31012 – [v8] attempt to entry empty context in V8IsolatedWorld constructor

RESOLVED FIXED31012

[v8] attempt to entry empty context in V8IsolatedWorld constructor

https://bugs.webkit.org/show_bug.cgi?id=31012

Summary [v8] attempt to entry empty context in V8IsolatedWorld constructor

anton muhin

Reported 2009-11-02 05:49:31 PST

Crome crashes when attempting to entry empty context in V8IsolatedWorld constructor. Sample stack trace: Thread 0 *CRASHED* (EXCEPTION_ACCESS_VIOLATION @0x00000000) 0x5d74fc0d [chrome.dll - api.cc:435] v8::Context::Enter() 0x5d3761fc [chrome.dll - v8isolatedworld.cpp:63] WebCore::V8IsolatedWorld::V8IsolatedWorld(WebCore::V8Proxy *,int) 0x5d28b6ff [chrome.dll - v8proxy.cpp:282] WebCore::V8Proxy::evaluateInIsolatedWorld(int,WTF::Vector<WebCore::ScriptSourceCode,0> const &,int) 0x5d267ee2 [chrome.dll - webframe_impl.cc:644] WebFrameImpl::executeScriptInIsolatedWorld(int,WebKit::WebScriptSource const *,unsigned int,int) 0x5d064e15 [chrome.dll - user_script_slave.cc:192] UserScriptSlave::InjectScripts(WebKit::WebFrame *,UserScript::RunLocation) 0x5d05b32f [chrome.dll - render_view.cc:2232] RenderView::didFinishDocumentLoad(WebKit::WebFrame *) 0x5d27d332 [chrome.dll - webframeloaderclient_impl.cc:312] WebFrameLoaderClient::dispatchDidFinishDocumentLoad() 0x5d2a68d7 [chrome.dll - frameloader.cpp:1044] WebCore::FrameLoader::finishedParsing() 0x5d29e97e [chrome.dll - document.cpp:4024] WebCore::Document::finishedParsing() 0x5d4cf8f7 [chrome.dll - htmlparser.cpp:1635] WebCore::HTMLParser::finished() 0x5d437635 [chrome.dll - htmltokenizer.cpp:1864] WebCore::HTMLTokenizer::end() 0x5d4378ac [chrome.dll - htmltokenizer.cpp:1904] WebCore::HTMLTokenizer::finish() 0x5d2a686c [chrome.dll - frameloader.cpp:949] WebCore::FrameLoader::endIfNotLoadingMainResource() 0x5d2a682c [chrome.dll - frameloader.cpp:934] WebCore::FrameLoader::end() 0x5d2a970a [chrome.dll - frameloader.cpp:2674] WebCore::FrameLoader::finishedLoading() 0x5d44ac72 [chrome.dll - mainresourceloader.cpp:393] WebCore::MainResourceLoader::didFinishLoading() 0x5d44b9d6 [chrome.dll - resourceloader.cpp:403] WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle *) 0x5d5394c2 [chrome.dll - resourcehandle.cpp:150] WebCore::ResourceHandleInternal::didFinishLoading(WebKit::WebURLLoader *) 0x5d274e6b [chrome.dll - weburlloader_impl.cc:510] webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &) 0x5d22a3a9 [chrome.dll - resource_dispatcher.cc:448] ResourceDispatcher::OnRequestComplete(int,URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &) 0x5d22b4ec [chrome.dll - ipc_message_utils.h:1000] IPC::MessageWithTuple<Tuple3<int,URLRequestStatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >::Dispatch<ResourceDispatcher,void ( ResourceDispatcher::*)(int,URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &)>(IPC::Message const *,ResourceDispatcher *,void ( ResourceDispatcher::*)(int,URLRequestStatus const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &)) 0x5d22a633 [chrome.dll - resource_dispatcher.cc:520] ResourceDispatcher::DispatchMessageW(IPC::Message const &) 0x5d22a047 [chrome.dll - resource_dispatcher.cc:301] ResourceDispatcher::OnMessageReceived(IPC::Message const &) 0x5d2283f6 [chrome.dll - child_thread.cc:99] ChildThread::OnMessageReceived(IPC::Message const &) 0x5d1bcaf7 [chrome.dll - task.h:277] RunnableMethod<URLFetcher::Core,void ( URLFetcher::Core::*)(URLRequestStatus const &),Tuple1<URLRequestStatus> >::Run() 0x5d034ec8 [chrome.dll - message_loop.cc:314] MessageLoop::RunTask(Task *) 0x5d034f02 [chrome.dll - message_loop.cc:322] MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) 0x5d0350b7 [chrome.dll - message_loop.cc:429] MessageLoop::DoWork() 0x5d0461ba [chrome.dll - message_pump_default.cc:50] base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x5d034d78 [chrome.dll - message_loop.cc:199] MessageLoop::RunInternal() 0x5d034d41 [chrome.dll - message_loop.cc:181] MessageLoop::RunHandler() 0x5d034ce4 [chrome.dll - message_loop.cc:155] MessageLoop::Run() 0x5d04d654 [chrome.dll - renderer_main.cc:167] RendererMain(MainFunctionParams const &) 0x5cfa37ae [chrome.dll - chrome_dll_main.cc:544] ChromeMain 0x01082c0e [chrome.exe - google_update_client.cc:96] google_update::GoogleUpdateClient::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *) 0x76daea8a [kernel32.dll + 0x000bea8a] _aullrem

Attachments
Crash minidump (28.81 KB, application/octet-stream) 2009-11-02 05:50 PST, anton muhin	no flags	Details
View All Add attachment proposed patch, testcase, etc.

anton muhin

Comment 1 2009-11-02 05:50:13 PST

Created attachment 42314 [details] Crash minidump

Adam Barth

Comment 2 2009-11-02 08:35:11 PST

I'm pretty sure I fixed this one recently. Is this still occurring at TOT?

anton muhin

Comment 3 2009-11-02 10:23:29 PST

(In reply to comment #2) > I'm pretty sure I fixed this one recently. Is this still occurring at TOT? Adam, do you know which build should have your fix? if you could give me a number, I'd try to check if it happens after we've got another crash data for that or later build.

Adam Barth

Comment 4 2009-11-02 12:55:02 PST

> Adam, do you know which build should have your fix? if you could give me a > number, I'd try to check if it happens after we've got another crash data for > that or later build. I'm pretty sure it is this one: http://trac.webkit.org/changeset/50319 Not sure when that got merged into Chrome.

anton muhin

Comment 5 2009-11-03 05:31:08 PST

(In reply to comment #4) > > Adam, do you know which build should have your fix? if you could give me a > > number, I'd try to check if it happens after we've got another crash data for > > that or later build. > > I'm pretty sure it is this one: > > http://trac.webkit.org/changeset/50319 > > Not sure when that got merged into Chrome. Thanks for a pointer, Adam. As of http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?view=markup&pathrev=30797 it should be in Chromium. I'd keep an eye on crashes to see if it is still there.

anton muhin

Comment 6 2009-11-23 08:50:21 PST

(In reply to comment #5) > (In reply to comment #4) > > > Adam, do you know which build should have your fix? if you could give me a > > > number, I'd try to check if it happens after we've got another crash data for > > > that or later build. > > > > I'm pretty sure it is this one: > > > > http://trac.webkit.org/changeset/50319 > > > > Not sure when that got merged into Chrome. > > Thanks for a pointer, Adam. As of > http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?view=markup&pathrev=30797 > it should be in Chromium. I'd keep an eye on crashes to see if it is still > there. Cool, looks this has gone from the most recent builds. Thanks a lot.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2009-11-02 05:49 PST

Modified

2009-11-23 08:50 PST History

CC List

1 user Show

URL

Keywords

Depends on

Blocks