RESOLVED FIXED 135352
ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() 
https://bugs.webkit.org/show_bug.cgi?id=135352
Summary ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
Mark Hahnenberg
Reported 2014-07-28 14:17:16 PDT
ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() /Volumes/Data/Development/OSX/webkit/OpenSource/Source/JavaScriptCore/heap/MarkedAllocator.cpp(164) : void *JSC::MarkedAllocator::allocateSlowCase(size_t) 1 0x10fa6b5c0 WTFCrash 2 0x10f83cfe5 JSC::MarkedAllocator::allocateSlowCase(unsigned long) 3 0x10f2406a1 JSC::MarkedAllocator::allocate(unsigned long) 4 0x10f252c19 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long) 5 0x10f252be6 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long) 6 0x10f976a67 void* JSC::allocateCell<JSC::PropertyTable>(JSC::Heap&, unsigned long) 7 0x10f97623f void* JSC::allocateCell<JSC::PropertyTable>(JSC::Heap&) 8 0x10f975723 JSC::PropertyTable::clone(JSC::VM&, JSC::PropertyTable const&) 9 0x10f9e43c2 JSC::PropertyTable::copy(JSC::VM&, unsigned int) 10 0x10f9df720 JSC::Structure::materializePropertyMap(JSC::VM&) 11 0x10f2444c3 JSC::Structure::materializePropertyMapIfNecessary(JSC::VM&, JSC::PropertyTable*&) 12 0x10f241fc3 JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&, JSC::JSCell*&) 13 0x10f245aee JSC::JSObject::inlineGetOwnPropertySlot(JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&) 14 0x10f23e58a JSC::JSObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 15 0x10f723749 bool JSC::getStaticFunctionSlot<JSC::JSSegmentedVariableObject>(JSC::ExecState*, JSC::HashTable const&, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) 16 0x10f70fbec JSC::JSGlobalObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 17 0x112fcbc9c WebCore::JSDOMWindow::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 18 0x1124c1de7 JSC::JSObject::fastGetOwnPropertySlot(JSC::ExecState*, JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&) 19 0x1124c1bc6 JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 20 0x1124c0e48 JSC::JSObject::get(JSC::ExecState*, JSC::PropertyName) const 21 0x113734350 WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected() ensureReplacementScriptInjected should be taking a JSLock like its sibling methods do (e.g. installReplacement).
Attachments
Patch (1.57 KB, patch)
2014-07-28 14:20 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2014-07-28 14:17:42 PDT
<rdar://problem/17833422>
Mark Hahnenberg
Comment 2 2014-07-28 14:20:23 PDT
Created attachment 235616 [details] Patch
WebKit Commit Bot
Comment 3 2014-07-28 15:19:28 PDT
Comment on attachment 235616 [details] Patch Clearing flags on attachment: 235616 Committed r171703: <http://trac.webkit.org/changeset/171703>
WebKit Commit Bot
Comment 4 2014-07-28 15:19:33 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.