RESOLVED FIXED 149392
Regression(r190023): fast/dom/navigation-with-sideeffects-crash.html is crashing 
https://bugs.webkit.org/show_bug.cgi?id=149392
Summary Regression(r190023): fast/dom/navigation-with-sideeffects-crash.html is crashing
Chris Dumez
Reported 2015-09-20 14:59:24 PDT
fast/dom/navigation-with-sideeffects-crash.html is crashing after r190023: #0 0x1108df096 in WebCore::Location::setHref(WebCore::DOMWindow&, WebCore::DOMWindow&, WTF::String const&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x19e7096) #1 0x1101e0acb in WebCore::setJSDocumentLocation(JSC::ExecState*, JSC::JSObject*, long long, long long) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x12e8acb) #2 0x10e0b5ce7 in JSC::putEntry(JSC::ExecState*, JSC::HashTableValue const*, JSC::JSObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xa86ce7) #3 0x10d65401f in JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2501f) #4 0x10d8b5215 in llint_slow_path_put_by_id (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x286215)
Attachments
Patch (4.47 KB, patch)
2015-09-20 15:20 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-09-20 15:09:23 PDT
I know that is happening and I have a speculative patch. I just need to confirm it works before uploading it. The good news is that I can reproduce the crash locally.
Chris Dumez
Comment 2 2015-09-20 15:20:36 PDT
Created attachment 261616 [details] Patch
Chris Dumez
Comment 3 2015-09-20 16:24:40 PDT
Comment on attachment 261616 [details] Patch Clearing flags on attachment: 261616 Committed r190034: <http://trac.webkit.org/changeset/190034>
Chris Dumez
Comment 4 2015-09-20 16:24:45 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.