WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
UNCONFIRMED
75388
Crash in JSC::JSValue::get(JSC::ExecState*, unsigned int, JSC::PropertySlot&)
https://bugs.webkit.org/show_bug.cgi?id=75388
Summary
Crash in JSC::JSValue::get(JSC::ExecState*, unsigned int, JSC::PropertySlot&)
Dimitris Apostolou
Reported
2011-12-30 08:36:01 PST
Created
attachment 120803
[details]
Crash log.
r103834
Reproducibility: always Pre-steps: Create a free account at
https://my.withings.com/en/
Steps:
https://my.withings.com/en/
What happened: Crash while the graphs are loading. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001041f29bf JSC::JSValue::get(JSC::ExecState*, unsigned int, JSC::PropertySlot&) const + 127 1 com.apple.JavaScriptCore 0x000000010425e304 cti_op_get_by_val + 708 2 ??? 0x00002e0517fb5966 0 + 50599412062566 3 com.apple.JavaScriptCore 0x0000000104222c80 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 912 4 com.apple.JavaScriptCore 0x00000001041c749a JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 42 5 com.apple.WebCore 0x00000001049e7731 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 881 6 com.apple.WebCore 0x00000001047315d5 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 213 7 com.apple.WebCore 0x000000010473146d WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 141 8 com.apple.WebCore 0x0000000104f4856d WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 61 9 com.apple.WebCore 0x0000000104f43f53 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 339 10 com.apple.WebCore 0x0000000104f477a7 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 407 11 com.apple.WebCore 0x000000010464696a WebCore::DocumentThreadableLoader::notifyFinished(WebCore::CachedResource*) + 426 12 com.apple.WebCore 0x000000010451845c WebCore::CachedResource::checkNotify() + 92 13 com.apple.WebCore 0x00000001045177f8 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 456 14 com.apple.WebCore 0x0000000104e01f06 WebCore::SubresourceLoader::didFinishLoading(double) + 150 15 com.apple.Foundation 0x00007fff99a65662 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 122 16 com.apple.Foundation 0x00007fff99a655e2 _NSURLConnectionDidFinishLoading + 81 17 com.apple.CFNetwork 0x00007fff8e1f6c7e URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 296 18 com.apple.CFNetwork 0x00007fff8e2a6c7e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 862 19 com.apple.CFNetwork 0x00007fff8e1d1b49 URLConnectionClient::processEvents() + 185 20 com.apple.CFNetwork 0x00007fff8e1d19ee MultiplexerSource::perform() + 212 21 com.apple.CoreFoundation 0x00007fff98994921 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 22 com.apple.CoreFoundation 0x00007fff9899418d __CFRunLoopDoSources0 + 253 23 com.apple.CoreFoundation 0x00007fff989baf79 __CFRunLoopRun + 905 24 com.apple.CoreFoundation 0x00007fff989ba8b6 CFRunLoopRunSpecific + 230 25 com.apple.HIToolbox 0x00007fff8f97731f RunCurrentEventLoopInMode + 277 26 com.apple.HIToolbox 0x00007fff8f97e5c9 ReceiveNextEventCommon + 355 27 com.apple.HIToolbox 0x00007fff8f97e456 BlockUntilNextEventMatchingListInMode + 62 28 com.apple.AppKit 0x00007fff90262ef9 _DPSNextEvent + 659 29 com.apple.AppKit 0x00007fff902627fd -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 30 com.apple.AppKit 0x00007fff9025f139 -[NSApplication run] + 470 31 com.apple.WebKit2 0x0000000103eb4f89 RunLoop::run() + 67 32 com.apple.WebKit2 0x0000000103efd855 WebKit::WebProcessMain(WebKit::CommandLine const&) + 673 33 com.apple.WebKit2 0x0000000103ecf909 WebKitMain + 285 34 com.apple.WebProcess 0x0000000103e60e5f main + 219 35 com.apple.WebProcess 0x0000000103e60d7c start + 52 Expected result: WebKit does not crash.
Attachments
Crash log.
(50.45 KB, text/plain)
2011-12-30 08:36 PST
,
Dimitris Apostolou
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Dimitris Apostolou
Comment 1
2011-12-30 11:56:38 PST
From debug build: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010b5c6790 JSC::JSValue::get(JSC::ExecState*, unsigned int, JSC::PropertySlot&) const + 160 (JSObject.h:825) 1 com.apple.JavaScriptCore 0x000000010b5c66d3 JSC::JSValue::get(JSC::ExecState*, unsigned int) const + 83 (JSObject.h:812) 2 com.apple.JavaScriptCore 0x000000010b65145a cti_op_get_by_val + 1130 (JITStubs.cpp:2505) 3 com.apple.JavaScriptCore 0x000000010b6589d0 0x10b4c2000 + 1665488 4 com.apple.JavaScriptCore 0x000000010b617059 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:115) 5 com.apple.JavaScriptCore 0x000000010b613aa7 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1751 (Interpreter.cpp:1080) 6 com.apple.JavaScriptCore 0x000000010b5507d1 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 305 (CallData.cpp:39) 7 com.apple.WebCore 0x000000010c9cd643 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 179 (JSMainThreadExecState.h:52) 8 com.apple.WebCore 0x000000010cafef46 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1334 (JSEventListener.cpp:123) 9 com.apple.WebCore 0x000000010c5bd939 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 361 (EventTarget.cpp:214) 10 com.apple.WebCore 0x000000010c5bd7a1 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 321 (EventTarget.cpp:199) 11 com.apple.WebCore 0x000000010c5bd62d WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 157 (EventTarget.cpp:176) 12 com.apple.WebCore 0x000000010d6144d9 WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 281 (XMLHttpRequestProgressEventThrottle.cpp:81) 13 com.apple.WebCore 0x000000010d60eae0 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 288 (XMLHttpRequest.cpp:366) 14 com.apple.WebCore 0x000000010d60e9ab WebCore::XMLHttpRequest::changeState(WebCore::XMLHttpRequest::State) + 59 (XMLHttpRequest.cpp:356) 15 com.apple.WebCore 0x000000010d6122f6 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 438 (XMLHttpRequest.cpp:1038) 16 com.apple.WebCore 0x000000010d612369 non-virtual thunk to WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 57 17 com.apple.WebCore 0x000000010c4172cc WebCore::DocumentThreadableLoader::didFinishLoading(unsigned long, double) + 348 (DocumentThreadableLoader.cpp:277) 18 com.apple.WebCore 0x000000010c417166 WebCore::DocumentThreadableLoader::notifyFinished(WebCore::CachedResource*) + 646 (DocumentThreadableLoader.cpp:262) 19 com.apple.WebCore 0x000000010c41730f non-virtual thunk to WebCore::DocumentThreadableLoader::notifyFinished(WebCore::CachedResource*) + 47 20 com.apple.WebCore 0x000000010c12be1d WebCore::CachedResource::checkNotify() + 109 (CachedResource.cpp:237) 21 com.apple.WebCore 0x000000010c12be81 WebCore::CachedResource::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 65 (CachedResource.cpp:247) 22 com.apple.WebCore 0x000000010c12a621 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 641 (CachedRawResource.cpp:67) 23 com.apple.WebCore 0x000000010d3d1e2f WebCore::SubresourceLoader::didFinishLoading(double) + 623 (SubresourceLoader.cpp:259) 24 com.apple.WebCore 0x000000010d2b05cc WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 188 (ResourceLoader.cpp:452) 25 com.apple.WebCore 0x000000010d2aceb5 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 261 (ResourceHandleMac.mm:887) 26 com.apple.Foundation 0x00007fff99a65662 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 122 27 com.apple.Foundation 0x00007fff99a655e2 _NSURLConnectionDidFinishLoading + 81 28 com.apple.CFNetwork 0x00007fff8e1f6c7e URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 296 29 com.apple.CFNetwork 0x00007fff8e2a6c7e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 862 30 com.apple.CFNetwork 0x00007fff8e2a6e6a URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354 31 com.apple.CFNetwork 0x00007fff8e1d1b49 URLConnectionClient::processEvents() + 185 32 com.apple.CFNetwork 0x00007fff8e1d19ee MultiplexerSource::perform() + 212 33 com.apple.CoreFoundation 0x00007fff98994921 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 34 com.apple.CoreFoundation 0x00007fff9899418d __CFRunLoopDoSources0 + 253 35 com.apple.CoreFoundation 0x00007fff989baf79 __CFRunLoopRun + 905 36 com.apple.CoreFoundation 0x00007fff989ba8b6 CFRunLoopRunSpecific + 230 37 com.apple.HIToolbox 0x00007fff8f97731f RunCurrentEventLoopInMode + 277 38 com.apple.HIToolbox 0x00007fff8f97e5c9 ReceiveNextEventCommon + 355 39 com.apple.HIToolbox 0x00007fff8f97e456 BlockUntilNextEventMatchingListInMode + 62 40 com.apple.AppKit 0x00007fff90262ef9 _DPSNextEvent + 659 41 com.apple.AppKit 0x00007fff902627fd -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 42 com.apple.AppKit 0x00007fff9025f139 -[NSApplication run] + 470 43 com.apple.WebKit2 0x000000010a67427c RunLoop::run() + 92 (RunLoopMac.mm:63) 44 com.apple.WebKit2 0x000000010a7600fa WebKit::WebProcessMain(WebKit::CommandLine const&) + 1098 (WebProcessMainMac.mm:115) 45 com.apple.WebKit2 0x000000010a6c9adf _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50) 46 com.apple.WebKit2 0x000000010a6c99cd WebKitMain + 173 (WebKitMain.cpp:74) 47 com.apple.WebProcess 0x000000010a3d1d82 main + 290 48 com.apple.WebProcess 0x000000010a3d1c54 start + 52
Alexey Proskuryakov
Comment 2
2011-12-30 12:49:25 PST
Repro crash -> P1.
Alexey Proskuryakov
Comment 3
2012-01-04 15:00:04 PST
So, one actually needs whitings hardware to reproduce this? I don't see any way to get to graphs otherwise.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug