WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
Bug 121982
A mutation observer triggered in a method which throws an exception will cause an ASSERT.
https://bugs.webkit.org/show_bug.cgi?id=121982
Summary
A mutation observer triggered in a method which throws an exception will caus...
Jer Noble
Reported
2013-09-26 14:33:16 PDT
Triggering a mutation observer then, in the same stack frame, throwing an exception will cause an ASSERT when the mutation observers are triggered. The ASSERTion is testing (!vm->hasException()), and since the exception thrown in the event handler has not yet been cleared, the ASSERT is triggered. 0 com.apple.JavaScriptCore 0x00000001101a565a WTFCrash + 42 (Assertions.cpp:342) 1 com.apple.JavaScriptCore 0x000000010fecfbfc JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 124 (Interpreter.cpp:903) 2 com.apple.JavaScriptCore 0x000000010fc4540e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 (CallData.cpp:39) 3 com.apple.WebCore 0x0000000111accd8b WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 91 (JSMainThreadExecState.h:53) 4 com.apple.WebCore 0x0000000111d2fa16 WebCore::JSMutationCallback::call(WTF::Vector<WTF::RefPtr<WebCore::MutationRecord>, 0ul, WTF::CrashOnOverflow> const&, WebCore::MutationObserver*) + 694 (JSMutationCallback.cpp:90) 5 com.apple.WebCore 0x00000001120f0ec2 WebCore::MutationObserver::deliver() + 514 (MutationObserver.cpp:207) 6 com.apple.WebCore 0x00000001120f1152 WebCore::MutationObserver::deliverAllMutations() + 594 (MutationObserver.cpp:237) 7 com.apple.WebCore 0x0000000111d07b6e WebCore::JSMainThreadExecState::didLeaveScriptContext() + 14 (JSMainThreadExecState.cpp:47) 8 com.apple.WebCore 0x0000000111acceef WebCore::JSMainThreadExecState::~JSMainThreadExecState() + 159 (JSMainThreadExecState.h:82) 9 com.apple.WebCore 0x0000000111acce45 WebCore::JSMainThreadExecState::~JSMainThreadExecState() + 21 (JSMainThreadExecState.h:82) 10 com.apple.WebCore 0x0000000111accd9f WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 111 (JSMainThreadExecState.h:54) 11 com.apple.WebCore 0x0000000111c0463f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1199 (JSEventListener.cpp:132) 12 com.apple.WebCore 0x000000011157e682 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 498 (EventTarget.cpp:278)
Attachments
Simplified test case
(490 bytes, text/html)
2013-09-26 14:33 PDT
,
Jer Noble
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Jer Noble
Comment 1
2013-09-26 14:33:40 PDT
Created
attachment 212748
[details]
Simplified test case
Jer Noble
Comment 2
2013-09-26 14:35:00 PDT
In a debug build, clicking on the "mutate" button in the test case will cause an ASSERTion crash.
Radar WebKit Bug Importer
Comment 3
2013-09-26 18:46:07 PDT
<
rdar://problem/15094333
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug