RESOLVED FIXED 134849
Web Inspector: Crash when using a stale InspectableNode Node
https://bugs.webkit.org/show_bug.cgi?id=134849
Summary Web Inspector: Crash when using a stale InspectableNode Node
Joseph Pecoraro
Reported 2014-07-11 16:57:45 PDT
InspectableNode has a weak pointer to a Node. It should have a RefPtr to prevent it from getting stale out from under it. Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x000000003394e57b Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff83201b94 WebCore::InspectorDOMAgent::nodeAsScriptValue(JSC::ExecState*, WebCore::Node*) + 132 1 com.apple.WebCore 0x00007fff8362dc18 WebCore::InspectableNode::get(JSC::ExecState*) + 24 2 com.apple.WebCore 0x00007fff832a0414 WebCore::JSCommandLineAPIHost::inspectedObject(JSC::ExecState*) + 164 3 ??? 0x0000228e27e01034 0 + 37993949696052 4 com.apple.JavaScriptCore 0x00007fff8d22b4ae llint_entry + 22744 5 com.apple.JavaScriptCore 0x00007fff8d22b678 llint_entry + 23202 6 com.apple.JavaScriptCore 0x00007fff8d2259b1 callToJavaScript + 311 ... * STEPS TO REPRODUCE 1. Inspect attached [crash-reduction.html] 2. Show DOM Tree 3. Expand <body> 4. Select the <h1> (it will be deleted in a second) 5. Trigger a garbage collection 6. js> $1 => CRASH <rdar://problem/14540951>
Attachments
[PATCH] Proposed Fix (1.28 KB, patch)
2014-07-11 16:59 PDT, Joseph Pecoraro
no flags
Joseph Pecoraro
Comment 1 2014-07-11 16:59:15 PDT
Created attachment 234792 [details] [PATCH] Proposed Fix If needed I could probably create a test for this.
WebKit Commit Bot
Comment 2 2014-07-11 18:49:34 PDT
Comment on attachment 234792 [details] [PATCH] Proposed Fix Clearing flags on attachment: 234792 Committed r171018: <http://trac.webkit.org/changeset/171018>
WebKit Commit Bot
Comment 3 2014-07-11 18:49:36 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.