106828 – [Microdata] REGRESSION(r138725): Causes crash in chromium port

RESOLVED FIXED 106828

[Microdata] REGRESSION(r138725): Causes crash in chromium port

https://bugs.webkit.org/show_bug.cgi?id=106828

Summary [Microdata] REGRESSION(r138725): Causes crash in chromium port

Arko Saha

Reported 2013-01-14 14:41:03 PST

Test : <div id="testDiv" itemscope><div itemprop="bar"> </div></div> <script type="text/javascript"> var testDiv = document.getElementById("testDiv"); alert(testDiv.properties['bar']); </script> Backtrace:: 0x0000555559a2c33b in v8::internal::Handle<v8::internal::Object>::operator* (this=0x7fffd93143c0) at ../../v8/src/handles-inl.h:65 65 ASSERT(reinterpret_cast<Address>(*location_) != kHandleZapValue); (gdb) bt #0 0x0000555559a2c33b in v8::internal::Handle<v8::internal::Object>::operator* (this=0x7fffd93143c0) at ../../v8/src/handles-inl.h:65 #1 0x0000555559a2d1b2 in v8::internal::Handle<v8::internal::Object>::operator-> (this=0x7fffd93143c0) at ../../v8/src/handles.h:64 #2 0x0000555559bec891 in v8::internal::JSObject::GetPropertyWithInterceptor (this=0x346836f807d9, receiver=0x346836f807d9, name=0x21599ca2b2a1, attributes=0x7fffd93145ac) at ../../v8/src/objects.cc:10865 #3 0x0000555559bc65d6 in v8::internal::Object::GetProperty (this=0x346836f807d9, receiver=0x346836f807d9, result=0x7fffd93145d0, name=0x21599ca2b2a1, attributes=0x7fffd93145ac) at ../../v8/src/objects.cc:670 #4 0x0000555559bc5f3c in v8::internal::Object::GetProperty (object=..., receiver=..., result=0x7fffd93145d0, key=..., attributes=0x7fffd93145ac) at ../../v8/src/objects.cc:596 #5 0x0000555559b5137a in v8::internal::LoadIC::Load (this=0x7fffd9314670, state=v8::internal::UNINITIALIZED, object=..., name=...) at ../../v8/src/ic.cc:943 #6 0x0000555559b56b50 in v8::internal::LoadIC_Miss (args=..., isolate=0x7ffff7ea2020) at ../../v8/src/ic.cc:2189 #7 0x0000108caf20654e in ?? () #8 0x0000108caf2064a1 in ?? () #9 0x00007fffd93146b0 in ?? () #10 0x00007fffd9314700 in ?? () #11 0x0000108caf244409 in ?? () #12 0x000021599ca2b2a1 in ?? () #13 0x0000346836f807d9 in ?? () #14 0x0000077bf1d73679 in ?? () #15 0x0000077bf1d04121 in ?? () #16 0x000009f390140921 in ?? () #17 0x0000077bf1d5c1f1 in ?? () #18 0x00007fffd9314738 in ?? () #19 0x0000108caf225467 in ?? () #20 0x0000077bf1d737b1 in ?? () #21 0x000009f390140921 in ?? () #22 0x0000108caf2253a1 in ?? () #23 0x0000000700000000 in ?? () #24 0x0000000000000000 in ?? ()

Attachments
Patch (3.89 KB, patch) 2013-01-14 14:55 PST, Arko Saha	rniwa: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Arko Saha

Comment 1 2013-01-14 14:55:03 PST

Created attachment 182633 [details] Patch

Arko Saha

Comment 2 2013-01-14 15:06:53 PST

Committed r139673: <http://trac.webkit.org/changeset/139673>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component DOM

Assignee

Arko Saha

Reported

2013-01-14 14:41 PST

Modified

2013-01-14 15:06 PST History

CC List

5 users Show

URL

Keywords

Depends on

Blocks