WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
19106
SquirrelFish: Activation is not marked correctly
https://bugs.webkit.org/show_bug.cgi?id=19106
Summary
SquirrelFish: Activation is not marked correctly
Oliver Hunt
Reported
2008-05-16 20:15:42 PDT
Attempting to inspect tvtv.de resulted in this assertion: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x02a63224 in WebCore::JSInspectedObjectWrapper::prepareIncomingValue (this=0x1afb9f80, value=0xb598a0) at /Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/JSInspectedObjectWrapper.cpp:97 97 ASSERT_WITH_MESSAGE(wrapper->inherits(&JSInspectorCallbackWrapper::s_info), "A wrapper that was not from the inspected page and is not an Inspector callback was passed to a JSInspectedObjectWrapper"); (gdb) where #0 0x02a63224 in WebCore::JSInspectedObjectWrapper::prepareIncomingValue (this=0x1afb9f80, value=0xb598a0) at /Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/JSInspectedObjectWrapper.cpp:97 #1 0x02a67681 in WebCore::JSQuarantinedObjectWrapper::callAsFunction (this=0x1afb9f80, exec=0xbfff98a4, thisObj=0xb598a0, args=@0xbfff8b28) at /Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/JSQuarantinedObjectWrapper.cpp:252 #2 0x004ef4de in KJS::Machine::privateExecute (this=0x540960, flag=KJS::Machine::Normal, exec=0xbfff98a4, registerFile=0x1abb7ce0, r=0x4c6f5b0, scopeChain=0x1a324ba0, codeBlock=0x1ab66660, exception=0xbfff995c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1792 #3 0x004f0e65 in KJS::Machine::execute (this=0x540960, functionBodyNode=0x1ab83640, exec=0xbfffa8b4, function=0x1a814240, thisObj=0xb598a0, args=@0xbfff99e0, registerFileStack=0x1ab5eb38, scopeChain=0x1a324ba0, exception=0xbfff995c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:664 #4 0x0044a7ad in KJS::FunctionImp::callAsFunction (this=0x1a814240, exec=0xbfffa8b4, thisObj=0xb598a0, args=@0xbfff99e0) at function.cpp:95 #5 0x00462faf in KJS::JSObject::call (this=0x1a814240, exec=0xbfffa8b4, thisObj=0xb598a0, args=@0xbfff99e0) at object.cpp:99 #6 0x00464f96 in functionProtoFuncCall (exec=0xbfffa8b4, thisObj=0x1a814240, args=@0xbfff9b38) at function_object.cpp:125 #7 0x0043e872 in KJS::PrototypeFunction::callAsFunction (this=0x1a8132c0, exec=0xbfffa8b4, thisObj=0x1a814240, args=@0xbfff9b38) at function.cpp:747 #8 0x004ef4de in KJS::Machine::privateExecute (this=0x540960, flag=KJS::Machine::Normal, exec=0xbfffa8b4, registerFile=0x1abb7ce0, r=0x4c6f3e0, scopeChain=0x1a324ba0, codeBlock=0x1ab7ca00, exception=0xbfffa96c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1792 #9 0x004f0e65 in KJS::Machine::execute (this=0x540960, functionBodyNode=0x1ad21560, exec=0xbfffb8c4, function=0x1a81a7c0, thisObj=0xb216a0, args=@0xbfffaa00, registerFileStack=0x1ab5eb38, scopeChain=0x1a324ba0, exception=0xbfffa96c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:664
Attachments
Patch to fix marking in an activation
(674 bytes, patch)
2008-05-16 21:51 PDT
,
Oliver Hunt
oliver
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Oliver Hunt
Comment 1
2008-05-16 20:16:42 PDT
(not a merge blocker, i curse autocomplete :D )
Oliver Hunt
Comment 2
2008-05-16 21:48:48 PDT
This actually broke many exciting things however it's a marking issue in JSActivationObject
Oliver Hunt
Comment 3
2008-05-16 21:51:17 PDT
Created
attachment 21208
[details]
Patch to fix marking in an activation (This has been reviewed by maciej)
Oliver Hunt
Comment 4
2008-05-17 00:23:56 PDT
M JavaScriptCore/ChangeLog M JavaScriptCore/kjs/JSActivation.cpp M LayoutTests/ChangeLog A LayoutTests/fast/js/duplicate-param-gc-crash.html A LayoutTests/fast/js/resources/duplicate-param-gc-crash.js A LayoutTests/fast/js/resources/var-shadows-arg-gc-crash.js A LayoutTests/fast/js/var-shadows-arg-gc-crash.html Committed
r33550
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug