Bug 31467

Summary:

Chromium: [REGRESSION] Crash while stopping on a breakpoint.

Product:

WebKit

Reporter:

Pavel Feldman <pfeldman>

Component:

WebCore Misc.

Assignee:

Pavel Feldman <pfeldman>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, dglazkov, pfeldman, yurys

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
[PATCH]	abarth: review+

Pavel Feldman

Reported 2009-11-13 05:27:15 PST

Regressed in: https://bugs.webkit.org/show_bug.cgi?id=31394 > chrome.dll!WebCore::V8Proxy::retrieveWindow(v8::Handle<v8::Context> context={...}) Line 585 + 0x2b bytes C++ chrome.dll!WebCore::V8Proxy::canAccessPrivate(WebCore::DOMWindow * targetWindow=0x00c990f0) Line 889 + 0xf bytes C++ chrome.dll!WebCore::V8Proxy::canAccessFrame(WebCore::Frame * target=0x00c84000, bool reportError=true) Line 921 + 0xe bytes C++ chrome.dll!WebCore::V8Custom::v8DOMWindowEventAccessorGetter(v8::Local<v8::String> name={...}, const v8::AccessorInfo & info={...}) Line 174 + 0xb bytes C++ chrome.dll!v8::internal::Object::GetPropertyWithCallback(v8::internal::Object * receiver=0x00a77949, v8::internal::Object * structure=0x01980e31, v8::internal::String * name=0x00a8e739, v8::internal::Object * holder=0x041f1441) Line 172 + 0x26 bytes C++ chrome.dll!v8::internal::DebugLookupResultValue(v8::internal::Object * receiver=0x00a77949, v8::internal::String * name=0x00a8e739, v8::internal::LookupResult * result=0x001dd48c, bool * caught_exception=0x001dd46f) Line 5785 + 0x1d bytes C++ chrome.dll!v8::internal::Runtime_DebugGetPropertyDetails(v8::internal::Arguments args={...}) Line 5881 + 0x25 bytes C++ 00aa018b() chrome.dll!v8::internal::Invoke(bool construct=false, v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=0, v8::internal::Object * * * args=0x00000000, bool * has_pending_exception=0x001dd7e7) Line 103 + 0x19 bytes C++ chrome.dll!v8::internal::Execution::TryCall(v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=0, v8::internal::Object * * * args=0x00000000, bool * caught_exception=0x001dd7e7) Line 153 + 0x1f bytes C++ chrome.dll!v8::internal::MessageImpl::GetJSON() Line 2579 + 0x33 bytes C++ chrome.dll!DebuggerAgentManager::OnV8DebugMessage(const v8::Debug::Message & message={...}) Line 181 + 0x13 bytes C++ chrome.dll!v8::internal::Debugger::InvokeMessageHandler(v8::internal::MessageImpl message={...}) Line 2407 + 0xc bytes C++ chrome.dll!v8::internal::Debugger::NotifyMessageHandler(v8::DebugEvent event=Break, v8::internal::Handle<v8::internal::JSObject> exec_state={...}, v8::internal::Handle<v8::internal::JSObject> event_data={...}, bool auto_continue=false) Line 2204 + 0x13 bytes C++ chrome.dll!v8::internal::Debugger::ProcessDebugEvent(v8::DebugEvent event=Break, v8::internal::Handle<v8::internal::JSObject> event_data={...}, bool auto_continue=false) Line 2112 + 0x24 bytes C++ chrome.dll!v8::internal::Debugger::OnDebugBreak(v8::internal::Handle<v8::internal::Object> break_points_hit={...}, bool auto_continue=false) Line 1942 + 0x1e bytes C++ chrome.dll!v8::internal::Execution::DebugBreakHelper() Line 655 + 0x1e bytes C++ chrome.dll!v8::internal::Runtime_DebugBreak(v8::internal::Arguments args={...}) Line 5706 C++ 00aa018b() chrome.dll!v8::internal::Invoke(bool construct=false, v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=1, v8::internal::Object * * * args=0x001de104, bool * has_pending_exception=0x001de033) Line 103 + 0x19 bytes C++ chrome.dll!v8::internal::Execution::Call(v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=1, v8::internal::Object * * * args=0x001de104, bool * pending_exception=0x001de033) Line 129 + 0x1f bytes C++ chrome.dll!v8::Function::Call(v8::Handle<v8::Object> recv={...}, int argc=1, v8::Handle<v8::Value> * argv=0x001de104) Line 2384 + 0x1d bytes C++ chrome.dll!WebCore::V8Proxy::callFunction(v8::Handle<v8::Function> function={...}, v8::Handle<v8::Object> receiver={...}, int argc=1, v8::Handle<v8::Value> * args=0x001de104) Line 523 + 0x1f bytes C++ chrome.dll!WebCore::V8LazyEventListener::callListenerFunction(WebCore::ScriptExecutionContext * context=0x00ccb034, v8::Handle<v8::Value> jsEvent={...}, WebCore::Event * event=0x00c8cd80) Line 64 + 0x26 bytes C++ chrome.dll!WebCore::V8AbstractEventListener::invokeEventHandler(WebCore::ScriptExecutionContext * context=0x00ccb034, WebCore::Event * event=0x00c8cd80, v8::Handle<v8::Value> jsEvent={...}) Line 144 + 0x1f bytes C++ chrome.dll!WebCore::V8AbstractEventListener::handleEvent(WebCore::ScriptExecutionContext * context=0x00ccb034, WebCore::Event * event=0x00c8cd80) Line 90 C++ chrome.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x00c8cd80) Line 297 + 0x35 bytes C++ chrome.dll!WebCore::Node::handleLocalEvents(WebCore::Event * event=0x00c8cd80) Line 2384 C++ chrome.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}) Line 2523 + 0x1b bytes C++

Attachments
[PATCH] (3.74 KB, patch) 2009-11-13 08:34 PST, Pavel Feldman	abarth: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Yury Semikhatsky

Comment 1 2009-11-13 06:40:43 PST

In Chromium js functions from debugger context may access inspected context variables. In such cases V8Proxy::canAccessPrivate will fail because calling context is not connected with any DOMWindow.

Pavel Feldman

Comment 2 2009-11-13 08:34:00 PST

Created attachment 43158 [details] [PATCH]

Adam Barth

Comment 3 2009-11-13 09:07:03 PST

Comment on attachment 43158 [details] [PATCH] Ok. See discussion on #chromium

Pavel Feldman

Comment 4 2009-11-13 09:11:19 PST

Committing to http://svn.webkit.org/repository/webkit/trunk ... D LayoutTests/http/tests/security/calling-versus-current-expected.txt D LayoutTests/http/tests/security/calling-versus-current.html M LayoutTests/ChangeLog M WebCore/ChangeLog M WebCore/bindings/v8/V8Proxy.cpp Committed r50946

Note You need to log in before you can comment on or make changes to this bug.