WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
49968
[Qt] Crash loading webpage
http://www.justicaeleitoral.gov.br
https://bugs.webkit.org/show_bug.cgi?id=49968
Summary
[Qt] Crash loading webpage http://www.justicaeleitoral.gov.br
Thiago Macieira
Reported
2010-11-23 04:46:56 PST
QtWebKit commit: f532679ca11914b453e22342f2ae5e9f790ce47a (follows 6e15c3404d15a8ab72242152ec966e5e388161a2) Steps to reproduce: 1. Load webpage in QtWebKit-based browser (reproduced with demo browser and KDE webkitpart) 2. Wait for crash Result: Crash Expected result: Webpage displayed Crash backtrace: #0 0xb77adc53 in WTF::RefPtr<JSC::FunctionParameters>::operator=(WTF::PassRefPtr<JSC::FunctionParameters> const&) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #1 0xb77acc47 in JSC::FunctionBodyNode::finishParsing(WTF::PassRefPtr<JSC::FunctionParameters>, JSC::Identifier const&) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #2 0xb76e33eb in JSC::FunctionExecutable::compile(JSC::ExecState*, JSC::ScopeChainNode*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #3 0xb76b82a9 in JSC::FunctionExecutable::bytecode(JSC::ExecState*, JSC::ScopeChainNode*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #4 0xb76e37e7 in JSC::FunctionExecutable::generateJITCode(JSC::ExecState*, JSC::ScopeChainNode*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #5 0xb76b8329 in JSC::FunctionExecutable::jitCode(JSC::ExecState*, JSC::ScopeChainNode*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #6 0xb76c176e in cti_op_call_JSFunction () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #7 0xaf9200d1 in ?? () #8 0xb76b7fdb in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #9 0xb76a33b0 in JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #10 0xb76f70ce in JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #11 0xb76d5201 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #12 0xb6f27d4b in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #13 0xb7066af5 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1u>&) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #14 0xb706685f in WebCore::EventTarget::fireEventListeners(WebCore::Event*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #15 0xb70793bd in WebCore::Node::handleLocalEvents(WebCore::Event*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #16 0xb7079ba1 in WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #17 0xb7079708 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #18 0xb7040f17 in WebCore::Document::finishedParsing() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #19 0xb71989e1 in WebCore::HTMLParser::finished() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #20 0xb71b4eda in WebCore::HTMLTokenizer::end() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #21 0xb71b4bfd in WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #22 0xb71b650c in WebCore::HTMLTokenizer::executeExternalScriptsIfReady() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #23 0xb71b61a1 in WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #24 0xb7209091 in WebCore::CachedScript::checkNotify() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #25 0xb7209016 in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #26 0xb723cb45 in WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #27 0xb724eb3f in WebCore::SubresourceLoader::didFinishLoading() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #28 0xb724d38c in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #29 0xb747572d in WebCore::QNetworkReplyHandler::finish() () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #30 0xb7477c0c in WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call, int, void**) () from /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4 #31 0xb5aa5c0a in QMetaObject::metacall (object=0xb8210260, cl=QMetaObject::InvokeMetaMethod, idx=5, argv=0xbfffd4fc) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qmetaobject.cpp:237 #32 0xb5abab63 in QMetaObject::activate (sender=0xb81814b0, m=0xb6a41eec, local_signal_index=1, argv=0x0) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qobject.cpp:3283 #33 0xb69e193d in QNetworkReply::finished (this=0xb81814b0) at /home/tmacieir/obj/troll/qt-4.7/src/network/.moc/debug-shared/moc_qnetworkreply.cpp:152 #34 0xb697097b in QNetworkReplyImplPrivate::finished (this=0xb823a428) at /home/tmacieir/src/troll/qt-4.7/src/network/access/qnetworkreplyimpl.cpp:657 #35 0xb695338a in QNetworkAccessBackend::finished (this=0xb8234308) at /home/tmacieir/src/troll/qt-4.7/src/network/access/qnetworkaccessbackend.cpp:297 #36 0xb695c63d in QNetworkAccessHttpBackend::finished (this=0xb8234308) at /home/tmacieir/src/troll/qt-4.7/src/network/access/qnetworkaccesshttpbackend.cpp:338 #37 0xb696056f in QNetworkAccessHttpBackend::copyFinished (this=0xb8234308, dev=0xb8159230) at /home/tmacieir/src/troll/qt-4.7/src/network/access/qnetworkaccesshttpbackend.cpp:914 #38 0xb696f648 in QNetworkReplyImplPrivate::handleNotifications (this=0xb823a428) at /home/tmacieir/src/troll/qt-4.7/src/network/access/qnetworkreplyimpl.cpp:377 #39 0xb6971862 in QNetworkReplyImpl::event (this=0xb81814b0, e=0xb824a558) at /home/tmacieir/src/troll/qt-4.7/src/network/access/qnetworkreplyimpl.cpp:867 #40 0xb5d922f8 in QApplicationPrivate::notify_helper (this=0xb8006e60, receiver=0xb81814b0, e=0xb824a558) at /home/tmacieir/src/troll/qt-4.7/src/gui/kernel/qapplication.cpp:4462 #41 0xb5d8fa88 in QApplication::notify (this=0xbfffdea8, receiver=0xb81814b0, e=0xb824a558) at /home/tmacieir/src/troll/qt-4.7/src/gui/kernel/qapplication.cpp:3862 #42 0xb5a9de6d in QCoreApplication::notifyInternal (this=0xbfffdea8, receiver=0xb81814b0, event=0xb824a558) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qcoreapplication.cpp:731 #43 0xb5aa1953 in QCoreApplication::sendEvent (receiver=0xb81814b0, event=0xb824a558) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qcoreapplication.h:215 #44 0xb5a9ef37 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xb8006f58) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qcoreapplication.cpp:1372 #45 0xb5a9ebef in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qcoreapplication.cpp:1265 #46 0xb5ad834c in QCoreApplication::sendPostedEvents () at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qcoreapplication.h:220 #47 0xb5ad6b00 in postEventSourceDispatch (s=0xb800a720) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qeventdispatcher_glib.cpp:277 #48 0xb533ccbe in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #49 0xb53409f8 in ?? () from /usr/lib/libglib-2.0.so.0 #50 0xb5340b9e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #51 0xb5ad7b78 in QEventDispatcherGlib::processEvents (this=0xb8007230, flags=...) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qeventdispatcher_glib.cpp:422 #52 0xb5e6e716 in QGuiEventDispatcherGlib::processEvents (this=0xb8007230, flags=...) at /home/tmacieir/src/troll/qt-4.7/src/gui/kernel/qguieventdispatcher_glib.cpp:204 #53 0xb5a9b22b in QEventLoop::processEvents (this=0xbfffde3c, flags=...) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qeventloop.cpp:149 #54 0xb5a9b370 in QEventLoop::exec (this=0xbfffde3c, flags=...) at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qeventloop.cpp:201 #55 0xb5a9e55f in QCoreApplication::exec () at /home/tmacieir/src/troll/qt-4.7/src/corelib/kernel/qcoreapplication.cpp:1008 #56 0xb5d8f696 in QApplication::exec () at /home/tmacieir/src/troll/qt-4.7/src/gui/kernel/qapplication.cpp:3736 #57 0xb7f16ae5 in main (argc=2, argv=0xbfffdf84) at /home/tmacieir/src/troll/qt-4.7/demos/browser/main.cpp:51 Valgrind is very long. Distinct portions: ==15110== Conditional jump or move depends on uninitialised value(s) ==15110== at 0x54A7AFD: cti_vm_lazyLinkCall (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0xCDA009E: ??? ==15110== by 0x549DFDA: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x5488BB5: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54C03C8: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D170A4: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D172B7: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D363C8: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F94D2F: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F9C3EB: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F9C1A0: WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4FEF090: WebCore::CachedScript::checkNotify() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== Conditional jump or move depends on uninitialised value(s) ==15110== at 0x54BC016: JSC::isPossibleCell(void*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC07C: JSC::Heap::markConservatively(JSC::MarkStack&, void*, void*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC1AF: JSC::Heap::markCurrentThreadConservativelyInternal(JSC::MarkStack&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC1E6: JSC::Heap::markCurrentThreadConservatively(JSC::MarkStack&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC207: JSC::Heap::markStackObjectsConservatively(JSC::MarkStack&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC5C2: JSC::Heap::markRoots() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BCBBC: JSC::Heap::reset() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BBC59: JSC::Heap::allocate(unsigned int) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x49E9EAD: JSC::JSCell::operator new(unsigned int, JSC::JSGlobalData*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54A7BEF: cti_op_push_activation (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0xE6590C0: ??? ==15110== by 0x549DFDA: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== Conditional jump or move depends on uninitialised value(s) ==15110== at 0x54BC016: JSC::isPossibleCell(void*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC07C: JSC::Heap::markConservatively(JSC::MarkStack&, void*, void*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BCE57: JSC::RegisterFile::markCallFrames(JSC::MarkStack&, JSC::Heap*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BC5EC: JSC::Heap::markRoots() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BCBBC: JSC::Heap::reset() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BBC59: JSC::Heap::allocate(unsigned int) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x49E9EAD: JSC::JSCell::operator new(unsigned int, JSC::JSGlobalData*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54A7BEF: cti_op_push_activation (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0xE6590C0: ??? ==15110== by 0x549DFDA: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x5488BB5: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54C03C8: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== Conditional jump or move depends on uninitialised value(s) ==15110== at 0x54A1851: JSC::WeakGCPtr<JSC::JSPropertyNameIterator>::get() const (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54A0BCB: JSC::Structure::enumerationCache() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54AF6E8: cti_op_get_pnames (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0xE6518AB: ??? ==15110== by 0x549DFDA: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x5488BB5: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54C03C8: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D170A4: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D172B7: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D363C8: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F94D2F: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F9C3EB: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== Conditional jump or move depends on uninitialised value(s) ==15110== at 0x54BBBAA: JSC::Heap::allocate(unsigned int) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x49E9EAD: JSC::JSCell::operator new(unsigned int, JSC::JSGlobalData*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54A4A5C: cti_op_add (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0xE6459BF: ??? ==15110== by 0x549DFDA: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x5488BB5: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54C03C8: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D170A4: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D172B7: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4D363C8: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F94D2F: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x4F9C3EB: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) [many other frames] Crash: ==15110== Invalid read of size 4 ==15110== at 0x5593C53: WTF::RefPtr<JSC::FunctionParameters>::operator=(WTF::PassRefPtr<JSC::FunctionParameters> const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x5592C46: JSC::FunctionBodyNode::finishParsing(WTF::PassRefPtr<JSC::FunctionParameters>, JSC::Identifier const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54C93EA: JSC::FunctionExecutable::compile(JSC::ExecState*, JSC::ScopeChainNode*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x549E2A8: JSC::FunctionExecutable::bytecode(JSC::ExecState*, JSC::ScopeChainNode*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54C97E6: JSC::FunctionExecutable::generateJITCode(JSC::ExecState*, JSC::ScopeChainNode*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x549E328: JSC::FunctionExecutable::jitCode(JSC::ExecState*, JSC::ScopeChainNode*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54A776D: cti_op_call_JSFunction (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0xCDA0050: ??? ==15110== by 0x549DFDA: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54893AF: JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54DD0CD: JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== by 0x54BB200: JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) ==15110== Address 0x30 is not stack'd, malloc'd or (recently) free'd
Attachments
Add attachment
proposed patch, testcase, etc.
Thiago Macieira
Comment 1
2010-11-23 04:52:06 PST
Repeating the valgrind run with --track-origins, for the first set of errors, they all report: ==15490== Uninitialised value was created by a stack allocation ==15490== at 0x54A7B98: cti_op_push_activation (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) For a second set of reports before the crash: ==15490== Uninitialised value was created by a stack allocation ==15490== at 0x54BC1BC: JSC::Heap::markCurrentThreadConservatively(JSC::MarkStack&) (in /home/tmacieir/obj/troll/qt-4.7/lib/libQtWebKit.so.4.7.1) The crash block has no origin. However, the time between the two blocks and the final block (the crash) is quite big.
Benjamin Poulain
Comment 2
2011-01-30 04:53:52 PST
Please follow
http://trac.webkit.org/wiki/QtWebKitBugs
when reporing bugs here (missing Qt keyword). I cannot reproduce with trunk on Mac.
Alexis Menard (darktears)
Comment 3
2011-02-23 05:36:53 PST
I cannot reproduce on Linux too. Trunk :
r79433
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug