RESOLVED FIXED 99543
Crash on Frame::inScope() part 2 
https://bugs.webkit.org/show_bug.cgi?id=99543
Summary Crash on Frame::inScope() part 2
Hajime Morrita
Reported 2012-10-16 22:42:29 PDT
This upstreams http://code.google.com/p/chromium/issues/detail?id=155343 Relevant strack trace: 0x7f0e78388d30 [chrome] - third_party/WebKit/Source/WebCore/dom/Node.cpp:460] WebCore::Node::treeScope 0x7f0e78c830a7 [chrome] - third_party/WebKit/Source/WebCore/page/Frame.cpp:242] WebCore::Frame::inScope 0x7f0e78c85932 [chrome] - third_party/WebKit/Source/WebCore/page/FrameTree.cpp:199] WebCore::FrameTree::scopedChildCount 0x7f0e790b57e8 [chrome] - out/Release/obj/gen/webcore/bindings/V8DOMWindow.cpp:854] WebCore::DOMWindowV8Internal::lengthAttrGetter 0x7f0e786142ee [chrome] - v8/src/objects.cc:207] v8::internal::JSObject::GetPropertyWithCallback 0x7f0e7879f461 [chrome] - v8/src/ic.cc:934] v8::internal::LoadIC::Load 0x7f0e7879fbc9 [chrome] - v8/src/ic.cc:2088] v8::internal::LoadIC_Miss 0x33349f60618d I made a shot at http://trac.webkit.org/changeset/130006 but it looks I missed.
Attachments
Patch (1.53 KB, patch)
2012-10-16 23:23 PDT, Hajime Morrita 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Hajime Morrita
Comment 1 2012-10-16 23:23:08 PDT
Created attachment 169096 [details] Patch
Hajime Morrita
Comment 2 2012-10-16 23:23:35 PDT
Keent-san, could you take a look?
Kent Tamura
Comment 3 2012-10-16 23:25:04 PDT
Comment on attachment 169096 [details] Patch Looks ok
WebKit Review Bot
Comment 4 2012-10-17 01:00:21 PDT
Comment on attachment 169096 [details] Patch Clearing flags on attachment: 169096 Committed r131561: <http://trac.webkit.org/changeset/131561>
WebKit Review Bot
Comment 5 2012-10-17 01:00:25 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.