Visiting hulu.com/tv with the latest version of flash plugin installed causes a crash in safari 4 beta using webkit build r37381. This is reproducible on the windows version with build r37382. Disable flash plugin and the webpage does not cause a crash.
Please provide a crash log <http://webkit.org/quality/crashlogs.html>.
Created attachment 24184 [details]
I can reproduce this with the latest nightly and with a debug build of TOT. The crash trace from the debug build is no better, which suggests something is going AWOL in JITd code.
Appears to be due to r37324
I can no longer reproduce this. Can anyone else?
(In reply to comment #6)
> I can no longer reproduce this. Can anyone else?
I can still reproduce this in Safari 4 beta for OS X. But not on Safari 4 beta in Windows.
Which build of WebKit are you using Brandon?
I can thankfully now reproduce this fine on other hulu.com pages. GDB seems to indicate that this is a garbage collection bug, because it is calling getOwnPropertySlot() on a JSObject with a bad vptr in op_get_by_id.
I am using r37381 in OS X and 37382 in Windows.
Created attachment 24221 [details]
Oops, I meant to say that it works fine on r37323 and r37324. I actually can't seem to reproduce it with any archived builds, because my local tree has CTI off for debugging purposes, which is probably affecting memory layout. I will have to revert and build.
I can't even seem to reproduce this with CTI off on r37400. I am just going to try to fix it on ToT.
Thanks to bug 21497, most of what I have said in this bug is wrong.
Now that I can actually test this properly, I can confirm that r37324 is the culprit. A specific URL that reproduces it for me every time is
It seems that this may be the same as bug 21494.
*** Bug 21507 has been marked as a duplicate of this bug. ***
*** Bug 21494 has been marked as a duplicate of this bug. ***
Created attachment 24236 [details]
Created attachment 24238 [details]
Crash Report r37442
Landed in r37450.
*** Bug 21474 has been marked as a duplicate of this bug. ***
*** Bug 21481 has been marked as a duplicate of this bug. ***