RESOLVED DUPLICATE of bug 16266 16288
REGRESSION: Crash in KJS::Interpreter::createObjectsForGlobalObjectProperties() 
https://bugs.webkit.org/show_bug.cgi?id=16288
Summary REGRESSION: Crash in KJS::Interpreter::createObjectsForGlobalObjectProperties()
David Kilzer (:ddkilzer)
Reported 2007-12-04 06:40:32 PST
* SUMMARY Reloading <http://www.news.com/?tag=hdrgif> a few times to test the fix for Bug 16220, I saw a different crash in KJS::Interpreter::createObjectsForGlobalObjectProperties(). * STEPS TO REPRODUCE 1. Apply the patch for Bug 16220 and recompile WebKit. 2. Launch WebKit/Safari. 3. Go to URL: http://www.news.com/?tag=hdrgif 4. Hit "Reload" until it crashes. * RESULTS Safari/WebKit crash in KJS::Interpreter::createObjectsForGlobalObjectProperties(). * REGRESSION This is a regression from shipping Safari 3.0.4 (523.12) on Mac OS X 10.4.11 (8S165). * NOTES Crash log: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000044 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x005b668c KJS::Interpreter::createObjectsForGlobalObjectProperties() + 2988 (interpreter.cpp:241) 1 com.apple.JavaScriptCore 0x005b6d08 KJS::Interpreter::init() + 276 (interpreter.cpp:115) 2 com.apple.JavaScriptCore 0x005b74c4 KJS::Interpreter::Interpreter[not-in-charge]() + 104 (interpreter.cpp:90) 3 com.apple.WebCore 0x01501510 KJS::ScriptInterpreter::ScriptInterpreter[in-charge](KJS::JSGlobalObject*, WebCore::Frame*) + 44 (kjs_binding.cpp:144) 4 com.apple.WebCore 0x0150969c WebCore::KJSProxy::initScript() + 224 (kjs_proxy.cpp:157) 5 com.apple.WebCore 0x017e5a28 WebCore::KJSProxy::initScriptIfNeeded() + 56 (kjs_proxy.h:74) 6 com.apple.WebCore 0x01509aa4 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 52 (kjs_proxy.cpp:74) 7 com.apple.WebCore 0x011a8a08 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 128 (FrameLoader.cpp:759) 8 com.apple.WebCore 0x01228790 WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 388 (HTMLTokenizer.cpp:520) 9 com.apple.WebCore 0x0122a334 WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1664 (HTMLTokenizer.cpp:470) 10 com.apple.WebCore 0x0122a994 WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 1208 (HTMLTokenizer.cpp:319) 11 com.apple.WebCore 0x0122cf90 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7936 (HTMLTokenizer.cpp:1229) 12 com.apple.WebCore 0x0122d8f4 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1504 (HTMLTokenizer.cpp:1445) 13 com.apple.WebCore 0x0119b038 WebCore::FrameLoader::write(char const*, int, bool) + 1288 (FrameLoader.cpp:989) 14 com.apple.WebCore 0x0119b1a4 WebCore::FrameLoader::addData(char const*, int) + 320 (FrameLoader.cpp:1738) 15 com.apple.WebCore 0x014bf064 -[WebCoreFrameBridge addData:] + 232 (WebCoreFrameBridge.mm:297) 16 com.apple.WebCore 0x014c654c -[WebCoreFrameBridge receivedData:textEncodingName:] + 316 (WebCoreFrameBridge.mm:1300) 17 com.apple.WebKit 0x00353b80 -[WebHTMLRepresentation receivedData:withDataSource:] + 296 18 com.apple.WebKit 0x00332274 -[WebDataSource(WebInternal) _receivedData:] + 116 19 com.apple.WebKit 0x0034984c WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 184 (WebFrameLoaderClient.mm:747) 20 com.apple.WebCore 0x011940c4 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 92 (FrameLoader.cpp:3248) 21 com.apple.WebCore 0x0114ce60 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:351) 22 com.apple.WebCore 0x0114d0c8 WebCore::DocumentLoader::receivedData(char const*, int) + 104 (DocumentLoader.cpp:364) 23 com.apple.WebCore 0x01192d7c WebCore::FrameLoader::receivedData(char const*, int) + 60 (FrameLoader.cpp:2184) 24 com.apple.WebCore 0x0133e290 WebCore::MainResourceLoader::addData(char const*, int, bool) + 92 (MainResourceLoader.cpp:138) 25 com.apple.WebCore 0x01455a3c WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 104 (ResourceLoader.cpp:229) 26 com.apple.WebCore 0x0133e4d8 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 288 (MainResourceLoader.cpp:293) 27 com.apple.WebCore 0x0145538c WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 108 (ResourceLoader.cpp:357) 28 com.apple.WebCore 0x01452c0c -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 300 (ResourceHandleMac.mm:435) 29 com.apple.Foundation 0x92c18574 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 30 com.apple.Foundation 0x92c16a14 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488 31 com.apple.Foundation 0x92c167b0 _sendCallbacks + 156 32 com.apple.CoreFoundation 0x907de42c __CFRunLoopDoSources0 + 384 33 com.apple.CoreFoundation 0x907dd95c __CFRunLoopRun + 452 34 com.apple.CoreFoundation 0x907dd3dc CFRunLoopRunSpecific + 268 35 com.apple.HIToolbox 0x9329eb20 RunCurrentEventLoopInMode + 264 36 com.apple.HIToolbox 0x9329e1b4 ReceiveNextEventCommon + 380 37 com.apple.HIToolbox 0x9329e020 BlockUntilNextEventMatchingListInMode + 96 38 com.apple.AppKit 0x937a4bc4 _DPSNextEvent + 384 39 com.apple.AppKit 0x937a4888 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 40 com.apple.Safari 0x000095e0 0x1000 + 34272 41 com.apple.AppKit 0x937a0dcc -[NSApplication run] + 472 42 com.apple.AppKit 0x93891974 NSApplicationMain + 452 43 com.apple.Safari 0x0009bad4 0x1000 + 633556 44 com.apple.Safari 0x000022fc 0x1000 + 4860
Attachments
Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2007-12-04 06:42:34 PST
*** This bug has been marked as a duplicate of 16266 ***
Note You need to log in before you can comment on or make changes to this bug.