WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
VERIFIED FIXED
17251
REGRESSION: Crash in WebCore::Document constructor on Windows (Acid 3)
https://bugs.webkit.org/show_bug.cgi?id=17251
Summary
REGRESSION: Crash in WebCore::Document constructor on Windows (Acid 3)
Robert Blaut
Reported
2008-02-09 00:59:06 PST
Error c0000005 during loading
http://apple.com
Steps to reproduce: 1) Download and install Safari31A2. 2) Download and run Webkit
r30080
3) Go to a page:
http://apple.com
Expected result: The page should be loaded without problem. Current result: The page crashes latest Webkit. I haven't notice any crash using stock Safari 31A2. I attach user.dmp.
Attachments
user.dmp
(33.73 KB, application/octet-stream)
2008-02-09 01:04 PST
,
Robert Blaut
no flags
Details
user.dmp for crash on acid3.acidtests.org
(32.60 KB, application/octet-stream)
2008-02-09 01:13 PST
,
Robert Blaut
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Robert Blaut
Comment 1
2008-02-09 01:04:33 PST
Created
attachment 19013
[details]
user.dmp
Robert Blaut
Comment 2
2008-02-09 01:13:37 PST
Created
attachment 19014
[details]
user.dmp for crash on acid3.acidtests.org I've noticed also crash on
http://acid3.acidtests.org
. The crash in my opinion is caused by the same, unknown for me, reason.
Matt Lilek
Comment 3
2008-02-09 14:12:27 PST
Confirmed with
r30080
nightly.
> WebKit.dll!WebCore::Document::Document(WebCore::DOMImplementation * impl=0x7fe9c858, WebCore::Frame * frame=0x00000000, bool isXHTML=false) Line 331 + 0x24 bytes C++
WebKit.dll!WebCore::XMLHttpRequest::getResponseXML() Line 174 + 0x2a bytes C++ WebKit.dll!KJS::JSXMLHttpRequest::getValueProperty(KJS::ExecState * exec=0x00000000, int token=0) Line 110 + 0x1b bytes C++ WebKit.dll!KJS::staticValueGetter<KJS::JSXMLHttpRequest>(KJS::ExecState * exec=0x0012f3fc, KJS::JSObject * __formal=0x03f57a20, KJS::JSObject * __formal=0x03f57a20, const KJS::PropertySlot & slot={...}) Line 149 + 0xd bytes C++ WebKit.dll!KJS::JSObject::get(KJS::ExecState * exec=0x00000000, const KJS::Identifier & propertyName={...}) Line 164 + 0xa bytes C++ WebKit.dll!KJS::DotAccessorNode::evaluate(KJS::ExecState * exec=0x0012f3fc) Line 823 + 0x15 bytes C++ WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f3fc) Line 3283 C++ WebKit.dll!KJS::ConstStatementNode::execute(KJS::ExecState * exec=0x0012f3fc) Line 3746 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f3fc) Line 3707 + 0xc bytes C++ WebKit.dll!KJS::IfNode::execute(KJS::ExecState * exec=0x0012f3fc) Line 3766 + 0xb bytes C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000003) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f5c4, KJS::JSObject * thisObj=0x03f53f40, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x03f53f40, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::functionProtoFuncApply(KJS::ExecState * exec=, KJS::JSObject * thisObj=, const KJS::List & args=) Line 110 + 0x13 bytes C++ WebKit.dll!KJS::ActivationImp::argumentsGetter(KJS::ExecState * exec=0x0012f5c4, KJS::JSObject * __formal=0x7fca0a74, KJS::JSObject * __formal=0x7fca0a74, const KJS::PropertySlot & slot={...}) Line 373 C++ WebKit.dll!KJS::ResolveNode::evaluate(KJS::ExecState * exec=0x0012f5c4) Line 561 + 0xe bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x0421eda0, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012f5c4) Line 1230 + 0x13 bytes C++ WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f5c4) Line 3730 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000000) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f718, KJS::JSObject * thisObj=0x03f53f40, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x03f53f40, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::FunctionImp::construct(KJS::ExecState * exec=0x0012f718, const KJS::List & args={...}) Line 202 + 0xf bytes C++ WebKit.dll!KJS::NewExprNode::evaluate(KJS::ExecState * exec=0x0012f718) Line 916 + 0x55 bytes C++ WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f718) Line 3283 C++ WebKit.dll!KJS::CommaNode::evaluate(KJS::ExecState * exec=0x0012f718) Line 3534 + 0xa bytes C++ WebKit.dll!KJS::ConstStatementNode::execute(KJS::ExecState * exec=0x0012f718) Line 3746 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000003) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f84c, KJS::JSObject * thisObj=0x03f58760, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x03f58760, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012f84c) Line 1230 + 0x13 bytes C++ WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f84c) Line 3730 C++ WebKit.dll!KJS::IfNode::execute(KJS::ExecState * exec=0x0012f84c) Line 3766 + 0xb bytes C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000001) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012fa14, KJS::JSObject * thisObj=0x03f58760, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x03f58760, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::functionProtoFuncApply(KJS::ExecState * exec=, KJS::JSObject * thisObj=, const KJS::List & args=) Line 110 + 0x13 bytes C++ WebKit.dll!KJS::PrototypeFunction::callAsFunction(KJS::ExecState * exec=0x0012fa14, KJS::JSObject * thisObj=0x03f67400, const KJS::List & args={...}) Line 882 + 0x14 bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x03f67400, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012fa14) Line 1230 + 0x13 bytes C++ WebKit.dll!KJS::ReturnNode::execute(KJS::ExecState * exec=0x0012fa14) Line 4088 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000000) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x7fda5ea0, KJS::JSObject * thisObj=0x03f57a20, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x03f57a20, const KJS::List & args={...}) Line 99 C++ WebKit.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event * ele=, bool isWindowEvent=) Line 116 C++ pthreadVC2.dll!10002b8e() [Frames below may be incorrect and/or missing, no symbols loaded for pthreadVC2.dll] WebKit.dll!WTF::fastMalloc(unsigned int size=2139846232) Line 3095 + 0x1f bytes C++ WebKit.dll!WebCore::XMLHttpRequest::callReadyStateChangeListener() Line 301 C++ WebKit.dll!WebCore::XMLHttpRequest::didFinishLoading(WebCore::SubresourceLoader * loader=0x7f8ff680) Line 699 C++ WebKit.dll!WebCore::SubresourceLoader::didFinishLoading() Line 193 + 0xe bytes C++ WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x7fd32600) Line 373 C++ WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x03a0ce78, const void * clientInfo=0x7fd32600) Line 112 C++
Matt Lilek
Comment 4
2008-02-09 14:22:49 PST
(In reply to
comment #2
)
> Created an attachment (id=19014) [edit] > user.dmp for crash on acid3.acidtests.org > > I've noticed also crash on
http://acid3.acidtests.org
. The crash in my opinion > is caused by the same, unknown for me, reason. >
Indeed you're correct, though the stack trace for the crash is slightly different on Acid 3:
> WebKit.dll!WebCore::Document::Document(WebCore::DOMImplementation * impl=0x7fe9c858, WebCore::Frame * frame=0x00000000, bool isXHTML=false) Line 331 + 0x24 bytes C++
WebKit.dll!WebCore::DOMImplementation::createDocument(const WebCore::String & namespaceURI={...}, const WebCore::String & qualifiedName={...}, WebCore::DocumentType * doctype=0x00000000, int & ec=0) Line 284 + 0x19 bytes C++ WebKit.dll!WebCore::jsDOMImplementationPrototypeFunctionCreateDocument(KJS::ExecState * exec=0x0012f7e4, KJS::JSObject * thisObj=0x00000000, const KJS::List & args={...}) Line 210 + 0x1e bytes C++ WebKit.dll!KJS::PrototypeFunction::callAsFunction(KJS::ExecState * exec=0x0012f7e4, KJS::JSObject * thisObj=0x02ba5c80, const KJS::List & args={...}) Line 882 + 0x14 bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x02ba5c80, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012f7e4) Line 1230 + 0x13 bytes C++ WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f7e4) Line 3283 C++ WebKit.dll!KJS::ConstStatementNode::execute(KJS::ExecState * exec=0x0012f7e4) Line 3746 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000007) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f99c, KJS::JSObject * thisObj=0x02bafa00, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x02bafa00, const KJS::List & args={...}) Line 99 C++ WebKit.dll!KJS::FunctionCallBracketNode::evaluate(KJS::ExecState * exec=) Line 1176 + 0x13 bytes C++ WebKit.dll!WebCore::JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState * exec=0x00000000, const KJS::Identifier & propertyName={...}, KJS::PropertySlot & slot={...}) Line 65 + 0xa bytes C++ WebKit.dll!WebCore::JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState * exec=0x00000000, const KJS::Identifier & propertyName={...}, KJS::PropertySlot & slot={...}) Line 66 + 0x9 bytes C++ WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f99c) Line 3283 C++ WebKit.dll!KJS::ConstStatementNode::execute(KJS::ExecState * exec=0x0012f99c) Line 3746 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f99c) Line 3707 + 0xc bytes C++ WebKit.dll!KJS::TryNode::execute(KJS::ExecState * exec=0x0012f99c) Line 4301 C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f99c) Line 3707 + 0xc bytes C++ WebKit.dll!KJS::IfElseNode::execute(KJS::ExecState * exec=0x0012f99c) Line 3784 + 0x7 bytes C++ WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000) Line 3683 C++ WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000006) Line 4626 + 0x8 bytes C++ WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x7fda2ea0, KJS::JSObject * thisObj=0x02ba0000, const KJS::List & args={...}) Line 76 + 0xf bytes C++ WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x02ba0000, const KJS::List & args={...}) Line 99 C++ WebKit.dll!WebCore::ScheduledAction::execute(KJS::Window * window=) Line 76 C++ WebKit.dll!WTF::fastFree(void * ptr=0x02ba0000) Line 3109 + 0x87 bytes C++ WebKit.dll!KJS::Window::timerFired(KJS::DOMWindowTimer * timer=0x00000000) Line 1396 C++ WebKit.dll!KJS::DOMWindowTimer::fired() Line 1433 C++ WebKit.dll!WebCore::TimerBase::fireTimers(double fireTime=1202595316.0156250, const WTF::Vector<WebCore::TimerBase *,0> & firingTimers={...}) Line 349 C++ WebKit.dll!WebCore::TimerBase::sharedTimerFired() Line 367 + 0x11 bytes C++
Matt Lilek
Comment 5
2008-02-09 15:53:16 PST
Note that this does not crash in my local
r30109
debug build.
Matt Lilek
Comment 6
2008-02-09 15:57:46 PST
(In reply to
comment #5
)
> Note that this does not crash in my local
r30109
debug build. >
Nor does it crash the
r30110
nightly so this seems fixed.
Robert Blaut
Comment 7
2008-02-10 00:32:34 PST
Verified, indeed no crash :)
Adam Roben (:aroben)
Comment 8
2008-02-11 07:10:29 PST
This was fixed by
r30098
<
http://trac.webkit.org/projects/webkit/changeset/30098
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug