Bug 7926

Summary: Crash using -callWebScriptMethod to access offsetTop property
Product: WebKit Reporter: Brian Ellis <phoenix1701>
Component: WebKit APIAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ian, mrowe
Priority: P1    
Version: 417.x   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Patch timothy: review+

Brian Ellis
Reported 2006-03-22 20:34:05 PST
Erroneously attempting to call the -callWebScriptMethod:withArguments: method on a DOMNode and passing "offsetTop" as the method name caused a crash in KJS::Object::call at offset 120. The DOMNode in question was a hyperlink element in a document contained in a frameset, but some or all of these circumstances may be irrelevant.
Attachments
Patch (1.96 KB, patch)
2007-01-18 21:12 PST, Mark Rowe (bdash) 		timothy: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2006-03-23 09:44:24 PST
Brian, please post a crash log (either as a comment or as an attachment). Also, do you have any Safari extensions like Saft installed? Thanks!
Joost de Valk (AlthA)
Comment 2 2006-07-09 13:12:43 PDT
Since no more info was provided, i'm closing this bug as invalid.
Brian Ellis
Comment 3 2006-07-09 14:02:22 PDT
Sorry for the delay; here's the crash log you requested.  The actual line of code that caused the crash was: [link callWebScriptMethod:@"offsetTop" withArguments:[NSArray array]]; where "link" was a (valid) DOMNode.  Obviously, since "offsetTop" is a property rather than a method, this shouldn't be expected to work, but neither should it (presumably) crash. Also, I have no Safari extensions or input managers installed. ---===--- Date/Time:      2006-07-09 16:58:45.861 -0400 OS Version:     10.4.7 (Build 8J135) Report Version: 4 Command: RPCSPrototype Path:    /Users/phoenix/Documents/Schoolwork/Rapid Prototyping Project/RPCSPrototype/build/Release/RPCSPrototype.app/Contents/MacOS/RPCSPrototype Parent:  WindowServer [5995] Version: ??? (1.0) PID:    17516 Thread: 0 Exception:  EXC_BAD_ACCESS (0x0001) Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x000000a9 Thread 0 Crashed: 0   com.apple.JavaScriptCore        0x95bc0978 KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 120 1   com.apple.JavaScriptCore        0x95c02d2c -[WebScriptObject callWebScriptMethod:withArguments:] + 504 2   edu.cmu.firebird.RPCSPrototype  0x000035ec -[TestController selectLinkAtIndex:] + 112 3   com.apple.Foundation            0x92943ad8 _nsnote_callback + 180 4   com.apple.CoreFoundation        0x90803010 __CFXNotificationPost + 368 5   com.apple.CoreFoundation        0x907fb0ec _CFXNotificationPostNotification + 684 6   com.apple.Foundation            0x9292dee0 -[NSNotificationCenter postNotificationName:object:userInfo:] + 92 7   com.apple.WebKit                0x95ae0590 -[WebView(WebPrivate) _progressCompleted:] + 124 8   com.apple.WebKit                0x95aef480 -[WebSubresourceClient didFailWithError:] + 96 9   com.apple.WebKit                0x95aef400 -[WebBaseResourceHandleDelegate connection:didFailWithError:] + 52 10  com.apple.Foundation            0x9299f110 -[NSURLConnection(NSURLConnectionInternal) _sendDidFailCallback] + 100 11  com.apple.Foundation            0x92974ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 12  com.apple.Foundation            0x92974810 _sendCallbacks + 156 13  com.apple.CoreFoundation        0x907dc4cc __CFRunLoopDoSources0 + 384 14  com.apple.CoreFoundation        0x907db9fc __CFRunLoopRun + 452 15  com.apple.CoreFoundation        0x907db47c CFRunLoopRunSpecific + 268 16  com.apple.HIToolbox             0x931eb740 RunCurrentEventLoopInMode + 264 17  com.apple.HIToolbox             0x931eadd4 ReceiveNextEventCommon + 380 18  com.apple.HIToolbox             0x931eac40 BlockUntilNextEventMatchingListInMode + 96 19  com.apple.AppKit                0x936eeae4 _DPSNextEvent + 384 20  com.apple.AppKit                0x936ee7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 21  com.apple.AppKit                0x936eacec -[NSApplication run] + 472 22  com.apple.AppKit                0x937db87c NSApplicationMain + 452 23  edu.cmu.firebird.RPCSPrototype  0x000028f8 _start + 340 (crt.c:272) 24  edu.cmu.firebird.RPCSPrototype  0x000027a0 start + 60 Thread 1: 0   libSystem.B.dylib               0x9000b268 mach_msg_trap + 8 1   libSystem.B.dylib               0x9000b1bc mach_msg + 60 2   com.unsanity.ape                0xc0002afc __ape_internal + 3300 3   com.unsanity.ape                0xc0001910 __ape_agent + 64 4   libSystem.B.dylib               0x9002bc28 _pthread_body + 96 Thread 2: 0   libSystem.B.dylib               0x9000b268 mach_msg_trap + 8 1   libSystem.B.dylib               0x9000b1bc mach_msg + 60 2   com.apple.CoreFoundation        0x907dbb78 __CFRunLoopRun + 832 3   com.apple.CoreFoundation        0x907db47c CFRunLoopRunSpecific + 268 4   com.apple.Foundation            0x9296b69c +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264 5   com.apple.Foundation            0x92944194 forkThreadForFunction + 108 6   libSystem.B.dylib               0x9002bc28 _pthread_body + 96 Thread 3: 0   libSystem.B.dylib               0x9000b268 mach_msg_trap + 8 1   libSystem.B.dylib               0x9000b1bc mach_msg + 60 2   com.apple.CoreFoundation        0x907dbb78 __CFRunLoopRun + 832 3   com.apple.CoreFoundation        0x907db47c CFRunLoopRunSpecific + 268 4   com.apple.Foundation            0x9296c7dc +[NSURLCache _diskCacheSyncLoop:] + 152 5   com.apple.Foundation            0x92944194 forkThreadForFunction + 108 6   libSystem.B.dylib               0x9002bc28 _pthread_body + 96 Thread 4: 0   libSystem.B.dylib               0x9000b268 mach_msg_trap + 8 1   libSystem.B.dylib               0x9000b1bc mach_msg + 60 2   com.apple.CoreFoundation        0x907dbb78 __CFRunLoopRun + 832 3   com.apple.CoreFoundation        0x907db47c CFRunLoopRunSpecific + 268 4   com.apple.Foundation            0x92953164 -[NSRunLoop runMode:beforeDate:] + 172 5   com.apple.Foundation            0x9295309c -[NSRunLoop run] + 76 6   com.apple.WebKit                0x95ac1f70 +[WebFileDatabase _syncLoop:] + 176 7   com.apple.Foundation            0x92944194 forkThreadForFunction + 108 8   libSystem.B.dylib               0x9002bc28 _pthread_body + 96 Thread 0 crashed with PPC Thread State 64:   srr0: 0x0000000095bc0978 srr1: 0x000000000200f030                        vrsave: 0x0000000000000000     cr: 0x24002288          xer: 0x0000000020000007   lr: 0x0000000095bc0908  ctr: 0x00000000907beac8     r0: 0x0000000000000001   r1: 0x00000000bfffdf10   r2: 0x0000000000000000   r3: 0x00000000bfffdf50     r4: 0x00000000000000a9   r5: 0x00000000003db310   r6: 0x00000000bfffe000   r7: 0x00000000bfffe010     r8: 0x0000000000000000   r9: 0x00000000a5bd7034  r10: 0x00000000a5bdd808  r11: 0x00000000a5bdd800    r12: 0x00000000907beac8  r13: 0x0000000000000000  r14: 0x0000000000000001  r15: 0x0000000000000000    r16: 0x0000000000000000  r17: 0x0000000000000000  r18: 0x000000000030a350  r19: 0x00000000003625b0    r20: 0x00000000a5ac1890  r21: 0x00000000a07b2eb0  r22: 0x0000000000000001  r23: 0x0000000000000000    r24: 0x00000000003061b0  r25: 0x00000000a5be2b34  r26: 0x00000000bfffe030  r27: 0x00000000003aefa0    r28: 0x00000000003db310  r29: 0x00000000bfffe020  r30: 0x00000000a5bd6fa4  r31: 0x0000000095bc0908 Binary Images Description:     0x1000 -     0x4fff edu.cmu.firebird.RPCSPrototype ??? (1.0) /Users/phoenix/Documents/Schoolwork/Rapid Prototyping Project/RPCSPrototype/build/Release/RPCSPrototype.app/Contents/MacOS/RPCSPrototype    0xcb000 -    0xe4fff com.unsanity.shapeshifter 2.3.1 /Users/phoenix/Library/Application Enhancers/ShapeShifter.ape/Contents/PlugIns/CocoaStuff.plugIn/Contents/MacOS/CocoaStuff   0x205000 -   0x237fff com.unsanity.shapeshifter 2.3.1 /Users/phoenix/Library/Application Enhancers/ShapeShifter.ape/Contents/MacOS/ShapeShifter   0x7be000 -   0x7bffff com.ecamm.pluginloader Ecamm Plugin Loader v1.0.1 (1.0.1) /Library/InputManagers/Ecamm/Ecamm Plugin Loader.bundle/Contents/MacOS/Ecamm Plugin Loader   0x7c3000 -   0x7c5fff com.unsanity.menuextraenabler 1.0.3 /Users/phoenix/Library/InputManagers/Menu Extra Enabler/Menu Extra Enabler.bundle/Contents/MacOS/Menu Extra Enabler   0x7cf000 -   0x7d1fff net.culater.SIMBL 0.2 (8) /Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL   0x7de000 -   0x7e4fff com.unsanity.smartcrashreports Smart Crash Reports version 1.0.2 (1.1b1) /Library/InputManagers/Smart Crash Reports/Smart Crash Reports.bundle/Contents/MacOS/Smart Crash Reports  0x5b25000 -  0x5b27fff com.apple.textencoding.unicode 2.0 /System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings 0x8fe00000 - 0x8fe52fff dyld 45.1 /usr/lib/dyld 0x90000000 - 0x901bbfff libSystem.B.dylib  /usr/lib/libSystem.B.dylib 0x90213000 - 0x90218fff libmathCommon.A.dylib  /usr/lib/system/libmathCommon.A.dylib 0x9021a000 - 0x90267fff com.apple.CoreText 1.0.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90292000 - 0x90343fff ATS  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x90372000 - 0x9072cfff com.apple.CoreGraphics 1.258.33 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x907b9000 - 0x90892fff com.apple.CoreFoundation 6.4.6 (368.27) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x908db000 - 0x908dbfff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x908dd000 - 0x909dffff libicucore.A.dylib  /usr/lib/libicucore.A.dylib 0x90a39000 - 0x90abdfff libobjc.A.dylib  /usr/lib/libobjc.A.dylib 0x90ae7000 - 0x90b57fff com.apple.framework.IOKit 1.4 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90b6d000 - 0x90b7ffff libauto.dylib  /usr/lib/libauto.dylib 0x90b86000 - 0x90e5dfff com.apple.CoreServices.CarbonCore 681.4 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90ec3000 - 0x90f43fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x90f8d000 - 0x90fcefff com.apple.CFNetwork 129.16 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x90fe3000 - 0x90ffbfff com.apple.WebServices 1.1.2 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x9100b000 - 0x9108cfff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x910d2000 - 0x910fcfff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x9110d000 - 0x9111bfff libz.1.dylib  /usr/lib/libz.1.dylib 0x9111e000 - 0x912d8fff com.apple.security 4.4 (27566) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913d6000 - 0x913dffff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x913e6000 - 0x9140efff com.apple.SystemConfiguration 1.8.3 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91421000 - 0x9142cfff libgcc_s.1.dylib  /usr/lib/libgcc_s.1.dylib 0x91431000 - 0x91439fff libbsm.dylib  /usr/lib/libbsm.dylib 0x9143d000 - 0x914b8fff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x914f5000 - 0x914f5fff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x914f7000 - 0x9152ffff com.apple.AE 1.5 (297) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x9154a000 - 0x91617fff com.apple.ColorSync 4.4.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9166c000 - 0x916fdfff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91744000 - 0x917fbfff com.apple.QD 3.10.20 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x91838000 - 0x91896fff com.apple.HIServices 1.5.3 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x918c5000 - 0x918e9fff com.apple.LangAnalysis 1.6.1 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x918fd000 - 0x91922fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91935000 - 0x91977fff com.apple.LaunchServices 180 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x91993000 - 0x919a7fff com.apple.speech.synthesis.framework 3.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x919b5000 - 0x919f5fff com.apple.ImageIO.framework 1.4.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91a0b000 - 0x91ad3fff libcrypto.0.9.7.dylib  /usr/lib/libcrypto.0.9.7.dylib 0x91b21000 - 0x91b36fff libcups.2.dylib  /usr/lib/libcups.2.dylib 0x91b3b000 - 0x91b58fff libJPEG.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91b5d000 - 0x91bccfff libJP2.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91be3000 - 0x91be7fff libGIF.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91be9000 - 0x91c31fff libRaw.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91c36000 - 0x91c73fff libTIFF.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91c7a000 - 0x91c93fff libPng.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91c98000 - 0x91c9bfff libRadiance.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91c9d000 - 0x91c9dfff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91c9f000 - 0x91d84fff com.apple.vImage 2.4 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91d8c000 - 0x91dabfff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91e17000 - 0x91e85fff libvMisc.dylib  /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91e90000 - 0x91f25fff libvDSP.dylib  /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91f3f000 - 0x924c7fff libBLAS.dylib  /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x924fa000 - 0x92825fff libLAPACK.dylib  /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92855000 - 0x928ddfff com.apple.DesktopServices 1.3.4 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x9291e000 - 0x92b49fff com.apple.Foundation 6.4.6 (567.27) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92c67000 - 0x92d45fff libxml2.2.dylib  /usr/lib/libxml2.2.dylib 0x92d65000 - 0x92e53fff libiconv.2.dylib  /usr/lib/libiconv.2.dylib 0x92e65000 - 0x92e83fff libGL.dylib  /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92e8e000 - 0x92ee8fff libGLU.dylib  /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92f06000 - 0x92f06fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92f08000 - 0x92f1cfff com.apple.ImageCapture 3.0 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92f34000 - 0x92f44fff com.apple.speech.recognition.framework 3.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92f50000 - 0x92f65fff com.apple.securityhi 2.0 (203) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92f77000 - 0x92ffefff com.apple.ink.framework 101.2 (69) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x93012000 - 0x9301dfff com.apple.help 1.0.3 (32) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x93027000 - 0x93054fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x9306e000 - 0x9307efff com.apple.print.framework.Print 5.0 (190.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x9308a000 - 0x930f0fff com.apple.htmlrendering 1.1.2 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x93121000 - 0x93170fff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x9319e000 - 0x931bbfff com.apple.audio.SoundManager 3.9 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x931cd000 - 0x931dafff com.apple.CommonPanels 1.2.2 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x931e3000 - 0x934f0fff com.apple.HIToolbox 1.4.8 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9363f000 - 0x9364bfff com.apple.opengl 1.4.7 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x936e4000 - 0x936e4fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x936e6000 - 0x93d19fff com.apple.AppKit 6.4.7 (824.41) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x940a6000 - 0x94116fff com.apple.CoreData 80 /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x9414f000 - 0x94212fff com.apple.audio.toolbox.AudioToolbox 1.4.3 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94264000 - 0x94264fff com.apple.audio.units.AudioUnit 1.4 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94266000 - 0x94419fff com.apple.QuartzCore 1.4.8 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x9446c000 - 0x944a9fff libsqlite3.0.dylib  /usr/lib/libsqlite3.0.dylib 0x944b1000 - 0x94501fff libGLImage.dylib  /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x946af000 - 0x946befff libCGATS.A.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x946c6000 - 0x946d2fff libCSync.A.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x94718000 - 0x94730fff libRIP.A.dylib  /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94737000 - 0x949ebfff com.apple.QuickTime 7.1.2 /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x94aaf000 - 0x94b20fff libstdc++.6.dylib  /usr/lib/libstdc++.6.dylib 0x94b93000 - 0x94bb3fff libmx.A.dylib  /usr/lib/libmx.A.dylib 0x95abf000 - 0x95b4dfff com.apple.WebKit 418.8 /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit 0x95ba9000 - 0x95c3ffff com.apple.JavaScriptCore 418.3 /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x95c7c000 - 0x95f88fff com.apple.WebCore 418.19 /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore 0x96111000 - 0x9613afff libxslt.1.dylib  /usr/lib/libxslt.1.dylib 0x96eba000 - 0x96f5dfff libcrypto.0.9.dylib  /usr/lib/libcrypto.0.9.dylib 0xc0000000 - 0xc000ffff com.unsanity.ape 1.5.1 /Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer Model: PowerMac3,6, BootROM 4.4.8f2, 2 processors, PowerPC G4  (3.2), 1.25 GHz, 1 GB Graphics: ATI Radeon 9000 Pro, ATY,RV250, AGP, 64 MB Memory Module: DIMM0/J21, 512 MB, DDR SDRAM, PC2600U-25330 Memory Module: DIMM1/J22, 512 MB, DDR SDRAM, PC2600U-25330 Modem: Dash2, UCJ, V.92, 1.0F, APPLE VERSION 2.6.6 Network Service: Built-in Ethernet, Ethernet, en0 Network Service: PCI Ethernet Slot 2, Ethernet, en1 Network Service: Built-in FireWire, FireWire, fw0 PCI Card: pci1186,1301, sppci_ethernet, SLOT-2 Parallel ATA Device: PHILIPS CDD5101,  Parallel ATA Device: IBM-IC35L120AVVA07-0, 115.04 GB USB Device: Hub in Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 500 mA USB Device: USB Mouse, Kensington, Up to 1.5 Mb/sec, 100 mA USB Device: Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 250 mA USB Device: Lexmark 510 Series, Lexmark, Up to 12 Mb/sec, 500 mA
Joost de Valk (AlthA)
Comment 4 2006-07-09 14:20:26 PDT
Could you try with those extensions you have their disabled? If it still occurs then, that'd be even better. Even got a small program/testcase to demonstrate the issue perhaps?
Mark Rowe (bdash)
Comment 5 2007-01-18 20:41:54 PST
I can confirm that this crashes with WebKit 418.9.1, still need to test with ToT.
Mark Rowe (bdash)
Comment 6 2007-01-18 20:46:27 PST
With a debug build of ToT we hit an assertion failure: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000001 0x003f4dd1 in KJS::JSObject::call (this=0x1, exec=0x21841bc, thisObj=0x7ec080, args=@0xbfffe45c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/object.cpp:70 70 assert(implementsCall()); (gdb) bt #0 0x003f4dd1 in KJS::JSObject::call (this=0x1, exec=0x21841bc, thisObj=0x7ec080, args=@0xbfffe45c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/object.cpp:70 #1 0x013026eb in -[WebScriptObject callWebScriptMethod:withArguments:] (self=0x21c2120, _cmd=0x2cadb4, name=0x2058, args=0x21c4eb0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/objc/WebScriptObject.mm:193 #2 0x00001e30 in -[MyController webView:didFinishLoadForFrame:] () #3 0x90a57c56 in objc_msgSendv () #4 0x925fc43e in -[NSInvocation invoke] () #5 0x92622433 in -[NSInvocation invokeWithTarget:] () #6 0x00260836 in -[_WebSafeForwarder forwardInvocation:] (self=0x2168ae0, _cmd=0x90aa6194, anInvocation=0x21c1c30) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1426 #7 0x925fb4f4 in -[NSObject(NSForwardInvocation) forward::] () #8 0x90a57ba1 in _objc_msgForward () #9 0x00293923 in WebFrameLoaderClient::dispatchDidFinishLoad (this=0x2123c60) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:466 #10 0x0139827c in WebCore::FrameLoader::checkLoadCompleteForThisFrame (this=0x2817000) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2680 #11 0x0139852c in WebCore::FrameLoader::checkLoadComplete (this=0x2817000) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2752 #12 0x013986b7 in WebCore::FrameLoader::finishedLoading (this=0x2817000) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2502 #13 0x013a1c11 in WebCore::MainResourceLoader::didFinishLoading (this=0x2832c00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/MainResourceLoader.cpp:315 #14 0x013a322c in WebCore::ResourceLoader::didFinishLoading (this=0x2832c00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/ResourceLoader.cpp:311 #15 0x01383269 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x2153fe0, _cmd=0x90a9d160, con=0x2153220) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceHandleMac.mm:367 #16 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] () #17 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] () #18 0x92659b41 in _sendCallbacks () #19 0x90829379 in CFRunLoopRunSpecific () #20 0x90828eb5 in CFRunLoopRunInMode () #21 0x92dcdb90 in RunCurrentEventLoopInMode () #22 0x92dcd1ce in ReceiveNextEventCommon () #23 0x92dcd0ee in BlockUntilNextEventMatchingListInMode () #24 0x9326f465 in _DPSNextEvent () #25 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #26 0x93268ddb in -[NSApplication run] () #27 0x9325cd2f in NSApplicationMain () #28 0x00001cf6 in _start () #29 0x00001c1d in start () Current language: auto; currently c++
Mark Rowe (bdash)
Comment 7 2007-01-18 21:12:50 PST
Created attachment 12550 [details] Patch As well as fixing the bug in question, I altered the behaviour when an exception is thrown in the called method. It now returns 0 as this would provide some method for the caller to know that the call to the function failed.
Mark Rowe (bdash)
Comment 8 2007-01-18 21:14:47 PST
Comment on attachment 12550 [details] Patch For the record, it's possible that the change from returning undefined to returning zero when the function call raises an exception could cause compatibility problems. I'm not sure if it's a good change to make for that reason, but it seems a lot more sensible behaviour.
Timothy Hatcher
Comment 9 2007-01-18 21:27:59 PST
Comment on attachment 12550 [details] Patch r=me As mentioned on IRC. File a new bug about the proposed exception change. And leave this part of of the patch: - result = jsUndefined(); exec->clearException(); + return 0;
Mark Rowe (bdash)
Comment 10 2007-01-18 21:29:56 PST
Landed in r18973.
Mark Rowe (bdash)
Comment 11 2007-01-18 21:34:50 PST
Filed bug 12332 about the return value when exception is thrown.
Note You need to log in before you can comment on or make changes to this bug.