Bug 41352
| Summary: | REGRESSION (r62052): Many regression tests crashing on Windows in JSLazyEventListener::initializeJSFunction | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Adam Roben (:aroben) <aroben> |
| Component: | DOM | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ap, beidson |
| Priority: | P2 | Keywords: | InRadar, LayoutTestFailure, Regression |
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | All | ||
| URL: | http://build.webkit.org/builders/Windows%20Debug%20%28Tests%29/builds/15667/steps/layout-test/logs/stdio | ||
Adam Roben (:aroben)
r62052 introduced crashes inside JSLazyEventListener::initializeFunction. The problematic line is:
static_cast<JSNode*>(wrapper())->pushEventHandlerScope(exec, scope);
In the crashing case, wrapper() is a JSGlobalObject, not a JSNode, so the cast is invalid.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Adam Roben (:aroben)
Note that r62052 was part of bug 40484.
Adam Roben (:aroben)
<rdar://problem/8141484>
Adam Roben (:aroben)
Here's a backtrace in a crashing case:
> WebKit.dll!WebCore::JSLazyEventListener::initializeJSFunction(WebCore::ScriptExecutionContext * executionContext=0x0451c6fc) Line 124 + 0x31 bytes C++
WebKit.dll!WebCore::JSEventListener::jsFunction(WebCore::ScriptExecutionContext * scriptExecutionContext=0x0451c6fc) Line 79 + 0x13 bytes C++
WebKit.dll!WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext * scriptExecutionContext=0x0451c6fc, WebCore::Event * event=0x045702d0) Line 69 + 0xc bytes C++
WebKit.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x045702d0, WebCore::EventTargetData * d=0x044ce6b4, WTF::Vector<WebCore::RegisteredEventListener,1> & entry=[1]({listener=0x0454e620 {m_functionName={onload} m_eventParameterName={event} m_code={startTest()} ...} useCapture=false })) Line 329 + 0x35 bytes C++
WebKit.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x045702d0) Line 295 C++
WebKit.dll!WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}, WTF::PassRefPtr<WebCore::EventTarget> prpTarget={...}) Line 1480 + 0x11 bytes C++
WebKit.dll!WebCore::DOMWindow::dispatchLoadEvent() Line 1436 C++
WebKit.dll!WebCore::Document::dispatchWindowLoadEvent() Line 3195 C++
WebKit.dll!WebCore::Document::implicitClose() Line 1907 C++
WebKit.dll!WebCore::FrameLoader::checkCallImplicitClose() Line 947 C++
WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 896 C++
WebKit.dll!WebCore::FrameLoader::finishedParsing() Line 835 C++
WebKit.dll!WebCore::Document::finishedParsing() Line 4409 C++
WebKit.dll!WebCore::LegacyHTMLTreeBuilder::finished() Line 1642 + 0x1a bytes C++
WebKit.dll!WebCore::HTMLTreeBuilder::finished() Line 1043 C++
WebKit.dll!WebCore::HTMLDocumentParser::end() Line 267 C++
WebKit.dll!WebCore::HTMLDocumentParser::attemptToEnd() Line 279 C++
WebKit.dll!WebCore::HTMLDocumentParser::finish() Line 296 C++
WebKit.dll!WebCore::Document::finishParsing() Line 2054 + 0x20 bytes C++
WebKit.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource() Line 222 C++
WebKit.dll!WebCore::DocumentWriter::end() Line 207 C++
WebKit.dll!WebCore::DocumentLoader::finishedLoading() Line 270 C++
WebKit.dll!WebCore::FrameLoader::finishedLoading() Line 2216 C++
WebKit.dll!WebCore::MainResourceLoader::didFinishLoading() Line 425 C++
WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x044d8530) Line 443 + 0xf bytes C++
WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x04525c40, const void * clientInfo=0x044d8530) Line 240 + 0x1e bytes C++
Adam Roben (:aroben)
*** This bug has been marked as a duplicate of bug 41357 ***