Bug 106828 - [Microdata] REGRESSION(r138725): Causes crash in chromium port
Summary: [Microdata] REGRESSION(r138725): Causes crash in chromium port
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Arko Saha
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-14 14:41 PST by Arko Saha
Modified: 2013-01-14 15:06 PST (History)
5 users (show)

See Also:

Attachments
Patch (3.89 KB, patch)
2013-01-14 14:55 PST, Arko Saha 		rniwa: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arko Saha 2013-01-14 14:41:03 PST 
Test :

<div id="testDiv" itemscope><div itemprop="bar"> </div></div>
<script type="text/javascript">
var testDiv = document.getElementById("testDiv");
alert(testDiv.properties['bar']);
</script>

Backtrace::

0x0000555559a2c33b in v8::internal::Handle<v8::internal::Object>::operator* (this=0x7fffd93143c0) at ../../v8/src/handles-inl.h:65
65	  ASSERT(reinterpret_cast<Address>(*location_) != kHandleZapValue);
(gdb) bt
#0  0x0000555559a2c33b in v8::internal::Handle<v8::internal::Object>::operator* (this=0x7fffd93143c0) at ../../v8/src/handles-inl.h:65
#1  0x0000555559a2d1b2 in v8::internal::Handle<v8::internal::Object>::operator-> (this=0x7fffd93143c0) at ../../v8/src/handles.h:64
#2  0x0000555559bec891 in v8::internal::JSObject::GetPropertyWithInterceptor (this=0x346836f807d9, receiver=0x346836f807d9, name=0x21599ca2b2a1, attributes=0x7fffd93145ac)
    at ../../v8/src/objects.cc:10865
#3  0x0000555559bc65d6 in v8::internal::Object::GetProperty (this=0x346836f807d9, receiver=0x346836f807d9, result=0x7fffd93145d0, name=0x21599ca2b2a1, attributes=0x7fffd93145ac)
    at ../../v8/src/objects.cc:670
#4  0x0000555559bc5f3c in v8::internal::Object::GetProperty (object=..., receiver=..., result=0x7fffd93145d0, key=..., attributes=0x7fffd93145ac) at ../../v8/src/objects.cc:596
#5  0x0000555559b5137a in v8::internal::LoadIC::Load (this=0x7fffd9314670, state=v8::internal::UNINITIALIZED, object=..., name=...) at ../../v8/src/ic.cc:943
#6  0x0000555559b56b50 in v8::internal::LoadIC_Miss (args=..., isolate=0x7ffff7ea2020) at ../../v8/src/ic.cc:2189
#7  0x0000108caf20654e in ?? ()
#8  0x0000108caf2064a1 in ?? ()
#9  0x00007fffd93146b0 in ?? ()
#10 0x00007fffd9314700 in ?? ()
#11 0x0000108caf244409 in ?? ()
#12 0x000021599ca2b2a1 in ?? ()
#13 0x0000346836f807d9 in ?? ()
#14 0x0000077bf1d73679 in ?? ()
#15 0x0000077bf1d04121 in ?? ()
#16 0x000009f390140921 in ?? ()
#17 0x0000077bf1d5c1f1 in ?? ()
#18 0x00007fffd9314738 in ?? ()
#19 0x0000108caf225467 in ?? ()
#20 0x0000077bf1d737b1 in ?? ()
#21 0x000009f390140921 in ?? ()
#22 0x0000108caf2253a1 in ?? ()
#23 0x0000000700000000 in ?? ()
#24 0x0000000000000000 in ?? ()
Comment 1 Arko Saha 2013-01-14 14:55:03 PST 
Created attachment 182633 [details]
Patch
Comment 2 Arko Saha 2013-01-14 15:06:53 PST 
Committed r139673: <http://trac.webkit.org/changeset/139673>