Crash under WebCore::jsNotificationConstructorPermission: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000038 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [34936] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001041a0e6c WebCore::jsNotificationConstructorPermission(JSC::ExecState*, long long, JSC::PropertyName) + 108 1 com.apple.JavaScriptCore 0x00000001072922b2 llint_slow_path_get_by_id + 6386 2 com.apple.JavaScriptCore 0x0000000107445d24 llint_entry + 38139 3 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 4 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 5 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 6 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 7 com.apple.JavaScriptCore 0x00000001074542ff llint_entry + 96982 8 ??? 0x00003a5acd63fdb0 0 + 64161667349936 9 com.apple.JavaScriptCore 0x00000001074542ff llint_entry + 96982 10 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 11 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 12 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 13 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 14 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 15 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 16 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 17 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 18 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 19 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 20 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 21 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 22 com.apple.JavaScriptCore 0x00000001074533d1 llint_entry + 93096 23 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 24 com.apple.JavaScriptCore 0x0000000107453355 llint_entry + 92972 25 com.apple.JavaScriptCore 0x000000010743c67f vmEntryToJavaScript + 200 26 com.apple.JavaScriptCore 0x00000001071200d1 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 417 27 com.apple.JavaScriptCore 0x0000000107bef93b JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 187 28 com.apple.WebCore 0x0000000104894e28 WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 152 29 com.apple.WebCore 0x00000001048ad210 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1680 30 com.apple.WebCore 0x0000000104b5a71c WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase) + 1196 31 com.apple.WebCore 0x0000000104b580f2 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 594 32 com.apple.WebCore 0x0000000104b5a245 WebCore::EventTarget::dispatchEvent(WebCore::Event&) + 181 33 com.apple.WebCore 0x00000001039856de WebCore::PostMessageTimer::fired() + 1262
<rdar://problem/53962833>
Created attachment 377349 [details] Patch
Comment on attachment 377349 [details] Patch Clearing flags on attachment: 377349 Committed r249156: <https://trac.webkit.org/changeset/249156>
All reviewed patches have been landed. Closing bug.