RESOLVED FIXED 20214
Crash in profiler dereferencing null frame or page 
https://bugs.webkit.org/show_bug.cgi?id=20214
Summary Crash in profiler dereferencing null frame or page
Oliver Hunt
Reported 2008-07-29 14:23:18 PDT
While profiler is running it's possible to trigger a crash through the following steps: 1. Go to http://280slides.com/Editor 2. Open inspector, go to profile pane, start profile 3. hit cmd-w, cmd-n You get the following crash (looks like the profiler is being terminated by the gc sweep, rather than the window closing): Thread 0 Crashed: 0 com.apple.WebCore 0x01400376 WebCore::Frame::page() const + 6 (Frame.cpp:1740) 1 com.apple.WebCore 0x012bf528 WebCore::Console::finishedProfiling(WTF::PassRefPtr<KJS::Profile>) + 24 (Console.cpp:308) 2 com.apple.JavaScriptCore 0x004346bb KJS::Profiler::didFinishAllExecution(KJS::ExecState*) + 267 (PassRefPtr.h:44) 3 com.apple.JavaScriptCore 0x003ce3fe KJS::JSGlobalObject::~JSGlobalObject() + 942 (JSGlobalObject.cpp:88) 4 com.apple.WebCore 0x0180360c WebCore::JSDOMWindowBase::~JSDOMWindowBase() + 796 (JSDOMWindowBase.cpp:242) 5 com.apple.JavaScriptCore 0x003fbbe5 unsigned long KJS::Heap::sweep<(KJS::Heap::HeapType)0>() + 581 (collector.cpp:854) 6 com.apple.JavaScriptCore 0x0036898f KJS::Heap::collect() + 127 (collector.cpp:948) 7 com.apple.WebCore 0x0142b442 WebCore::Timer<WebCore::GCController>::fired() + 82 (Timer.h:99) 8 com.apple.WebCore 0x01771959 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 137 (Timer.cpp:350) 9 com.apple.WebCore 0x01771a22 WebCore::TimerBase::sharedTimerFired() + 162 (Timer.cpp:370) 10 com.apple.WebCore 0x01756ea4 WebCore::timerFired(__CFRunLoopTimer*, void*) + 68 (SharedTimerMac.mm:85) 11 com.apple.CoreFoundation 0x96cd4b45 CFRunLoopRunSpecific + 4469 12 com.apple.CoreFoundation 0x96cd4cf8 CFRunLoopRunInMode + 88 13 com.apple.HIToolbox 0x93c8bda4 RunCurrentEventLoopInMode + 283 14 com.apple.HIToolbox 0x93c8bbbd ReceiveNextEventCommon + 374 15 com.apple.HIToolbox 0x93c8ba31 BlockUntilNextEventMatchingListInMode + 106 16 com.apple.AppKit 0x9331a505 _DPSNextEvent + 657 17 com.apple.AppKit 0x93319db8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 18 com.apple.Safari 0x000086be 0x1000 + 30398 19 com.apple.AppKit 0x93312df3 -[NSApplication run] + 795 20 com.apple.AppKit 0x932e0030 NSApplicationMain + 574 21 com.apple.Safari 0x000ba4d6 0x1000 + 758998
Attachments
Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-07-29 14:25:49 PDT
<rdar://problem/6110314>
Kevin McCullough
Comment 2 2008-07-30 13:18:28 PDT
Committed revision 35459.
Note You need to log in before you can comment on or make changes to this bug.