WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
42394
Crash entering mail.yahoo.com
https://bugs.webkit.org/show_bug.cgi?id=42394
Summary
Crash entering mail.yahoo.com
Simon Fraser (smfr)
Reported
2010-07-15 13:12:10 PDT
Going to mail.yahoo.com results in a crash with
r63452
(gdb) bt #0 0x0000000101ccf2fc in JSC::RegisterID::index (this=0x0) at RegisterID.h:75 #1 0x0000000101cc20c4 in JSC::BytecodeGenerator::argumentNumberFor (this=0x108312600, ident=@0x12464abd8) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2054 #2 0x0000000101dce102 in JSC::FunctionBodyNode::emitBytecode (this=0x12464aa20, generator=@0x108312600) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/bytecompiler/NodesCodegen.cpp:2046 #3 0x0000000101cc94cd in JSC::BytecodeGenerator::generate (this=0x108312600) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:144 #4 0x0000000101d15cf2 in JSC::FunctionExecutable::compileForCallInternal (this=0x122eecc10, exec=0x1231116c8, scopeChainNode=0x122eec1d0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/Executable.cpp:167 #5 0x0000000101cb8e4b in JSC::FunctionExecutable::compileForCall (this=0x122eecc10, exec=0x1231116c8, scopeChainNode=0x122eec1d0) at Executable.h:318 #6 0x0000000101d53539 in cti_vm_lazyLinkCall (args=0x7fff5fbfc350) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/jit/JITStubs.cpp:1987 Could not find the frame base for "WTF::doubleHash(unsigned int)". #7 0x0000000101d4b7db in WTF::doubleHash (key=) at HashTable.h:447 #8 0x0000000101d2bc90 in JSC::JITCode::execute (this=0x123c4cc38, registerFile=0x11ad68f08, callFrame=0x123111510, globalData=0x11b016000, exception=0x11b017920) at JITCode.h:77 #9 0x0000000101d27736 in JSC::Interpreter::executeCall (this=0x11ad68ef0, callFrame=0x1231114a0, function=0x120439cc0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfc6d0, thisValue={m_ptr = 0x124524100}, args=@0x7fff5fbfc6c0, exception=0x11b017920) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:780 #10 0x0000000101ce4477 in JSC::call (exec=0x1231114a0, functionObject={m_ptr = 0x120439cc0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfc6d0, thisValue={m_ptr = 0x124524100}, args=@0x7fff5fbfc6c0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/CallData.cpp:38 #11 0x0000000101d20dfb in JSC::functionProtoFuncApply (exec=0x1231114a0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/FunctionPrototype.cpp:133 #12 0x00003864232001aa in ?? () #13 0x0000000101d2bc90 in JSC::JITCode::execute (this=0x122ee08d8, registerFile=0x11ad68f08, callFrame=0x123111370, globalData=0x11b016000, exception=0x11b017920) at JITCode.h:77 #14 0x0000000101d27736 in JSC::Interpreter::executeCall (this=0x11ad68ef0, callFrame=0x123110728, function=0x12452b040, callType=JSC::CallTypeJS, callData=@0x7fff5fbfcad0, thisValue={m_ptr = 0x12452b180}, args=@0x7fff5fbfcac0, exception=0x11b017920) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:780 #15 0x0000000101ce4477 in JSC::call (exec=0x123110728, functionObject={m_ptr = 0x12452b040}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfcad0, thisValue={m_ptr = 0x12452b180}, args=@0x7fff5fbfcac0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/CallData.cpp:38 #16 0x0000000101d20dfb in JSC::functionProtoFuncApply (exec=0x123110728) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/FunctionPrototype.cpp:133 #17 0x00003864232001aa in ?? () #18 0x0000000101d2bc90 in JSC::JITCode::execute (this=0x12474c158, registerFile=0x11ad68f08, callFrame=0x123110038, globalData=0x11b016000, exception=0x7fff5fbfcdd0) at JITCode.h:77 #19 0x0000000101d28551 in JSC::Interpreter::execute (this=0x11ad68ef0, program=0x12474c140, callFrame=0x122f61778, scopeChain=0x122f60fe0, thisObj=0x11f740000, exception=0x7fff5fbfcdd0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:701 #20 0x0000000101cfbb95 in JSC::evaluate (exec=0x122f61778, scopeChain=@0x122f61740, source=@0x7fff5fbfd138, thisValue={m_ptr = 0x11f740000}) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/Completion.cpp:63 #21 0x000000010305425a in WebCore::JSMainThreadExecState::evaluate (exec=0x122f61778, chain=@0x122f61740, source=@0x7fff5fbfd138, thisValue={m_ptr = 0x11f740000}) at JSMainThreadExecState.h:54 #22 0x000000010341529a in WebCore::ScriptController::evaluateInWorld (this=0x11c829908, sourceCode=@0x7fff5fbfd130, world=0x11ad77220, shouldAllowXSS=WebCore::DoNotAllowXSS) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScriptController.cpp:151 #23 0x00000001034154a4 in WebCore::ScriptController::evaluate (this=0x11c829908, sourceCode=@0x7fff5fbfd130, shouldAllowXSS=WebCore::DoNotAllowXSS) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScriptController.cpp:177 #24 0x000000010341ad4c in WebCore::ScriptController::executeScript (this=0x11c829908, sourceCode=@0x7fff5fbfd130, shouldAllowXSS=WebCore::DoNotAllowXSS) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/ScriptControllerBase.cpp:60 #25 0x0000000102e4ad80 in WebCore::HTMLScriptRunner::executeScript (this=0x122f662b0, element=0x12474bd90, sourceCode=@0x7fff5fbfd130) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLScriptRunner.cpp:160 #26 0x0000000102e4af02 in WebCore::HTMLScriptRunner::runScript (this=0x122f662b0, script=0x12474bd90, startingLineNumber=483) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLScriptRunner.cpp:276 #27 0x0000000102e4b4b7 in WebCore::HTMLScriptRunner::execute (this=0x122f662b0, scriptElement=@0x7fff5fbfd230, startLine=483) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLScriptRunner.cpp:185 #28 0x0000000102df39ff in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x10a044800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLDocumentParser.cpp:152 #29 0x0000000102df4245 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x10a044800, mode=WebCore::HTMLDocumentParser::AllowYield) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLDocumentParser.cpp:179 #30 0x0000000102df4483 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x10a044800, mode=WebCore::HTMLDocumentParser::AllowYield) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLDocumentParser.cpp:127 #31 0x0000000102df4a00 in WebCore::HTMLDocumentParser::append (this=0x10a044800, source=@0x7fff5fbfd350) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/HTMLDocumentParser.cpp:263 #32 0x0000000102bb12ac in WebCore::DecodedDataDocumentParser::appendBytes (this=0x10a044800, writer=0x11c8295f0, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856, shouldFlush=false) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/DecodedDataDocumentParser.cpp:55 #33 0x0000000102c0b688 in WebCore::DocumentWriter::addData (this=0x11c8295f0, str=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., len=56856, flush=false) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/DocumentWriter.cpp:200 #34 0x0000000102d5acff in WebCore::FrameLoader::addData (this=0x11c829450, bytes=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/FrameLoader.cpp:1143 #35 0x000000010245bf26 in -[WebFrame(WebInternal) _addData:] (self=0x11ba28270, _cmd=0x7fff840c6cd9, data=0x10762e5c0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebView/WebFrame.mm:502 #36 0x0000000102459157 in -[WebFrame(WebInternal) _receivedData:textEncodingName:] (self=0x11ba28270, _cmd=0x7fff840c6678, data=0x10762e5c0, textEncodingName=0x122f5b090) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebView/WebFrame.mm:1011 #37 0x0000000102481484 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0x122f5a150, _cmd=0x7fff840c2cf2, data=0x10762e5c0, dataSource=0x107626f70) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebView/WebHTMLRepresentation.mm:171 #38 0x000000010244298e in -[WebDataSource(WebInternal) _receivedData:] (self=0x107626f70, _cmd=0x7fff840bf434, data=0x10762e5c0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebView/WebDataSource.mm:239 #39 0x0000000102464d0b in WebFrameLoaderClient::committedLoad (this=0x11ba293c0, loader=0x108065600, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm:853 #40 0x0000000102d58912 in WebCore::FrameLoader::committedLoad (this=0x11c829450, loader=0x108065600, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/FrameLoader.cpp:2749 #41 0x0000000102c01f9b in WebCore::DocumentLoader::commitLoad (this=0x108065600, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/DocumentLoader.cpp:280 #42 0x0000000102c01ff4 in WebCore::DocumentLoader::receivedData (this=0x108065600, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/DocumentLoader.cpp:292 #43 0x0000000102d5a813 in WebCore::FrameLoader::receivedData (this=0x11c829450, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/FrameLoader.cpp:1557 #44 0x0000000103207a9a in WebCore::MainResourceLoader::addData (this=0x108068200, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856, allAtOnce=false) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/MainResourceLoader.cpp:147 #45 0x00000001033f7d06 in WebCore::ResourceLoader::didReceiveData (this=0x108068200, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856, lengthReceived=56856, allAtOnce=false) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/ResourceLoader.cpp:260 #46 0x0000000103207313 in WebCore::MainResourceLoader::didReceiveData (this=0x108068200, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856, lengthReceived=56856, allAtOnce=false) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/MainResourceLoader.cpp:415 #47 0x00000001033f7420 in WebCore::ResourceLoader::didReceiveData (this=0x108068200, data=0x10a18e000 "_con\\\"><img class=\\\"spinner\\\" src=\\\"
http:\\/\\/d.yimg.com\\/a\\/i\\/ww\\/met\\/anim_loading_sm_082208.gif
\\\" \\/><\\/div>", ' ' <repeats 12 times>, "<div id=\\\"gx_news\\\">\\n", ' ' <repeats 12 times>, "<ul id=\\\"news_list\\\">\\n", ' ' <repeats 20 times>..., length=56856, lengthReceived=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/ResourceLoader.cpp:431 #48 0x00000001033f21fe in -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] (self=0x10762d860, _cmd=0x7fff83e4ca69, connection=0x10762d9b0, data=0x122f58780, lengthReceived=56856) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:861 #49 0x00007fff83d274af in _NSURLConnectionDidReceiveData () #50 0x00007fff84668ef8 in URLConnectionClient::_clientDidReceiveData () #51 0x00007fff846d03be in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () #52 0x00007fff8465779f in URLConnectionClient::processEvents () #53 0x00007fff8465757c in MultiplexerSource::perform () #54 0x00007fff87e40d3d in __CFRunLoopDoSources0 () #55 0x00007fff87e3f089 in __CFRunLoopRun () #56 0x00007fff87e3e84f in CFRunLoopRunSpecific () #57 0x00007fff81d6e91a in RunCurrentEventLoopInMode () #58 0x00007fff81d6e71f in ReceiveNextEventCommon () #59 0x00007fff81d6e5d8 in BlockUntilNextEventMatchingListInMode () #60 0x00007fff86eb329e in _DPSNextEvent () #61 0x00007fff86eb2bed in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #62 0x00000001000800c9 in -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (self=0x107610810, _cmd=0x7fff875a79d0, mask=18446744073709551615, expiration=0x11ad52710, mode=0x7fff70eef3d0, dequeue=1 '\001') at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/BrowserApplication.mm:410 #63 0x00007fff86e788d3 in -[NSApplication run] () #64 0x00007fff86e715f8 in NSApplicationMain () #65 0x000000010022eb61 in main (argc=5, argv=0x7fff5fbff1f0) at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/main.mm:157 Current language: auto; currently c++ (gdb)
Attachments
Patch
(2.47 KB, patch)
2010-07-15 19:15 PDT
,
Geoffrey Garen
mjs
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1
2010-07-15 13:12:31 PDT
<
rdar://problem/8196405
>
Geoffrey Garen
Comment 2
2010-07-15 19:15:19 PDT
Created
attachment 61757
[details]
Patch
Maciej Stachowiak
Comment 3
2010-07-15 20:33:57 PDT
Comment on
attachment 61757
[details]
Patch r=me. but if the removed null check is not directly related to the other change, please say so in the ChangeLog.
mitz
Comment 4
2010-07-15 20:35:38 PDT
How come there’s no regression test?
Geoffrey Garen
Comment 5
2010-07-15 21:58:50 PDT
Committed
r63515
: <
http://trac.webkit.org/changeset/63515
>
WebKit Review Bot
Comment 6
2010-07-15 23:25:18 PDT
http://trac.webkit.org/changeset/63515
might have broken Chromium Win Release The following changes are on the blame list:
http://trac.webkit.org/changeset/63514
http://trac.webkit.org/changeset/63515
http://trac.webkit.org/changeset/63516
http://trac.webkit.org/changeset/63517
http://trac.webkit.org/changeset/63518
Geoffrey Garen
Comment 7
2010-07-16 10:57:24 PDT
(In reply to
comment #4
)
> How come there’s no regression test?
Sorry -- forgot to include a test in the patch I uploaded, but I did include a patch in the final commit.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug