Bug 45811 - REGRESSION: Feedly extension crashes Webkit
Summary: REGRESSION: Feedly extension crashes Webkit
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Macintosh Intel All
: P1 Normal
Assignee: Nobody
URL:
Keywords: Regression
Depends on:
Blocks:
 
Reported: 2010-09-15 01:31 PDT by rune.bjorneras
Modified: 2010-10-19 11:12 PDT (History)
5 users (show)

See Also:


Attachments
Crash report (30.97 KB, text/plain)
2010-09-15 22:32 PDT, rune.bjorneras
no flags Details
Crash report, r67643 (31.45 KB, text/plain)
2010-09-19 22:28 PDT, rune.bjorneras
no flags Details
Patch (8.55 KB, patch)
2010-10-18 18:26 PDT, Oliver Hunt
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description rune.bjorneras 2010-09-15 01:31:34 PDT
Feedly extension crashes Webkit.
Comment 1 Alexey Proskuryakov 2010-09-15 11:08:45 PDT
Could you please attach a crash log <http://webkit.org/quality/crashlogs.html>?
Comment 2 rune.bjorneras 2010-09-15 22:32:08 PDT
Created attachment 67771 [details]
Crash report
Comment 3 rune.bjorneras 2010-09-15 22:34:12 PDT
Sure - report uploaded.

This is from my work Mac. Webkit also crashes with this extension on my home Mac running 10.6.4.
Comment 4 Alexey Proskuryakov 2010-09-16 11:00:13 PDT
I could reproduce the crash with nightly r67568, although with a different stack trace (which is understandable, since I was running it in 64 bit). Steps to reproduce:

1. Install the extension from e.g. http://www.pimpmysafari.com/extensions/feedly-safari-extension
2. Click its button in Safari.

0   com.apple.JavaScriptCore      	0x00000001007d9d14 JSC::Identifier::addSlowCase(JSC::ExecState*, WTF::StringImpl*) + 84
1   com.apple.WebCore             	0x0000000101601fac WebCore::CloneDeserializer::deserialize() + 2332
2   com.apple.WebCore             	0x0000000101602995 WebCore::SerializedScriptValue::deserialize(JSC::ExecState*, JSC::JSGlobalObject*) + 677
3   com.apple.WebCore             	0x00000001016029f3 WebCore::SerializedScriptValue::deserialize(OpaqueJSContext const*, OpaqueJSValue const**) + 35
4   com.apple.JavaScriptCore      	0x0000000100835aee JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::staticValueGetter(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&) + 766
5   com.apple.JavaScriptCore      	0x0000000100825141 JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const + 401
6   com.apple.JavaScriptCore      	0x00000001008185df cti_op_get_by_id_generic + 79
7   ???                           	0x00003212bace08dd 0 + 55056024864989
8   com.apple.JavaScriptCore      	0x00000001007e06ff JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 911
Comment 5 rune.bjorneras 2010-09-19 22:22:02 PDT
Seems OK now with r67643 - that was quick! :)
Comment 6 rune.bjorneras 2010-09-19 22:27:42 PDT
Ahh, seems I was too quick. Actually got the feed headlines up without a crash, so I thought it worked. However, the browser crashed once I clicked on a link.
Comment 7 rune.bjorneras 2010-09-19 22:28:27 PDT
Created attachment 68052 [details]
Crash report, r67643
Comment 8 Oliver Hunt 2010-10-18 17:51:53 PDT
I think I know what's happening.  Whoops.
Comment 9 Oliver Hunt 2010-10-18 18:26:44 PDT
Created attachment 71110 [details]
Patch
Comment 10 Sam Weinig 2010-10-18 18:32:25 PDT
(In reply to comment #9)
> Created an attachment (id=71110) [details]
> Patch

r=me, though we may want to consider using a SegmentedVector instead.
Comment 11 WebKit Commit Bot 2010-10-18 19:34:54 PDT
Comment on attachment 71110 [details]
Patch

Clearing flags on attachment: 71110

Committed r70018: <http://trac.webkit.org/changeset/70018>
Comment 12 WebKit Commit Bot 2010-10-18 19:35:00 PDT
All reviewed patches have been landed.  Closing bug.
Comment 13 Oliver Hunt 2010-10-19 11:12:25 PDT
Sorry for the delay in fixing this