Summary: | Crash in Interpreter::execute on Windows on page that uses ES5 strict mode | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jyrki Wahlstedt <jyrki.wahlstedt> | ||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED WORKSFORME | ||||||
Severity: | Normal | CC: | ap, aroben, oliver | ||||
Priority: | P2 | Keywords: | InRadar, PlatformOnly | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | PC | ||||||
OS: | Windows XP | ||||||
URL: | http://momjian.us/main/blogs/pgblog/2010.html#October_30_2010 | ||||||
Attachments: |
|
Description
Jyrki Wahlstedt
2010-11-01 03:54:22 PDT
I cannot reproduce this on Mac. Could you please attach a crash dump <http://webkit.org/quality/crashlogs.html>? Do you have any Safari extensions installed, and if so, does disabling them make the crash go away? Created attachment 72636 [details] crash dump from r70599 crash dump opening the said URL Yes, on Mac I don't remember having any problems, Windows just is a bit different (XP especially). Crash dump is now attached... and there are no extensions:) I can reproduce on Windows XP with the r70599 nightly. Here's the backtrace: 0012f468 015e3b63 08312cf4 7fe92c4c 04bf0080 0x6941dcd 0012f4ac 015e39d0 04bf0000 0012f4f0 7fa46108 JavaScriptCore!JSC::Interpreter::execute+0x143 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\javascriptcore\interpreter\interpreter.cpp @ 751] 0012f4f8 032e1809 0012f540 7fbf51d8 7fbf51a0 JavaScriptCore!JSC::evaluate+0xa0 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\javascriptcore\runtime\completion.cpp @ 65] 0012f550 032e194e 0012f588 0012f5d8 7fea0ae0 WebKit!WebCore::ScriptController::evaluateInWorld+0x129 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\bindings\js\scriptcontroller.cpp @ 149] 0012f564 035b1649 7fec7cf4 0012f5d8 00000001 WebKit!WebCore::ScriptController::evaluate+0x3e [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\bindings\js\scriptcontroller.cpp @ 171] 0012f594 037b5818 0012f5c8 0012f5d8 00000001 WebKit!WebCore::ScriptController::executeScript+0x99 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\bindings\scriptcontrollerbase.cpp @ 62] 0012f624 037b5708 7fd1f9d8 7fb5e000 7fd1f9d8 WebKit!WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent+0xd8 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\html\parser\htmlscriptrunner.cpp @ 143] 0012f670 037b5990 0012f6f4 036c93e8 0012f698 WebKit!WebCore::HTMLScriptRunner::executeParsingBlockingScript+0x68 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\html\parser\htmlscriptrunner.cpp @ 124] 0012f678 036c93e8 0012f698 7fbf7000 7fbf7000 WebKit!WebCore::HTMLScriptRunner::executeParsingBlockingScripts+0x50 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\html\parser\htmlscriptrunner.cpp @ 203] 0012f688 036d8441 7fbf7000 00000000 7fbf7008 WebKit!WebCore::HTMLDocumentParser::notifyFinished+0x68 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\html\parser\htmldocumentparser.cpp @ 458] 0012f6a8 036d8407 7f9e4cb0 7fbce948 7fbf7000 WebKit!WebCore::CachedScript::checkNotify+0x31 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\loader\cachedscript.cpp @ 100] 0012f6b8 03697028 7fbd0190 00000001 076d2838 WebKit!WebCore::CachedScript::data+0xb7 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\loader\cachedscript.cpp @ 90] 0012f6f4 037a6ca4 7fbe4000 0647d970 0012f660 WebKit!WebCore::Loader::Host::didFinishLoading+0x108 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\loader\loader.cpp @ 422] 0012f760 035dcde1 00000000 00000000 0369af02 WebKit!WebCore::SubresourceLoader::didFinishLoading+0x34 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\loader\subresourceloader.cpp @ 183] 0012f76c 0369af02 7f9efbc0 00000000 00000000 WebKit!WebCore::ResourceLoader::didFinishLoading+0x11 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\loader\resourceloader.cpp @ 422] 0012f7b4 0286bfd4 06463378 7f9efbc0 076d2818 WebKit!WebCore::didFinishLoading+0x22 [c:\cygwin\home\buildbot\slave\windows-release-archive\build\opensource\webcore\platform\network\cf\resourcehandlecfnet.cpp @ 245] Apparently we're dereferencing null. Interesting, this page uses the new ES5 strict mode. I can reproduce the crash in ToT build. This is not a nightly-specific bug. Here's a better backtrace from a debug build: > JavaScriptCore.dll!JSC::Register::withCallee(JSC::JSObject * callee=0x0920b08c) Line 86 + 0xf bytes C++ JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x0920b08c, JSC::ExecState * callFrame=0x09610038, JSC::JSGlobalData * globalData=0x08523ff8) Line 77 + 0x22 bytes C++ JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x095fca98, JSC::ExecState * callFrame=0x08595d10, JSC::ScopeChainNode * scopeChain=0x093d3c58, JSC::JSObject * thisObj=0x09a57180) Line 759 + 0x25 bytes C++ JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec=0x08595d10, JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 64 C++ WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec=0x08595d10, JSC::ScopeChain & chain={...}, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 54 + 0x1d bytes C++ WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld * world=0x08428560, WebCore::ShouldAllowXSS shouldAllowXSS=DoNotAllowXSS) Line 148 + 0x2f bytes C++ WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::ShouldAllowXSS shouldAllowXSS=DoNotAllowXSS) Line 171 + 0x1a bytes C++ WebKit.dll!WebCore::ScriptController::executeScript(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::ShouldAllowXSS shouldAllowXSS=DoNotAllowXSS) Line 62 C++ WebKit.dll!WebCore::HTMLScriptRunner::executeScript(const WebCore::ScriptSourceCode & sourceCode={...}) Line 156 + 0x22 bytes C++ WebKit.dll!WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript & pendingScript={...}) Line 144 C++ WebKit.dll!WebCore::HTMLScriptRunner::executeParsingBlockingScript() Line 124 C++ WebKit.dll!WebCore::HTMLScriptRunner::executeParsingBlockingScripts() Line 204 C++ WebKit.dll!WebCore::HTMLScriptRunner::executeScriptsWaitingForStylesheets() Line 226 C++ WebKit.dll!WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() Line 483 + 0x15 bytes C++ WebKit.dll!WebCore::Document::removePendingSheet() Line 2790 + 0xf bytes C++ WebKit.dll!WebCore::HTMLLinkElement::sheetLoaded() Line 342 C++ WebKit.dll!WebCore::CSSStyleSheet::checkLoaded() Line 214 + 0x29 bytes C++ WebKit.dll!WebCore::CSSImportRule::setCSSStyleSheet(const WTF::String & href={...}, const WebCore::KURL & baseURL={m_impl=0x093ce8d8 {m_data=0x093ce8ec "http://momjian.us/main/css/misc.css" m_buffer=0x00000000 m_substringBuffer=0x00000000 ...} }, const WTF::String & charset={...}, const WebCore::CachedCSSStyleSheet * sheet=0x095f9d78) Line 104 + 0xf bytes C++ WebKit.dll!WebCore::CachedCSSStyleSheet::checkNotify() Line 117 + 0x4f bytes C++ WebKit.dll!WebCore::CachedCSSStyleSheet::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 107 C++ WebKit.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader * loader=0x095137a0) Line 422 C++ WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime=0.00000000000000000) Line 181 + 0x1f bytes C++ WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x093a5a08, double finishTime=0.00000000000000000) Line 421 + 0x18 bytes C++ WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x092a2b90, const void * clientInfo=0x093a5a08) Line 244 + 0x26 bytes C++ There were a number of follow on fixes to strict mode that landed not long after the original support landed. As I can no longer repro this crash I suspect that this was one of them. |