Bug 15211 - 25534 broke (at least) Webkit/Gtk
Summary: 25534 broke (at least) Webkit/Gtk
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 523.x (Safari 3)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2007-09-14 03:38 PDT by Sven Herzberg
Modified: 2007-09-14 08:51 PDT (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Sven Herzberg 2007-09-14 03:38:09 PDT
The changes lead to a crash in the GdkLauncher application. Will attach a stack trace.
Comment 1 Sven Herzberg 2007-09-14 03:44:17 PDT
GDB output:

0xb74fd659 in KJS::JSObject::getPropertySlot (this=0x0, exec=0xbfcce144, propertyName=@0x80f76c8, 
    slot=@0xbfccdef8) at ../../../JavaScriptCore/kjs/object.h:554
554             if (object->getOwnPropertySlot(exec, propertyName, slot))
(gdb) l
549     // since this is function very hot in variable lookup
550     inline bool JSObject::getPropertySlot(ExecState *exec, const Identifier& propertyName, PropertySlot& slot)
551     {
552         JSObject *object = this;
553         while (true) {
554             if (object->getOwnPropertySlot(exec, propertyName, slot))
555                 return true;
557             JSValue *proto = object->_proto;
558             if (!proto->isObject())
(gdb) p object
$1 = (class KJS::JSObject *) 0x0
Comment 2 Sven Herzberg 2007-09-14 03:48:05 PDT
Called from here:

(gdb) l ../../../JavaScriptCore/kjs/nodes.cpp:398
394       PropertySlot slot;
395       do { 
396         JSObject *o = *iter;
398         if (o->getPropertySlot(exec, ident, slot))
399           return slot.getValue(exec, o, ident);
401         ++iter;
402       } while (iter != end);

Stack Trace:

#0  0xb74c3659 in KJS::JSObject::getPropertySlot (this=0x0, exec=0xbf9b2624, propertyName=@0x8105278, 
    slot=@0xbf9b23d8) at ../../../JavaScriptCore/kjs/object.h:554
#1  0xb74bd082 in KJS::ResolveNode::evaluate (this=0x8105270, exec=0xbf9b2624)
    at ../../../JavaScriptCore/kjs/nodes.cpp:398
#2  0xb74c0edc in KJS::AssignDotNode::evaluate (this=0x81913a0, exec=0xbf9b2624)
    at ../../../JavaScriptCore/kjs/nodes.cpp:1481
#3  0xb74b9783 in KJS::ExprStatementNode::execute (this=0x81913c0, exec=0xbf9b2624)
    at ../../../JavaScriptCore/kjs/nodes.cpp:1764
#4  0xb74b63cd in KJS::SourceElementsNode::execute (this=0x81913d8, exec=0xbf9b2624)
    at ../../../JavaScriptCore/kjs/nodes.cpp:2563
#5  0xb74b47f6 in KJS::BlockNode::execute (this=0x8192f20, exec=0xbf9b2624)
    at ../../../JavaScriptCore/kjs/nodes.cpp:1740
#6  0xb74a902e in KJS::Interpreter::evaluate (this=0x818bc80, sourceURL=@0xbf9b270c, startingLineNumber=0, 
    code=0x818ba40, codeLength=118, thisV=0xb5460000) at ../../../JavaScriptCore/kjs/interpreter.cpp:369
#7  0xb751923f in WebCore::KJSProxy::evaluate (this=0x80dfa98, filename=@0xbf9b27c4, baseLine=0, 
    str=@0xbf9b27c0) at ../../../WebCore/bindings/js/kjs_proxy.cpp:85
#8  0xb771bb5c in WebCore::FrameLoader::executeScript (this=0x8089ed8, URL=@0xbf9b27c4, baseLine=0, 
    script=@0xbf9b27c0) at ../../../WebCore/loader/FrameLoader.cpp:749
#9  0xb76eaacd in WebCore::HTMLTokenizer::scriptExecution (this=0x80d7eb0, str=@0xbf9b28e8, state=
      {static EntityShift = 4, m_bits = 0}, scriptURL=@0xbf9b2918, baseLine=0)
    at ../../../WebCore/html/HTMLTokenizer.cpp:520
#10 0xb76ebac5 in WebCore::HTMLTokenizer::scriptHandler (this=0x80d7eb0, state=
      {static EntityShift = 4, m_bits = 0}) at ../../../WebCore/html/HTMLTokenizer.cpp:470
#11 0xb76ec13a in WebCore::HTMLTokenizer::parseSpecial (this=0x80d7eb0, src=@0x80d83b4, state=
      {static EntityShift = 4, m_bits = 128}) at ../../../WebCore/html/HTMLTokenizer.cpp:319
#12 0xb76ee0dd in WebCore::HTMLTokenizer::parseTag (this=0x80d7eb0, src=@0x80d83b4, state=
      {static EntityShift = 4, m_bits = 128}) at ../../../WebCore/html/HTMLTokenizer.cpp:1231
#13 0xb76eeb4b in WebCore::HTMLTokenizer::write (this=0x80d7eb0, str=@0xbf9b2c40, appendData=true)
    at ../../../WebCore/html/HTMLTokenizer.cpp:1449
#14 0xb77140b4 in WebCore::FrameLoader::write (this=0x8089ed8, 
    str=0x8176fa0 "<html><head><meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"><title>Google</title><style>body,td,a,p,.h{font-family:arial,sans-serif}.h{color:#3366cc}.q{color:#00c}.ts td{padding:0}."..., len=3466, flush=false) at ../../../WebCore/loader/FrameLoader.cpp:977
Comment 3 Mark Rowe (bdash) 2007-09-14 06:58:41 PDT
I cannot reproduce this at all in the Mac port.  If you can isolate what the JavaScript is doing to trigger the crash, it may make the cause more evident.
Comment 4 Sven Herzberg 2007-09-14 08:51:05 PDT
Somehow the problem disappeared.