Bug 45811

Summary: REGRESSION: Feedly extension crashes Webkit
Product: WebKit Reporter: rune.bjorneras
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, ggaren, oliver, sam
Priority: P1 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: All   
Attachments:
Description Flags
Crash report
none
Crash report, r67643
none
Patch none

rune.bjorneras
Reported 2010-09-15 01:31:34 PDT
Feedly extension crashes Webkit.
Attachments
Crash report (30.97 KB, text/plain)
2010-09-15 22:32 PDT, rune.bjorneras
no flags
Crash report, r67643 (31.45 KB, text/plain)
2010-09-19 22:28 PDT, rune.bjorneras
no flags
Patch (8.55 KB, patch)
2010-10-18 18:26 PDT, Oliver Hunt
no flags
Alexey Proskuryakov
Comment 1 2010-09-15 11:08:45 PDT
Could you please attach a crash log <http://webkit.org/quality/crashlogs.html>?
rune.bjorneras
Comment 2 2010-09-15 22:32:08 PDT
Created attachment 67771 [details] Crash report
rune.bjorneras
Comment 3 2010-09-15 22:34:12 PDT
Sure - report uploaded. This is from my work Mac. Webkit also crashes with this extension on my home Mac running 10.6.4.
Alexey Proskuryakov
Comment 4 2010-09-16 11:00:13 PDT
I could reproduce the crash with nightly r67568, although with a different stack trace (which is understandable, since I was running it in 64 bit). Steps to reproduce: 1. Install the extension from e.g. http://www.pimpmysafari.com/extensions/feedly-safari-extension 2. Click its button in Safari. 0 com.apple.JavaScriptCore 0x00000001007d9d14 JSC::Identifier::addSlowCase(JSC::ExecState*, WTF::StringImpl*) + 84 1 com.apple.WebCore 0x0000000101601fac WebCore::CloneDeserializer::deserialize() + 2332 2 com.apple.WebCore 0x0000000101602995 WebCore::SerializedScriptValue::deserialize(JSC::ExecState*, JSC::JSGlobalObject*) + 677 3 com.apple.WebCore 0x00000001016029f3 WebCore::SerializedScriptValue::deserialize(OpaqueJSContext const*, OpaqueJSValue const**) + 35 4 com.apple.JavaScriptCore 0x0000000100835aee JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::staticValueGetter(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&) + 766 5 com.apple.JavaScriptCore 0x0000000100825141 JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const + 401 6 com.apple.JavaScriptCore 0x00000001008185df cti_op_get_by_id_generic + 79 7 ??? 0x00003212bace08dd 0 + 55056024864989 8 com.apple.JavaScriptCore 0x00000001007e06ff JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 911
rune.bjorneras
Comment 5 2010-09-19 22:22:02 PDT
Seems OK now with r67643 - that was quick! :)
rune.bjorneras
Comment 6 2010-09-19 22:27:42 PDT
Ahh, seems I was too quick. Actually got the feed headlines up without a crash, so I thought it worked. However, the browser crashed once I clicked on a link.
rune.bjorneras
Comment 7 2010-09-19 22:28:27 PDT
Created attachment 68052 [details] Crash report, r67643
Oliver Hunt
Comment 8 2010-10-18 17:51:53 PDT
I think I know what's happening. Whoops.
Oliver Hunt
Comment 9 2010-10-18 18:26:44 PDT
Sam Weinig
Comment 10 2010-10-18 18:32:25 PDT
(In reply to comment #9) > Created an attachment (id=71110) [details] > Patch r=me, though we may want to consider using a SegmentedVector instead.
WebKit Commit Bot
Comment 11 2010-10-18 19:34:54 PDT
Comment on attachment 71110 [details] Patch Clearing flags on attachment: 71110 Committed r70018: <http://trac.webkit.org/changeset/70018>
WebKit Commit Bot
Comment 12 2010-10-18 19:35:00 PDT
All reviewed patches have been landed. Closing bug.
Oliver Hunt
Comment 13 2010-10-19 11:12:25 PDT
Sorry for the delay in fixing this
Note You need to log in before you can comment on or make changes to this bug.