Bug 21130 - ASSERTION FAILED: impl()->frame()
Summary: ASSERTION FAILED: impl()->frame()
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P1 Normal
Assignee: Nobody
URL: http://crypto.stanford.edu/~abarth/re...
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-25 21:03 PDT by Geoffrey Garen
Modified: 2008-09-25 23:56 PDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Geoffrey Garen 2008-09-25 21:03:04 PDT 
1. Load http://crypto.stanford.edu/~abarth/research/webkit/null-frame/
2. Click "boom"

ASSERTION FAILED: impl()->frame()
(/Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/JSDOMWindowBase.cpp:819 virtual JSC::ExecState* WebCore::JSDOMWindowBase::globalExec())
Comment 1 Oliver Hunt 2008-09-25 21:36:49 PDT 
Okay, the assertion (and the subsequent crash if you skip the assertion) seems bogus to me -- why should we need to call frame()->keepAlive() when you request the globalExec?
Comment 2 Alexey Proskuryakov 2008-09-25 23:52:07 PDT 
This is one of the tests in bug 21054 - do we really need a separate bug for it?
Comment 3 Oliver Hunt 2008-09-25 23:56:17 PDT 
It was attached to bug 21054 on the belief that the fix for 21054 caused it.  However it's actually a pre-existing bug.  The bug occurs when we go to compile a function after the frame containing that function has gone away.  We still have the global object, but the frame has since been destroyed.