20521 – Crash in KJS::Register::codeBlock() logging into Facebook

Bug 20521 - Crash in KJS::Register::codeBlock() logging into Facebook

Summary: Crash in KJS::Register::codeBlock() logging into Facebook

Status:	RESOLVED DUPLICATE of bug 20516

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac (Intel) OS X 10.5

Importance:	P1 Major
Assignee:	Nobody

URL:	http://www.facebook.com/
Keywords:	NeedsReduction, Regression

Duplicates (1):	20524 (view as bug list)
Depends on:
Blocks:

Reported:	2008-08-26 04:05 PDT by François Lamboley
Modified:	2008-08-26 07:19 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Crash log of webkit when connecting to facebook (25.15 KB, text/plain) 2008-08-26 04:07 PDT, François Lamboley	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description François Lamboley 2008-08-26 04:05:30 PDT

I went on facebook and caught an unexpected crash after I log in (the page was not completely loaded).

Comment 1 François Lamboley 2008-08-26 04:07:50 PDT

Created attachment 22998 [details]
Crash log of webkit when connecting to facebook

Comment 2 overlord.luchao 2008-08-26 05:40:43 PDT

This is occurring for me as well.

Comment 3 Matt Lilek 2008-08-26 07:10:09 PDT

Confirmed with r35919.

ASSERTION FAILED: m_type == CodeBlockType
(/Users/mlilek/Documents/WebKit/JavaScriptCore/VM/Register.h:197 KJS::CodeBlock* KJS::Register::codeBlock() const)

Thread 0 Crashed:
0   com.apple.JavaScriptCore      	0x005089ee KJS::Register::codeBlock() const + 70 (Register.h:197)
1   com.apple.JavaScriptCore      	0x004fc99a KJS::Machine::callFrame(KJS::ExecState*, KJS::JSFunction*) const + 110 (Machine.cpp:2969)
2   com.apple.JavaScriptCore      	0x004fcc19 KJS::Machine::retrieveArguments(KJS::ExecState*, KJS::JSFunction*) const + 33 (Machine.cpp:2904)
3   com.apple.JavaScriptCore      	0x0044aa75 KJS::JSFunction::argumentsGetter(KJS::ExecState*, KJS::Identifier const&, KJS::PropertySlot const&) + 55 (JSFunction.cpp:77)
4   com.apple.JavaScriptCore      	0x004a611b KJS::PropertySlot::getValue(KJS::ExecState*, KJS::Identifier const&) const + 91 (PropertySlot.h:60)
5   com.apple.JavaScriptCore      	0x0050912a KJS::JSValue::get(KJS::ExecState*, KJS::Identifier const&) const + 252 (JSObject.h:330)
6   com.apple.JavaScriptCore      	0x0050409f KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 22939 (Machine.cpp:1925)
7   com.apple.JavaScriptCore      	0x00507d1c KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 716 (Machine.cpp:853)
8   com.apple.JavaScriptCore      	0x004633b1 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 139 (JSFunction.cpp:71)
9   com.apple.JavaScriptCore      	0x0046344d KJS::call(KJS::ExecState*, KJS::JSValue*, KJS::CallType, KJS::CallData const&, KJS::JSValue*, KJS::ArgList const&) + 149 (CallData.cpp:39)
10  com.apple.JavaScriptCore      	0x00473f8c KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::JSValue*, KJS::ArgList const&) + 494 (FunctionPrototype.cpp:107)
11  com.apple.JavaScriptCore      	0x00505c87 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 30083 (Machine.cpp:2461)
12  com.apple.JavaScriptCore      	0x00507d1c KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::ScopeChainNode*, KJS::JSValue**) + 716 (Machine.cpp:853)
13  com.apple.JavaScriptCore      	0x004633b1 KJS::JSFunction::call(KJS::ExecState*, KJS::JSValue*, KJS::ArgList const&) + 139 (JSFunction.cpp:71)
14  com.apple.JavaScriptCore      	0x0046344d KJS::call(KJS::ExecState*, KJS::JSValue*, KJS::CallType, KJS::CallData const&, KJS::JSValue*, KJS::ArgList const&) + 149 (CallData.cpp:39)
15  com.apple.WebCore             	0x03863022 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 664 (JSEventListener.cpp:97)

Comment 4 Matt Lilek 2008-08-26 07:15:49 PDT

*** Bug 20524 has been marked as a duplicate of this bug. ***

Comment 5 Cameron Zwarich (cpst) 2008-08-26 07:19:23 PDT

This is another case of bug 20516, and the fix posted there also fixes this bug. I am not sure when I'll get to make a layout test, but the Facebook login code might be easier to reduce than the Gmail code.

*** This bug has been marked as a duplicate of 20516 ***