129227 – REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com

Bug 129227 - REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com

Summary: REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::report...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P1 Normal
Assignee:	mitz

URL:	http://twitter.com
Keywords:	InRadar, Regression

Duplicates (1):	129221 (view as bug list)
Depends on:
Blocks:

Reported:	2014-02-22 21:04 PST by mitz
Modified:	2014-02-27 12:41 PST (History)
CC List:	8 users (show)

See Also:

Attachments
Revert r164507 (60.63 KB, patch) 2014-02-22 21:07 PST, mitz	eric.carlson: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2014-02-22 21:04:32 PST

<rdar://problem/16142324>

Navigating to the URL causes the Web Content process to crash with a backtrace like this:

0   com.apple.JavaScriptCore      	0x00000001064d75ce WTFCrash + 62
1   com.apple.JavaScriptCore      	0x0000000106195fae JSC::ErrorHandlingScope::ErrorHandlingScope(JSC::VM&) + 62
2   com.apple.JavaScriptCore      	0x000000010639d5c6 Inspector::JSGlobalObjectInspectorController::reportAPIException(JSC::ExecState*, JSC::JSValue) + 70
3   com.apple.JavaScriptCore      	0x000000010636eb6b JSValueToObject + 331
4   com.apple.Safari.framework    	0x00007fff9264aa21 controlObject(objc_object*, double, NSString*) + 207

This was caused by <http://trac.webkit.org/r164507>, the fix for bug 128776.

Comment 1 mitz 2014-02-22 21:07:09 PST

Created attachment 224992 [details]
Revert r164507

Comment 2 mitz 2014-02-22 21:39:03 PST

Committed <http://trac.webkit.org/r164554>.

Comment 3 Philippe Wittenbergh 2014-02-22 21:59:34 PST

Is bug 129221 the same issue ?

Comment 4 mitz 2014-02-22 22:10:52 PST

(In reply to comment #3)
> Is bug 129221 the same issue ?

Yes. Sorry I didn’t see that one!

Comment 5 Philippe Wittenbergh 2014-02-22 22:18:58 PST

*** Bug 129221 has been marked as a duplicate of this bug. ***

Comment 6 Joseph Pecoraro 2014-02-23 10:53:33 PST

I see. I kept the ErrorHandlingScope from the original code, but I guess I'm not exactly why it is needed. Thanks for rolling out.

Comment 7 Joseph Pecoraro 2014-02-23 10:54:00 PST

Correction: I'm not exactly sure* why it is needed.

Comment 8 Joseph Pecoraro 2014-02-27 12:41:17 PST

The original patch landed again in <http://trac.webkit.org/changeset/164824>. I could not reproduce the problem after the recent JSC fixes for this. I was unable to reproduce the same reportAPIException calls you guys saw, but I did produce a different one and we handled that fine. Please let me know if you are seeing crashes again after r 164824!