RESOLVED INVALID 119868
REGRESSION: Crash in JSC::getByVal during XHR 
https://bugs.webkit.org/show_bug.cgi?id=119868
Summary REGRESSION: Crash in JSC::getByVal during XHR
Ryosuke Niwa
Reported 2013-08-15 15:15:25 PDT
Saw this crash while scrolling down on plus.google.com. Thread 0:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000107b57cb3 JSC::getByVal(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::ReturnAddressPtr) + 147 1 com.apple.JavaScriptCore 0x0000000107b57b09 cti_op_get_by_val + 617 2 ??? 0x00003cbfc65e16c5 0 + 66794364475077 3 com.apple.JavaScriptCore 0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 4 com.apple.JavaScriptCore 0x0000000107b16eff JSC::Interpreter::execute(JSC::CallFrameClosure&) + 287 5 com.apple.JavaScriptCore 0x00000001079dc064 JSC::arrayProtoFuncForEach(JSC::ExecState*) + 1060 6 ??? 0x00003cbfc6401045 0 + 66794362507333 7 com.apple.JavaScriptCore 0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 8 com.apple.JavaScriptCore 0x0000000107b167aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 9 com.apple.JavaScriptCore 0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 10 com.apple.JavaScriptCore 0x0000000107b665be JSC::boundFunctionCall(JSC::ExecState*) + 526 11 ??? 0x00003cbfc6401045 0 + 66794362507333 12 com.apple.JavaScriptCore 0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 13 com.apple.JavaScriptCore 0x0000000107b167aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 14 com.apple.JavaScriptCore 0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 15 com.apple.JavaScriptCore 0x0000000107b665be JSC::boundFunctionCall(JSC::ExecState*) + 526 16 ??? 0x00003cbfc6401045 0 + 66794362507333 17 com.apple.JavaScriptCore 0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49 18 com.apple.JavaScriptCore 0x0000000107b167aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650 19 com.apple.JavaScriptCore 0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 20 com.apple.JavaScriptCore 0x0000000107b665be JSC::boundFunctionCall(JSC::ExecState*) + 526 21 com.apple.JavaScriptCore 0x0000000107b167eb JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 715 22 com.apple.JavaScriptCore 0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 23 com.apple.WebCore 0x0000000108473d5c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 908 24 com.apple.WebCore 0x00000001081420dc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 364 25 com.apple.WebCore 0x0000000108141df6 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 390 26 com.apple.WebCore 0x0000000108141c58 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 88 27 com.apple.WebCore 0x0000000108b5439f WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 335 28 com.apple.WebCore 0x0000000108b54418 WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 56 29 com.apple.WebCore 0x0000000108b4edec WebCore::XMLHttpRequest::callReadyStateChangeListener() + 252 30 com.apple.WebCore 0x0000000108b52d46 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 358 31 com.apple.WebCore 0x0000000107ee90cd WebCore::CachedResource::checkNotify() + 93 32 com.apple.WebCore 0x0000000107ee6052 WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*) + 194 33 com.apple.WebCore 0x00000001089bf625 WebCore::SubresourceLoader::didFinishLoading(double) + 133 34 com.apple.Foundation 0x00007fff91cc2d88 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 35 com.apple.Foundation 0x00007fff91cc2ccc -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 36 com.apple.Foundation 0x00007fff91cc2bc8 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 37 com.apple.CFNetwork 0x00007fff8fcf3091 ___delegate_didFinishLoading_block_invoke_0 + 40 38 com.apple.CFNetwork 0x00007fff8fce554a ___withDelegateAsync_block_invoke_0 + 90 39 com.apple.CFNetwork 0x00007fff8fd75f3a __block_global_1 + 28 40 com.apple.CoreFoundation 0x00007fff8e39d154 CFArrayApplyFunction + 68 41 com.apple.CFNetwork 0x00007fff8fcd62b4 RunloopBlockContext::perform() + 124 42 com.apple.CFNetwork 0x00007fff8fcd618b MultiplexerSource::perform() + 221 43 com.apple.CoreFoundation 0x00007fff8e37eb31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 44 com.apple.CoreFoundation 0x00007fff8e37e455 __CFRunLoopDoSources0 + 245 45 com.apple.CoreFoundation 0x00007fff8e3a17f5 __CFRunLoopRun + 789 46 com.apple.CoreFoundation 0x00007fff8e3a10e2 CFRunLoopRunSpecific + 290 47 com.apple.HIToolbox 0x00007fff8d7e8eb4 RunCurrentEventLoopInMode + 209 48 com.apple.HIToolbox 0x00007fff8d7e8c52 ReceiveNextEventCommon + 356 49 com.apple.HIToolbox 0x00007fff8d7e8ae3 BlockUntilNextEventMatchingListInMode + 62 50 com.apple.AppKit 0x00007fff90bbb533 _DPSNextEvent + 685 51 com.apple.AppKit 0x00007fff90bbadf2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 52 com.apple.AppKit 0x00007fff90bb21a3 -[NSApplication run] + 517 53 com.apple.WebCore 0x00000001089058f2 WebCore::RunLoop::run() + 82 54 com.apple.WebKit2 0x000000010761ceb2 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 614 55 com.apple.WebProcess 0x0000000107531e23 main + 337 56 libdyld.dylib 0x00007fff944237e1 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-08-16 11:17:59 PDT
This is not the crashing thread, so this bug is not actionable. Closing for now, please file a new bug with a complete crash log if you can reproduce this.
Note You need to log in before you can comment on or make changes to this bug.