Bug 77776 - Crash in WebCore::DOMTimer::DOMTimer(WebCore::ScriptExecutionContext*, WTF::PassOwnPtr<WebCore::ScheduledAction>, int, bool)
Summary: Crash in WebCore::DOMTimer::DOMTimer(WebCore::ScriptExecutionContext*, WTF::P...
Status: CLOSED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.7
: P2 Normal
Assignee: Nobody
URL: http://www.charliesheen.com/content/2...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-03 13:53 PST by Dimitris Apostolou
Modified: 2012-02-07 13:53 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dimitris Apostolou 2012-02-03 13:53:17 PST 
r106674

Reproducibility: always

Steps:
Go to http://www.charliesheen.com/content/208905?code=Vwr1mwQ

What happened:
Crash (seems like infinite loop).

0   com.apple.WebCore             	0x0000000103ff6c50 WebCore::DOMTimer::DOMTimer(WebCore::ScriptExecutionContext*, WTF::PassOwnPtr<WebCore::ScheduledAction>, int, bool) + 336 (DOMTimer.cpp:76)
1   com.apple.WebCore             	0x0000000103ff6af4 WebCore::DOMTimer::DOMTimer(WebCore::ScriptExecutionContext*, WTF::PassOwnPtr<WebCore::ScheduledAction>, int, bool) + 52 (DOMTimer.cpp:84)
2   com.apple.WebCore             	0x0000000103ff6fd0 WebCore::DOMTimer::install(WebCore::ScriptExecutionContext*, WTF::PassOwnPtr<WebCore::ScheduledAction>, int, bool) + 112 (DOMTimer.cpp:97)
3   com.apple.WebCore             	0x000000010400790b WebCore::DOMWindow::setTimeout(WTF::PassOwnPtr<WebCore::ScheduledAction>, int, int&) + 139 (DOMWindow.cpp:1504)
4   com.apple.WebCore             	0x00000001045df24b WebCore::JSDOMWindow::setTimeout(JSC::ExecState*) + 443 (JSDOMWindowCustom.cpp:648)
5   com.apple.WebCore             	0x00000001045d2475 WebCore::jsDOMWindowPrototypeFunctionSetTimeout(JSC::ExecState*) + 389 (JSDOMWindow.cpp:11306)
6   ???                           	0x00005bec46601218 0 + 101070351110680
7   com.apple.JavaScriptCore      	0x00000001030c71d9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:115)
8   com.apple.JavaScriptCore      	0x00000001030c3bd6 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1766 (Interpreter.cpp:1083)
9   com.apple.JavaScriptCore      	0x0000000102f8b04b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 315 (CallData.cpp:39)
10  com.apple.JavaScriptCore      	0x000000010315f256 JSObjectCallAsFunction + 566 (JSObjectRef.cpp:443)
11  com.apple.Safari.framework    	0x000000010bf8b0c8 Safari::EventTarget::handleEvent(Safari::Event*, Safari::RegisteredEventListener const&) + 110
12  com.apple.Safari.framework    	0x000000010bf8b285 Safari::EventTarget::fireEventListeners(Safari::Event*, Safari::EventTargetTracker*) + 363
13  com.apple.Safari.framework    	0x000000010bf8b39b Safari::EventTarget::fireEventListeners(Safari::Event*) + 199
14  com.apple.Safari.framework    	0x000000010bf8b50e Safari::EventTarget::dispatchEvent(Safari::Event*) + 326
15  com.apple.Safari.framework    	0x000000010bf55e3d Safari::ContentExtension::dispatchMessageToPage(Safari::SString const&, Safari::WK::SerializedScriptValue const&, Safari::WK::BundlePage const&) + 105
16  com.apple.Safari.framework    	0x000000010bf59aff Safari::ContentExtensionsController::dispatchExtensionMessageToPage(Safari::SString const&, Safari::SString const&, Safari::WK::SerializedScriptValue const&, Safari::WK::BundlePage const&) const + 65
17  com.apple.Safari.framework    	0x000000010bec8e1b Safari::BrowserBundleController::didReceiveMessage(Safari::WK::Bundle&, Safari::WK::String&, Safari::WK::Type&) + 8485
18  com.apple.Safari.framework    	0x000000010bf3fc03 _ZN6Safari2WKL17didReceiveMessageEPK14OpaqueWKBundlePK14OpaqueWKStringPKvS8_ + 91
19  com.apple.WebKit2             	0x000000010207a938 WebKit::InjectedBundleClient::didReceiveMessage(WebKit::InjectedBundle*, WTF::String const&, WebKit::APIObject*) + 152 (InjectedBundleClient.cpp:62)
20  com.apple.WebKit2             	0x00000001020709ed WebKit::InjectedBundle::didReceiveMessage(WTF::String const&, WebKit::APIObject*) + 61 (InjectedBundle.cpp:438)
21  com.apple.WebKit2             	0x0000000102070ade WebKit::InjectedBundle::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 222 (InjectedBundle.cpp:450)
22  com.apple.WebKit2             	0x00000001022dfa7d WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 797 (WebProcess.cpp:657)
23  com.apple.WebKit2             	0x000000010218143f WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 383 (WebConnectionToUIProcess.cpp:88)
24  com.apple.WebKit2             	0x000000010218148d non-virtual thunk to WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 61
25  com.apple.WebKit2             	0x000000010202a63c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 428 (Connection.cpp:692)
26  com.apple.WebKit2             	0x000000010202cec3 CoreIPC::Connection::dispatchMessages() + 211 (Connection.cpp:720)
27  com.apple.WebKit2             	0x0000000102033b30 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 112 (Functional.h:173)
28  com.apple.WebKit2             	0x0000000102033ab5 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void ()(CoreIPC::Connection*)>::operator()() + 53 (Functional.h:373)
29  com.apple.WebCore             	0x0000000104e4d9dd WTF::Function<void ()()>::operator()() const + 141 (Functional.h:581)
30  com.apple.WebCore             	0x0000000104e4d7b3 WebCore::RunLoop::performWork() + 147 (RunLoop.cpp:66)
31  com.apple.WebCore             	0x0000000104e4c390 WebCore::RunLoop::performWork(void*) + 96 (RunLoopMac.mm:65)
32  com.apple.CoreFoundation      	0x00007fff930f46e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
33  com.apple.CoreFoundation      	0x00007fff930f400c __CFRunLoopDoSources0 + 444
34  com.apple.CoreFoundation      	0x00007fff9311ad39 __CFRunLoopRun + 905
35  com.apple.CoreFoundation      	0x00007fff9311a676 CFRunLoopRunSpecific + 230
36  com.apple.HIToolbox           	0x00007fff9728831f RunCurrentEventLoopInMode + 277
37  com.apple.HIToolbox           	0x00007fff9728f5c9 ReceiveNextEventCommon + 355
38  com.apple.HIToolbox           	0x00007fff9728f456 BlockUntilNextEventMatchingListInMode + 62
39  com.apple.AppKit              	0x00007fff906acf5d _DPSNextEvent + 659
40  com.apple.AppKit              	0x00007fff906ac861 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
41  com.apple.AppKit              	0x00007fff906a919d -[NSApplication run] + 470
42  com.apple.WebCore             	0x0000000104e4c7bc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:101)
43  com.apple.WebKit2             	0x00000001022f5f24 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3556 (WebProcessMainMac.mm:176)
44  com.apple.WebKit2             	0x000000010220c70f _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50)
45  com.apple.WebKit2             	0x000000010220c5f2 WebKitMain + 178 (WebKitMain.cpp:74)
46  com.apple.WebProcess          	0x0000000101ea2d82 main + 290
47  com.apple.WebProcess          	0x0000000101ea2c54 start + 52

Expected result:
WebKit does not crash.
Comment 1 Alexey Proskuryakov 2012-02-04 15:23:09 PST 
I'm not seeing any problem with this page using r106740.

> Crash (seems like infinite loop).

Could you please elaborate? Is there a crash log saved and visible in Console.app?
Comment 2 Dimitris Apostolou 2012-02-07 13:53:12 PST 
Hm, not seeing it either in 106914