Bug 16288 - REGRESSION: Crash in KJS::Interpreter::createObjectsForGlobalObjectProperties()
Summary: REGRESSION: Crash in KJS::Interpreter::createObjectsForGlobalObjectProperties()
Status: RESOLVED DUPLICATE of bug 16266
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL: http://www.news.com/?tag=hdrgif
Keywords: Regression
Depends on:
Blocks:
 
Reported: 2007-12-04 06:40 PST by David Kilzer (:ddkilzer)
Modified: 2007-12-04 06:44 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2007-12-04 06:40:32 PST 
* SUMMARY
Reloading <http://www.news.com/?tag=hdrgif> a few times to test the fix for Bug 16220, I saw a different crash in KJS::Interpreter::createObjectsForGlobalObjectProperties().

* STEPS TO REPRODUCE
1. Apply the patch for Bug 16220 and recompile WebKit.
2. Launch WebKit/Safari.
3. Go to URL:  http://www.news.com/?tag=hdrgif
4. Hit "Reload" until it crashes.

* RESULTS
Safari/WebKit crash in KJS::Interpreter::createObjectsForGlobalObjectProperties().

* REGRESSION
This is a regression from shipping Safari 3.0.4 (523.12) on Mac OS X 10.4.11 (8S165).

* NOTES
Crash log:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000044

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x005b668c KJS::Interpreter::createObjectsForGlobalObjectProperties() + 2988 (interpreter.cpp:241)
1   com.apple.JavaScriptCore 	0x005b6d08 KJS::Interpreter::init() + 276 (interpreter.cpp:115)
2   com.apple.JavaScriptCore 	0x005b74c4 KJS::Interpreter::Interpreter[not-in-charge]() + 104 (interpreter.cpp:90)
3   com.apple.WebCore        	0x01501510 KJS::ScriptInterpreter::ScriptInterpreter[in-charge](KJS::JSGlobalObject*, WebCore::Frame*) + 44 (kjs_binding.cpp:144)
4   com.apple.WebCore        	0x0150969c WebCore::KJSProxy::initScript() + 224 (kjs_proxy.cpp:157)
5   com.apple.WebCore        	0x017e5a28 WebCore::KJSProxy::initScriptIfNeeded() + 56 (kjs_proxy.h:74)
6   com.apple.WebCore        	0x01509aa4 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 52 (kjs_proxy.cpp:74)
7   com.apple.WebCore        	0x011a8a08 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 128 (FrameLoader.cpp:759)
8   com.apple.WebCore        	0x01228790 WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 388 (HTMLTokenizer.cpp:520)
9   com.apple.WebCore        	0x0122a334 WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1664 (HTMLTokenizer.cpp:470)
10  com.apple.WebCore        	0x0122a994 WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 1208 (HTMLTokenizer.cpp:319)
11  com.apple.WebCore        	0x0122cf90 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7936 (HTMLTokenizer.cpp:1229)
12  com.apple.WebCore        	0x0122d8f4 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1504 (HTMLTokenizer.cpp:1445)
13  com.apple.WebCore        	0x0119b038 WebCore::FrameLoader::write(char const*, int, bool) + 1288 (FrameLoader.cpp:989)
14  com.apple.WebCore        	0x0119b1a4 WebCore::FrameLoader::addData(char const*, int) + 320 (FrameLoader.cpp:1738)
15  com.apple.WebCore        	0x014bf064 -[WebCoreFrameBridge addData:] + 232 (WebCoreFrameBridge.mm:297)
16  com.apple.WebCore        	0x014c654c -[WebCoreFrameBridge receivedData:textEncodingName:] + 316 (WebCoreFrameBridge.mm:1300)
17  com.apple.WebKit         	0x00353b80 -[WebHTMLRepresentation receivedData:withDataSource:] + 296
18  com.apple.WebKit         	0x00332274 -[WebDataSource(WebInternal) _receivedData:] + 116
19  com.apple.WebKit         	0x0034984c WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 184 (WebFrameLoaderClient.mm:747)
20  com.apple.WebCore        	0x011940c4 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 92 (FrameLoader.cpp:3248)
21  com.apple.WebCore        	0x0114ce60 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:351)
22  com.apple.WebCore        	0x0114d0c8 WebCore::DocumentLoader::receivedData(char const*, int) + 104 (DocumentLoader.cpp:364)
23  com.apple.WebCore        	0x01192d7c WebCore::FrameLoader::receivedData(char const*, int) + 60 (FrameLoader.cpp:2184)
24  com.apple.WebCore        	0x0133e290 WebCore::MainResourceLoader::addData(char const*, int, bool) + 92 (MainResourceLoader.cpp:138)
25  com.apple.WebCore        	0x01455a3c WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 104 (ResourceLoader.cpp:229)
26  com.apple.WebCore        	0x0133e4d8 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 288 (MainResourceLoader.cpp:293)
27  com.apple.WebCore        	0x0145538c WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 108 (ResourceLoader.cpp:357)
28  com.apple.WebCore        	0x01452c0c -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 300 (ResourceHandleMac.mm:435)
29  com.apple.Foundation     	0x92c18574 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
30  com.apple.Foundation     	0x92c16a14 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
31  com.apple.Foundation     	0x92c167b0 _sendCallbacks + 156
32  com.apple.CoreFoundation 	0x907de42c __CFRunLoopDoSources0 + 384
33  com.apple.CoreFoundation 	0x907dd95c __CFRunLoopRun + 452
34  com.apple.CoreFoundation 	0x907dd3dc CFRunLoopRunSpecific + 268
35  com.apple.HIToolbox      	0x9329eb20 RunCurrentEventLoopInMode + 264
36  com.apple.HIToolbox      	0x9329e1b4 ReceiveNextEventCommon + 380
37  com.apple.HIToolbox      	0x9329e020 BlockUntilNextEventMatchingListInMode + 96
38  com.apple.AppKit         	0x937a4bc4 _DPSNextEvent + 384
39  com.apple.AppKit         	0x937a4888 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
40  com.apple.Safari         	0x000095e0 0x1000 + 34272
41  com.apple.AppKit         	0x937a0dcc -[NSApplication run] + 472
42  com.apple.AppKit         	0x93891974 NSApplicationMain + 452
43  com.apple.Safari         	0x0009bad4 0x1000 + 633556
44  com.apple.Safari         	0x000022fc 0x1000 + 4860
Comment 1 Mark Rowe (bdash) 2007-12-04 06:42:34 PST 

*** This bug has been marked as a duplicate of 16266 ***