RESOLVED FIXED 25692
REGRESSION: Crash in JSValue::getCallData when loading apple.com/startpage 
https://bugs.webkit.org/show_bug.cgi?id=25692
Summary REGRESSION: Crash in JSValue::getCallData when loading apple.com/startpage
Adam Roben (:aroben)
Reported 2009-05-11 07:54:26 PDT
After updating to ToT on Windows, I'm crashing when loading apple.com/startpage. Here's the backtrace: > JavaScriptCore_debug.dll!JSC::JSValue::getCallData(JSC::CallData & callData={...}) Line 206 + 0x40 bytes C++ JavaScriptCore_debug.dll!JSC::JITStubs::cti_op_call_NotJSFunction(void * * args=0x0046e920) Line 1090 + 0xc bytes C++ JavaScriptCore_debug.dll!JSC::JITStubs::cti_op_convert_this() + 0xff bytes C++ JavaScriptCore_debug.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x07b6ec68, JSC::ExecState * callFrame=0x09d28024, JSC::JSGlobalData * globalData=0x07c3b888, JSC::JSValue * exception=0x0046ea3c) Line 76 + 0x21 bytes C++ JavaScriptCore_debug.dll!JSC::Interpreter::execute(JSC::ProgramNode * programNode=0x09163970, JSC::ExecState * callFrame=0x07b6f12c, JSC::ScopeChainNode * scopeChain=0x07b6f310, JSC::JSObject * thisObj=0x03aa0000, JSC::JSValue * exception=0x0046ea3c) Line 633 + 0x2d bytes C++ JavaScriptCore_debug.dll!JSC::evaluate(JSC::ExecState * exec=0x07b6f12c, JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 69 C++ WebKit_debug.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode={...}) Line 101 + 0x30 bytes C++ WebKit_debug.dll!WebCore::FrameLoader::executeScript(const WebCore::ScriptSourceCode & sourceCode={...}) Line 804 C++ WebKit_debug.dll!WebCore::HTMLTokenizer::scriptExecution(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::HTMLTokenizer::State state={...}) Line 555 + 0x27 bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource * __formal=0x07c9dc18) Line 1993 + 0x1d bytes C++ WebKit_debug.dll!WebCore::CachedScript::checkNotify() Line 106 + 0x13 bytes C++ WebKit_debug.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 97 C++ WebKit_debug.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader * loader=0x07c9e510) Line 324 C++ WebKit_debug.dll!WebCore::SubresourceLoader::didFinishLoading() Line 183 + 0x1f bytes C++ WebKit_debug.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x07c9c4c8) Line 416 + 0xf bytes C++ WebKit_debug.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x07ca0900, const void * clientInfo=0x07c9c4c8) Line 169 + 0x1e bytes C++
Attachments
Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2009-05-11 07:55:12 PDT
The Output window in Visual Studio says: First-chance exception at 0x69c8837b (JavaScriptCore_debug.dll) in Safari_debug.exe: 0xC0000005: Access violation reading location 0x0000003e. Unhandled exception at 0x69c8837b (JavaScriptCore_debug.dll) in Safari_debug.exe: 0xC0000005: Access violation reading location 0x0000003e.
Adam Roben (:aroben)
Comment 2 2009-05-11 07:55:41 PDT
<rdar://problem/6874750>
Adam Roben (:aroben)
Comment 3 2009-05-11 09:20:29 PDT
Here's a reduction: 1. Load this URL: data:text/html,<script>alert('hi')</script>
Adam Roben (:aroben)
Comment 4 2009-05-11 09:22:10 PDT
(In reply to comment #3) > Here's a reduction: > > 1. Load this URL: data:text/html,<script>alert('hi')</script> Actually, this results in a slightly different crash, though it may be related. I'll file it as a separate bug (bug 25695) for now.
Adam Roben (:aroben)
Comment 5 2009-05-11 09:32:36 PDT
The bots don't seem to be running into this. I'm going to try a clean build.
Adam Roben (:aroben)
Comment 6 2009-05-11 09:47:35 PDT
A clean build seems to have fixed this.
Note You need to log in before you can comment on or make changes to this bug.