Bug 20521

Summary: Crash in KJS::Register::codeBlock() logging into Facebook
Product: WebKit Reporter: François Lamboley <webkit.org>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Major CC: jcapote, oliver, overlord.luchao, zwarich
Priority: P1 Keywords: NeedsReduction, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.5   
URL: http://www.facebook.com/
Attachments:
Description Flags
Crash log of webkit when connecting to facebook none

François Lamboley
Reported 2008-08-26 04:05:30 PDT
I went on facebook and caught an unexpected crash after I log in (the page was not completely loaded).
Attachments
Crash log of webkit when connecting to facebook (25.15 KB, text/plain)
2008-08-26 04:07 PDT, François Lamboley 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
François Lamboley
Comment 1 2008-08-26 04:07:50 PDT
Created attachment 22998 [details] Crash log of webkit when connecting to facebook
overlord.luchao
Comment 2 2008-08-26 05:40:43 PDT
This is occurring for me as well.
Matt Lilek
Comment 3 2008-08-26 07:10:09 PDT
Confirmed with r35919. ASSERTION FAILED: m_type == CodeBlockType (/Users/mlilek/Documents/WebKit/JavaScriptCore/VM/Register.h:197 KJS::CodeBlock* KJS::Register::codeBlock() const) Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x005089ee KJS::Register::codeBlock() const + 70 (Register.h:197) 1 com.apple.JavaScriptCore 0x004fc99a KJS::Machine::callFrame(KJS::ExecState*, KJS::JSFunction*) const + 110 (Machine.cpp:2969) 2 com.apple.JavaScriptCore 0x004fcc19 KJS::Machine::retrieveArguments(KJS::ExecState*, KJS::JSFunction*) const + 33 (Machine.cpp:2904) 3 com.apple.JavaScriptCore 0x0044aa75 KJS::JSFunction::argumentsGetter(KJS::ExecState*, KJS::Identifier const&, KJS::PropertySlot const&) + 55 (JSFunction.cpp:77) 4 com.apple.JavaScriptCore 0x004a611b KJS::PropertySlot::getValue(KJS::ExecState*, KJS::Identifier const&) const + 91 (PropertySlot.h:60) 5 com.apple.JavaScriptCore 0x0050912a KJS::JSValue::get(KJS::ExecState*, KJS::Identifier const&) const + 252 (JSObject.h:330) 6 com.apple.JavaScriptCore 0x0050409f KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 22939 (Machine.cpp:1925) 7 com.apple.JavaScriptCore 0x00507d1c KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 716 (Machine.cpp:853) 8 com.apple.JavaScriptCore 0x004633b1 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 139 (JSFunction.cpp:71) 9 com.apple.JavaScriptCore 0x0046344d KJS::call(KJS::ExecState*, KJS::JSValue*, KJS::CallType, KJS::CallData const&, KJS::JSValue*, KJS::ArgList const&) + 149 (CallData.cpp:39) 10 com.apple.JavaScriptCore 0x00473f8c KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::JSValue*, KJS::ArgList const&) + 494 (FunctionPrototype.cpp:107) 11 com.apple.JavaScriptCore 0x00505c87 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 30083 (Machine.cpp:2461) 12 com.apple.JavaScriptCore 0x00507d1c KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 716 (Machine.cpp:853) 13 com.apple.JavaScriptCore 0x004633b1 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 139 (JSFunction.cpp:71) 14 com.apple.JavaScriptCore 0x0046344d KJS::call(KJS::ExecState*, KJS::JSValue*, KJS::CallType, KJS::CallData const&, KJS::JSValue*, KJS::ArgList const&) + 149 (CallData.cpp:39) 15 com.apple.WebCore 0x03863022 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 664 (JSEventListener.cpp:97)
Matt Lilek
Comment 4 2008-08-26 07:15:49 PDT
*** Bug 20524 has been marked as a duplicate of this bug. ***
Cameron Zwarich (cpst)
Comment 5 2008-08-26 07:19:23 PDT
This is another case of bug 20516, and the fix posted there also fixes this bug. I am not sure when I'll get to make a layout test, but the Facebook login code might be easier to reduce than the Gmail code. *** This bug has been marked as a duplicate of 20516 ***
Note You need to log in before you can comment on or make changes to this bug.