RESOLVED FIXED 49362
REGRESSION(71515): Web Inspector: Safari crash calling console.log when Log JavaScript Exceptions to Console is checked 
https://bugs.webkit.org/show_bug.cgi?id=49362
Summary REGRESSION(71515): Web Inspector: Safari crash calling console.log when Log J...
Brian Weinstein
Reported 2010-11-10 20:03:59 PST
There is a crash in Safari when logging to the console when "Log JavaScript Exceptions to Console" is checked.
Attachments
Patch (2.60 KB, patch)
2010-11-13 02:48 PST, Yury Semikhatsky 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2010-11-10 20:25:57 PST
There’s a lifetime issue here in Console::addMessage. The local variable lastCaller is a reference to a call frame owned by the callStack variable. The callStack variable is passed to InspectorController::addMessageToConsole which creates a ConsoleMessage with the ScriptCallStack instance. The ConsoleMessage constructor then clears the ScriptCallStack instance. This means that the lastCaller local variable is now a reference to deallocated memory. There’s a similar issue with the arguments object. It’s a PassOwnPtr and is passed to InspectorController::addMessageToConsole. That results in the arguments local being cleared out, ensuring a nil-dereference will occur when it is dereferenced later on in Console::addMessage.
Alexey Proskuryakov
Comment 2 2010-11-11 15:26:24 PST
*** Bug 49392 has been marked as a duplicate of this bug. ***
Yury Semikhatsky
Comment 3 2010-11-12 08:55:57 PST
Sorry for the lame question, but where can I find this "Log JavaScript Exceptions to Console" option? Should I install Safari Enhancer to see this option?
Brian Weinstein
Comment 4 2010-11-12 09:54:06 PST
It's in Safari's Debug Menu on Mac. 1) Quit Safari 2) Open a terminal, and run: defaults write com.apple.Safari IncludeInternalDebugMenu 1 3) Relaunch Safari There will be a new menu at the top, the Debug Menu, and the Menu item should be there.
Timothy Hatcher
Comment 5 2010-11-12 13:58:12 PST
<rdar://problem/8655727>
Yury Semikhatsky
Comment 6 2010-11-13 02:48:13 PST
Created attachment 73817 [details] Patch
WebKit Commit Bot
Comment 7 2010-11-13 06:51:11 PST
Comment on attachment 73817 [details] Patch Clearing flags on attachment: 73817 Committed r71966: <http://trac.webkit.org/changeset/71966>
WebKit Commit Bot
Comment 8 2010-11-13 06:51:16 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 9 2010-11-16 16:06:23 PST
*** Bug 49598 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.