Bug 99543 - Crash on Frame::inScope() part 2
Summary: Crash on Frame::inScope() part 2
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Hajime Morrita
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-16 22:42 PDT by Hajime Morrita
Modified: 2012-10-17 01:00 PDT (History)
2 users (show)

See Also:

Attachments
Patch (1.53 KB, patch)
2012-10-16 23:23 PDT, Hajime Morrita 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hajime Morrita 2012-10-16 22:42:29 PDT 
This upstreams http://code.google.com/p/chromium/issues/detail?id=155343

Relevant strack trace:
0x7f0e78388d30	 [chrome]	 - third_party/WebKit/Source/WebCore/dom/Node.cpp:460]	WebCore::Node::treeScope
0x7f0e78c830a7	 [chrome]	 - third_party/WebKit/Source/WebCore/page/Frame.cpp:242]	WebCore::Frame::inScope
0x7f0e78c85932	 [chrome]	 - third_party/WebKit/Source/WebCore/page/FrameTree.cpp:199]	WebCore::FrameTree::scopedChildCount
0x7f0e790b57e8	 [chrome]	 - out/Release/obj/gen/webcore/bindings/V8DOMWindow.cpp:854]	WebCore::DOMWindowV8Internal::lengthAttrGetter
0x7f0e786142ee	 [chrome]	 - v8/src/objects.cc:207]	v8::internal::JSObject::GetPropertyWithCallback
0x7f0e7879f461	 [chrome]	 - v8/src/ic.cc:934]	v8::internal::LoadIC::Load
0x7f0e7879fbc9	 [chrome]	 - v8/src/ic.cc:2088]	v8::internal::LoadIC_Miss
0x33349f60618d			

I made a shot at http://trac.webkit.org/changeset/130006 but it looks I missed.
Comment 1 Hajime Morrita 2012-10-16 23:23:08 PDT 
Created attachment 169096 [details]
Patch
Comment 2 Hajime Morrita 2012-10-16 23:23:35 PDT 
Keent-san, could you take a look?
Comment 3 Kent Tamura 2012-10-16 23:25:04 PDT 
Comment on attachment 169096 [details]
Patch

Looks ok
Comment 4 WebKit Review Bot 2012-10-17 01:00:21 PDT 
Comment on attachment 169096 [details]
Patch

Clearing flags on attachment: 169096

Committed r131561: <http://trac.webkit.org/changeset/131561>
Comment 5 WebKit Review Bot 2012-10-17 01:00:25 PDT 
All reviewed patches have been landed.  Closing bug.