Summary: | REGRESSION: Feedly extension crashes Webkit | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | rune.bjorneras | ||||||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | ap, commit-queue, ggaren, oliver, sam | ||||||||
Priority: | P1 | Keywords: | Regression | ||||||||
Version: | 528+ (Nightly build) | ||||||||||
Hardware: | Mac (Intel) | ||||||||||
OS: | All | ||||||||||
Attachments: |
|
Description
rune.bjorneras
2010-09-15 01:31:34 PDT
Could you please attach a crash log <http://webkit.org/quality/crashlogs.html>? Created attachment 67771 [details]
Crash report
Sure - report uploaded. This is from my work Mac. Webkit also crashes with this extension on my home Mac running 10.6.4. I could reproduce the crash with nightly r67568, although with a different stack trace (which is understandable, since I was running it in 64 bit). Steps to reproduce: 1. Install the extension from e.g. http://www.pimpmysafari.com/extensions/feedly-safari-extension 2. Click its button in Safari. 0 com.apple.JavaScriptCore 0x00000001007d9d14 JSC::Identifier::addSlowCase(JSC::ExecState*, WTF::StringImpl*) + 84 1 com.apple.WebCore 0x0000000101601fac WebCore::CloneDeserializer::deserialize() + 2332 2 com.apple.WebCore 0x0000000101602995 WebCore::SerializedScriptValue::deserialize(JSC::ExecState*, JSC::JSGlobalObject*) + 677 3 com.apple.WebCore 0x00000001016029f3 WebCore::SerializedScriptValue::deserialize(OpaqueJSContext const*, OpaqueJSValue const**) + 35 4 com.apple.JavaScriptCore 0x0000000100835aee JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::staticValueGetter(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&) + 766 5 com.apple.JavaScriptCore 0x0000000100825141 JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const + 401 6 com.apple.JavaScriptCore 0x00000001008185df cti_op_get_by_id_generic + 79 7 ??? 0x00003212bace08dd 0 + 55056024864989 8 com.apple.JavaScriptCore 0x00000001007e06ff JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 911 Ahh, seems I was too quick. Actually got the feed headlines up without a crash, so I thought it worked. However, the browser crashed once I clicked on a link. Created attachment 68052 [details] Crash report, r67643 I think I know what's happening. Whoops. Created attachment 71110 [details]
Patch
(In reply to comment #9) > Created an attachment (id=71110) [details] > Patch r=me, though we may want to consider using a SegmentedVector instead. Comment on attachment 71110 [details] Patch Clearing flags on attachment: 71110 Committed r70018: <http://trac.webkit.org/changeset/70018> All reviewed patches have been landed. Closing bug. Sorry for the delay in fixing this |