WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
140579
Crash in JSScope::resolve() on tools.ups.com
https://bugs.webkit.org/show_bug.cgi?id=140579
Summary
Crash in JSScope::resolve() on tools.ups.com
Michael Saboff
Reported
2015-01-16 17:09:17 PST
Go to
https://tools.usps.com/go/POLocatorAction.action
and wait a few seconds and WebKit will crash similar to: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff986419c0 JSC::JSScope::resolve(JSC::ExecState*, JSC::JSScope*, JSC::Identifier const&) + 32 1 ??? 0x00002b82e56548d6 0 + 47841194363094 2 ??? 0x00002b82e565a9b2 0 + 47841194387890 3 com.apple.JavaScriptCore 0x00007fff986783fe llint_entry + 22198 4 com.apple.JavaScriptCore 0x00007fff986783fe llint_entry + 22198 5 com.apple.JavaScriptCore 0x00007fff986783fe llint_entry + 22198 6 ??? 0x00002b82e56596d6 0 + 47841194383062 7 ??? 0x00002b82e5601a20 0 + 47841194023456 8 com.apple.JavaScriptCore 0x00007fff986783fe llint_entry + 22198 9 ??? 0x00002b82e56596d6 0 + 47841194383062 10 ??? 0x00002b82e5601a20 0 + 47841194023456 11 ??? 0x00002b82e5656d68 0 + 47841194372456 12 ??? 0x00002b82e5601a20 0 + 47841194023456 13 com.apple.JavaScriptCore 0x00007fff986783fe llint_entry + 22198 14 com.apple.JavaScriptCore 0x00007fff98678633 llint_entry + 22763 15 com.apple.JavaScriptCore 0x00007fff98678506 llint_entry + 22462 16 com.apple.JavaScriptCore 0x00007fff986783fe llint_entry + 22198 17 ??? 0x00002b82e56019fa 0 + 47841194023418 18 com.apple.JavaScriptCore 0x00007fff98678633 llint_entry + 22763 19 com.apple.JavaScriptCore 0x00007fff98678571 llint_entry + 22569 20 com.apple.JavaScriptCore 0x00007fff98672b38 vmEntryToJavaScript + 326 21 com.apple.JavaScriptCore 0x00007fff985e4e29 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 169 22 com.apple.JavaScriptCore 0x00007fff9821cd71 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 9105 23 com.apple.JavaScriptCore 0x00007fff9821a8e4 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 484 24 com.apple.WebCore 0x00007fff994186f9 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 313 25 com.apple.WebCore 0x00007fff98871719 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41 26 com.apple.WebCore 0x00007fff9887162a WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 298 27 com.apple.WebCore 0x00007fff98870b52 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 946 28 com.apple.WebCore 0x00007fff9886fc15 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 357 29 com.apple.WebCore 0x00007fff9886fa40 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48 30 com.apple.WebCore 0x00007fff9886f994 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84 31 com.apple.WebCore 0x00007fff987da6cd WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 93 32 com.apple.WebCore 0x00007fff987d97ee WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 478 33 com.apple.WebCore 0x00007fff988f87b3 WebCore::HTMLDocumentParser::resumeParsingAfterYield() + 19 34 com.apple.WebCore 0x00007fff987b7dbd WebCore::ThreadTimers::sharedTimerFiredInternal() + 157 35 com.apple.WebCore 0x00007fff987b7ce4 WebCore::timerFired(__CFRunLoopTimer*, void*) + 20 36 com.apple.CoreFoundation 0x00007fff92ea8a34 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 37 com.apple.CoreFoundation 0x00007fff92ea86c3 __CFRunLoopDoTimer + 1059 38 com.apple.CoreFoundation 0x00007fff92f1bc8d __CFRunLoopDoTimers + 301 39 com.apple.CoreFoundation 0x00007fff92e65158 __CFRunLoopRun + 2024 40 com.apple.CoreFoundation 0x00007fff92e64728 CFRunLoopRunSpecific + 296 41 com.apple.HIToolbox 0x00007fff9b46cddf RunCurrentEventLoopInMode + 235 42 com.apple.HIToolbox 0x00007fff9b46cb5a ReceiveNextEventCommon + 431 43 com.apple.HIToolbox 0x00007fff9b46c99b _BlockUntilNextEventMatchingListInModeWithFilter + 71 44 com.apple.AppKit 0x00007fff8d4826bd _DPSNextEvent + 964 45 com.apple.AppKit 0x00007fff8d481cc0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 194 46 com.apple.AppKit 0x00007fff8d4779c3 -[NSApplication run] + 594 47 com.apple.AppKit 0x00007fff8d3f24c4 NSApplicationMain + 1832 48 libxpc.dylib 0x00007fff9bd7e958 _xpc_objc_main + 793 49 libxpc.dylib 0x00007fff9bd80060 xpc_main + 490 50 com.apple.WebKit.WebContent 0x10d423b30 main + 16 (/SourceCache/WebKit2/WebKit2-7601.1.12/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:80) 51 libdyld.dylib 0x00007fff8f2065c9 start + 1
Attachments
Patch
(4.54 KB, patch)
2015-01-16 22:29 PST
,
Michael Saboff
ggaren
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Michael Saboff
Comment 1
2015-01-16 22:29:40 PST
Created
attachment 244837
[details]
Patch
Geoffrey Garen
Comment 2
2015-01-17 13:50:33 PST
Comment on
attachment 244837
[details]
Patch r=me
Michael Saboff
Comment 3
2015-01-17 16:20:44 PST
Committed
r178629
: <
http://trac.webkit.org/changeset/178629
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug