Bug 31999

Summary: Crash in JSC::TypeInfo::type when moving mouse into Inspector window after calling monitorEvents(document.body)
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   

Description Adam Roben (:aroben) 2009-11-30 14:41:25 PST 
To reproduce:

1. Go to http://webkit.org/
2. Open the Inspector
3. In the Inspector's console, run this command: monitorEvents(document.body)
4. Move the mouse around the page
5. Move the mouse back over the Inspector

You'll crash in JSC::TypeInfo::type. Here's the backtrace:

>	JavaScriptCore.dll!JSC::TypeInfo::type()  Line 60 + 0x11 bytes	C++
 	JavaScriptCore.dll!JSC::JSCell::isString()  Line 144 + 0x12 bytes	C++
 	JavaScriptCore.dll!JSC::JSValue::isString()  Line 165 + 0x1e bytes	C++
 	JavaScriptCore.dll!JSC::JSValue::toString(JSC::ExecState * exec=0x05050048)  Line 260 + 0x8 bytes	C++
 	JavaScriptCore.dll!cti_op_get_by_val(void * * args=0x0012f494)  Line 1904 + 0x13 bytes	C++
 	JavaScriptCore.dll!@cti_op_convert_this@4()  + 0x10f bytes	C++
 	JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x0488b8d4, JSC::ExecState * callFrame=0x05050048, JSC::JSGlobalData * globalData=0x048859c0, JSC::JSValue * exception=0x04886610)  Line 79 + 0x24 bytes	C++
 	JavaScriptCore.dll!JSC::Interpreter::execute(JSC::FunctionExecutable * functionExecutable=0x0b57b398, JSC::ExecState * callFrame=0x0b1465b0, JSC::JSFunction * function=0x0d13b580, JSC::JSObject * thisObj=0x0797f9c0, const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x0b6ce9b0, JSC::JSValue * exception=0x04886610)  Line 679 + 0x34 bytes	C++
 	JavaScriptCore.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x0b1465b0, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...})  Line 120 + 0x4e bytes	C++
 	JavaScriptCore.dll!JSC::call(JSC::ExecState * exec=0x0b1465b0, JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...})  Line 39 + 0x2b bytes	C++
 	WebKit.dll!WebCore::callInWorld(JSC::ExecState * exec=0x0b1465b0, JSC::JSValue function={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}, WebCore::DOMWrapperWorld * isolatedWorld=0x0488b988)  Line 866 + 0x29 bytes	C++
 	WebKit.dll!WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject * globalObject=, JSC::JSValue thisValue={...})  Line 106 + 0x5b bytes	C++
 	WebKit.dll!WebCore::ScheduledAction::execute(WebCore::Document * document=0x086e5fb0)  Line 127	C++
 	WebKit.dll!WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext * context=0x086e5fe4)  Line 79	C++
 	WebKit.dll!WebCore::DOMTimer::fired()  Line 151	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal()  Line 112 + 0xf bytes	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFired()  Line 91	C++
 	WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00150e00, unsigned int message=49579, unsigned int wParam=0, long lParam=0)  Line 102 + 0x8 bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xdc bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes
Comment 1 Adam Roben (:aroben) 2009-11-30 14:42:13 PST 
<rdar://problem/7431192>
Comment 2 Adam Roben (:aroben) 2009-12-02 07:36:24 PST 
Seems likely that this is a dupe of bug 30835.
Comment 3 Adam Roben (:aroben) 2009-12-02 07:36:52 PST 

*** This bug has been marked as a duplicate of bug 30835 ***