or make changes to this bug.