RESOLVED FIXED 108097
REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute 
https://bugs.webkit.org/show_bug.cgi?id=108097
Summary REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
Kevin M. Dean
Reported 2013-01-28 11:48:04 PST
Crashes on load of URL above. Process: WebProcess [35321] Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 537+ (537.28+) Code Type: X86-64 (Native) Parent Process: ??? [1] User ID: 501 Date/Time: 2013-01-28 14:22:38.472 -0500 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 00000001051e7000-00000001051e8000 [ 4K] r-x/rwx SM=COW /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001057354e6 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 758 1 com.apple.JavaScriptCore 0x0000000105660910 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 576 2 com.apple.WebCore 0x00000001065823ba WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 442 3 com.apple.WebCore 0x0000000106582549 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41 4 com.apple.WebCore 0x000000010658b69e WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 478 5 com.apple.WebCore 0x000000010658a3c4 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1076 6 com.apple.WebCore 0x0000000105ec10ce WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 350 7 com.apple.WebCore 0x0000000105ec0f20 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48 8 com.apple.WebCore 0x0000000105e6e5b4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84 9 com.apple.WebCore 0x0000000105e6e638 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88 10 com.apple.WebCore 0x0000000105e6e348 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 264 11 com.apple.WebCore 0x0000000105e6ec70 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 112 12 com.apple.WebCore 0x0000000105e6edb7 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 87 13 com.apple.WebCore 0x0000000105aefcbd WebCore::CachedResource::checkNotify() + 93 14 com.apple.WebCore 0x000000010665d7a3 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) + 211 15 com.apple.WebCore 0x0000000106561511 -[WebCoreResourceHandleAsDelegate connection:didFailWithError:] + 113 16 com.apple.Foundation 0x00007fff82bbaf58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 17 com.apple.Foundation 0x00007fff82bbae9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 18 com.apple.Foundation 0x00007fff82d31e44 -[NSURLConnectionInternal _withErrorForConnection:] + 105 19 com.apple.CFNetwork 0x00007fff83961fc5 ___delegate_didFail_block_invoke_0 + 57 20 com.apple.CFNetwork 0x00007fff839033ca ___withDelegateAsync_block_invoke_0 + 90 21 com.apple.CFNetwork 0x00007fff8399356a __block_global_1 + 28 22 com.apple.CoreFoundation 0x00007fff86ba5724 CFArrayApplyFunction + 68 23 com.apple.CFNetwork 0x00007fff838f4554 RunloopBlockContext::perform() + 124 24 com.apple.CFNetwork 0x00007fff838f442b MultiplexerSource::perform() + 221 25 com.apple.CoreFoundation 0x00007fff86b87101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 26 com.apple.CoreFoundation 0x00007fff86b86a25 __CFRunLoopDoSources0 + 245 27 com.apple.CoreFoundation 0x00007fff86ba9dc5 __CFRunLoopRun + 789 28 com.apple.CoreFoundation 0x00007fff86ba96b2 CFRunLoopRunSpecific + 290 29 com.apple.HIToolbox 0x00007fff8ca250a4 RunCurrentEventLoopInMode + 209 30 com.apple.HIToolbox 0x00007fff8ca24e42 ReceiveNextEventCommon + 356 31 com.apple.HIToolbox 0x00007fff8ca24cd3 BlockUntilNextEventMatchingListInMode + 62 32 com.apple.AppKit 0x00007fff8a664613 _DPSNextEvent + 685 33 com.apple.AppKit 0x00007fff8a663ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 34 com.apple.AppKit 0x00007fff8a65b283 -[NSApplication run] + 517 35 com.apple.WebCore 0x000000010657925d WebCore::RunLoop::run() + 77 36 com.apple.WebKit2 0x000000010537ad55 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 543 37 com.apple.WebProcess 0x00000001051e7e59 main + 269 38 libdyld.dylib 0x00007fff881447e1 start + 1
Attachments
Patch (3.61 KB, patch)
2013-01-29 14:46 PST, Oliver Hunt 		no flags
DetailsFormatted DiffDiff
Patch (3.63 KB, patch)
2013-01-29 14:52 PST, Oliver Hunt 		ggaren: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-01-28 22:44:47 PST
<rdar://problem/13103713>
Oliver Hunt
Comment 2 2013-01-29 13:26:50 PST
Interestingly this is showing an actual bug
Oliver Hunt
Comment 3 2013-01-29 14:46:47 PST
Created attachment 185310 [details] Patch
Oliver Hunt
Comment 4 2013-01-29 14:52:00 PST
Created attachment 185313 [details] Patch
Geoffrey Garen
Comment 5 2013-01-29 14:52:39 PST
Comment on attachment 185313 [details] Patch r=me
Oliver Hunt
Comment 6 2013-01-29 14:54:24 PST
Committed r141168: <http://trac.webkit.org/changeset/141168>
Note You need to log in before you can comment on or make changes to this bug.