Bug 49362

Summary: REGRESSION(71515): Web Inspector: Safari crash calling console.log when Log JavaScript Exceptions to Console is checked
Product: WebKit Reporter: Brian Weinstein <bweinstein>
Component: Web Inspector (Deprecated)Assignee: Yury Semikhatsky <yurys>
Status: RESOLVED FIXED    
Severity: Normal CC: apavlov, bugzilla, bweinstein, commit-queue, joepeck, keishi, loislo, mrowe, pfeldman, pmuellr, rik, smkolins, timothy, yurys
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: All   
Attachments:
Description Flags
Patch none

Brian Weinstein
Reported 2010-11-10 20:03:59 PST
There is a crash in Safari when logging to the console when "Log JavaScript Exceptions to Console" is checked.
Attachments
Patch (2.60 KB, patch)
2010-11-13 02:48 PST, Yury Semikhatsky 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2010-11-10 20:25:57 PST
There’s a lifetime issue here in Console::addMessage. The local variable lastCaller is a reference to a call frame owned by the callStack variable. The callStack variable is passed to InspectorController::addMessageToConsole which creates a ConsoleMessage with the ScriptCallStack instance. The ConsoleMessage constructor then clears the ScriptCallStack instance. This means that the lastCaller local variable is now a reference to deallocated memory. There’s a similar issue with the arguments object. It’s a PassOwnPtr and is passed to InspectorController::addMessageToConsole. That results in the arguments local being cleared out, ensuring a nil-dereference will occur when it is dereferenced later on in Console::addMessage.
Alexey Proskuryakov
Comment 2 2010-11-11 15:26:24 PST
*** Bug 49392 has been marked as a duplicate of this bug. ***
Yury Semikhatsky
Comment 3 2010-11-12 08:55:57 PST
Sorry for the lame question, but where can I find this "Log JavaScript Exceptions to Console" option? Should I install Safari Enhancer to see this option?
Brian Weinstein
Comment 4 2010-11-12 09:54:06 PST
It's in Safari's Debug Menu on Mac. 1) Quit Safari 2) Open a terminal, and run: defaults write com.apple.Safari IncludeInternalDebugMenu 1 3) Relaunch Safari There will be a new menu at the top, the Debug Menu, and the Menu item should be there.
Timothy Hatcher
Comment 5 2010-11-12 13:58:12 PST
<rdar://problem/8655727>
Yury Semikhatsky
Comment 6 2010-11-13 02:48:13 PST
Created attachment 73817 [details] Patch
WebKit Commit Bot
Comment 7 2010-11-13 06:51:11 PST
Comment on attachment 73817 [details] Patch Clearing flags on attachment: 73817 Committed r71966: <http://trac.webkit.org/changeset/71966>
WebKit Commit Bot
Comment 8 2010-11-13 06:51:16 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 9 2010-11-16 16:06:23 PST
*** Bug 49598 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.