Bug 21578

Summary: Crash using the JavaScript debugger, JSQuarantinedObjectWrapper related?
Product: WebKit Reporter: Mark Luffel <markluffel>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Critical CC: ggaren, jikanter, joepeck
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
forgot to append the backtrace to the last confirmation. here it is. none

Description Mark Luffel 2008-10-13 14:00:15 PDT 
When using the JavaScript debugger, sorry I can't remember any more detail than that.

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000038
Crashed Thread:  0

Thread 0 Crashed:
0   com.apple.JavaScriptCore      	0x002fa341 JSC::InternalFunction::name(JSC::ExecState*) + 17
1   com.apple.WebCore             	0x01441413 WebCore::jsJavaScriptCallFrameFunctionName(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot const&) + 35
2   com.apple.WebCore             	0x0141c163 WebCore::JSQuarantinedObjectWrapper::getOwnPropertySlot(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) + 227



Process:         Safari [209]
Path:            /Applications/WebKit.app/Contents/MacOS/WebKit
Identifier:      org.webkit.nightly.WebKit
Version:         r37126 (37126)
Code Type:       X86 (Native)
Parent Process:  launchd [162]

Date/Time:       2008-10-13 16:54:05.082 -0400
OS Version:      Mac OS X 10.5.5 (9F33)
Report Version:  6
Comment 1 Jordan Kanter 2010-08-22 10:18:41 PDT 
I can reproduce this bug on a macbook air 10.6. I attached the crash trace.
Also, as a test case:

Download the tinyMCE editor, version 3.3.8 from http://moxiecode.com

Run Safari.

Open the debugger (Via Develop->Web Inspector).

Open a page containing a full implementation of the editor hosted on the local host via the package you just downloaded.

Insert some text. 

Click the "Omega" Button (looks like an arch, right next to the left of the smiley.

Attempt to insert the "minutes/fee" symbol (fifth from the right, top row). 

Watch Browser crash.
Comment 2 Jordan Kanter 2010-08-22 10:22:08 PDT 
Created attachment 65062 [details]
forgot to append the backtrace to the last confirmation. here it is.
Comment 3 Geoffrey Garen 2010-08-24 10:39:39 PDT 
<rdar://problem/8347979>
Comment 4 Joseph Pecoraro 2014-08-05 12:13:00 PDT 
JSQuarantinedObjectWrapper does not exist anymore. Things have changed significantly by now. Please file a new bug if you encounter crashes in the JS debugger.