Bug 13301 - ASSERT or null value when trying to use a getter defined on a window object
Summary: ASSERT or null value when trying to use a getter defined on a window object
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh OS X 10.4
: P1 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2007-04-07 05:32 PDT by mitz
Modified: 2007-05-15 02:54 PDT (History)
1 user (show)

See Also:


Attachments
Test case (will assert) (102 bytes, text/html)
2007-04-07 05:34 PDT, mitz
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2007-04-07 05:32:54 PDT
The attached test case defines a getter on the window object (not its prototype) then tries to invoke it and hits the assertion in GetterSetterImp::toString. In a release build, the return value is "null" instead of the expected value "bar" (Firefox display "barbaz" in the alert).
Comment 1 mitz 2007-04-07 05:34:10 PDT
Created attachment 13986 [details]
Test case (will assert)
Comment 2 mitz 2007-04-25 00:25:11 PDT
10:10am <othermaciej> mitzpettel: assert should presumptively be a P1, if it is catching a real problem
Comment 3 Eric Seidel (no email) 2007-05-04 01:21:55 PDT
So this is the backtrace:

It seems that a GetterSetterImp is being passed around as a JSValue for some reason.  Or maybe the JSValue pointer is simply stale.  Still looking.

#0	0x9003ddac in kill
#1	0x9010ffdf in raise
#2	0x9010eb32 in abort
#3	0x00548a97 in __eprintf at object.cpp:379
#4	0x0050cd72 in KJS::GetterSetterImp::toPrimitive at internal.cpp:140
#5	0x0055d9fa in KJS::JSValue::toPrimitive at value.h:362
#6	0x00524fed in KJS::add at operations.cpp:224
#7	0x00542fe4 in KJS::AddNode::evaluate at nodes.cpp:1212
#8	0x005443f6 in KJS::ArgumentListNode::evaluateList at nodes.cpp:581
#9	0x0056f3ca in KJS::ArgumentsNode::evaluateList at nodes.h:361
#10	0x00544db2 in KJS::FunctionCallResolveNode::evaluate at nodes.cpp:681
#11	0x00541f0f in KJS::ExprStatementNode::execute at nodes.cpp:1723
#12	0x0053f1f2 in KJS::SourceElementsNode::execute at nodes.cpp:2528
#13	0x00517f1c in KJS::BlockNode::execute at nodes.cpp:1699
#14	0x0053c37f in KJS::Interpreter::evaluate at interpreter.cpp:365
#15	0x01248bab in WebCore::KJSProxy::evaluate at kjs_proxy.cpp:78
#16	0x01387ae9 in WebCore::FrameLoader::executeScript at FrameLoader.cpp:712
#17	0x0101e62a in WebCore::HTMLTokenizer::scriptExecution at HTMLTokenizer.cpp:511
#18	0x01020de5 in WebCore::HTMLTokenizer::scriptHandler at HTMLTokenizer.cpp:461
#19	0x010212de in WebCore::HTMLTokenizer::parseSpecial at HTMLTokenizer.cpp:310
#20	0x01022c90 in WebCore::HTMLTokenizer::parseTag at HTMLTokenizer.cpp:1185
#21	0x01023447 in WebCore::HTMLTokenizer::write at HTMLTokenizer.cpp:1398
#22	0x0137c5ab in WebCore::FrameLoader::write at FrameLoader.cpp:927
#23	0x013871bb in WebCore::FrameLoader::endIfNotLoading at FrameLoader.cpp:963
#24	0x01387211 in WebCore::FrameLoader::end at FrameLoader.cpp:948
#25	0x0138a182 in WebCore::DocumentLoader::finishedLoading at DocumentLoader.cpp:315
#26	0x01381b7c in WebCore::FrameLoader::finishedLoading at FrameLoader.cpp:2571
#27	0x0138bf29 in WebCore::MainResourceLoader::didFinishLoading at MainResourceLoader.cpp:300
#28	0x0138d756 in WebCore::ResourceLoader::didFinishLoading at ResourceLoader.cpp:335
#29	0x0136c569 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] at ResourceHandleMac.mm:369
#30	0x92854d74 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback]
#31	0x92852e19 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks]
#32	0x92852ab5 in _sendCallbacks
#33	0x9082bf92 in CFRunLoopRunSpecific
#34	0x9082bace in CFRunLoopRunInMode
#35	0x92ddc8d8 in RunCurrentEventLoopInMode
#36	0x92ddbfe2 in ReceiveNextEventCommon
#37	0x92ddbe39 in BlockUntilNextEventMatchingListInMode
#38	0x93282465 in _DPSNextEvent
#39	0x93282056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
#40	0x00006f96 in ??
#41	0x9327bddb in -[NSApplication run]
#42	0x9326fd2f in NSApplicationMain
#43	0x0005f7de in ??
#44	0x0005f6f9 in ??
Comment 4 Eric Seidel (no email) 2007-05-04 01:24:39 PDT
Even simpler test:

<script>
    __defineGetter__("foo", function() { return "bar"; });
    alert(foo);
</script>
Comment 5 Darin Adler 2007-05-04 22:17:54 PDT
<rdar://problem/5183685>
Comment 6 Anders Carlsson 2007-05-15 02:54:12 PDT
Committed revision 21481.