[webkit-dev] Why does this code crash (jsString() call)

Alexander Vassilev avasilev at voipgate.com
Mon Feb 9 04:48:05 PST 2009 

Hi all,

Can someone please tell me why this code crashes (Qt 4.5, platform
win32-g++, Windows XP SP2):

     JSC::JSLock lock(false);

     QWebFrame* frame = qobject_cast<QWebFrame*>(webView->page()->mainFrame());

//QWebFrame::getWebCoreFrame() is added by me to access webkit directly, the implementation of that method
//returns d->frame
     WebCore::Frame* f = frame->getWebCoreFrame(); 

     WebCore::JSDOMWindow *window = toJSDOMWindow(f);

     if (!window) 

     {

          printf("Warning: couldn't get window object");

          return;

     }

     JSC::ExecState* exec = window->globalExec();

    JSC::JSString* p =  jsString(exec, JSC::UString("test"));  //<=== CRASH HERE




I execute this code when a button is pressed, and i press it when the
page is completely loaded (which happens quite immediately since its a
few lines of test html). Using this code to create properties of the
globalObject, and also to define  custom class with JSClassCreate() and
JSObjectMakeConstructor() works flawlessly, I can access objects crated
from C++ code and create instances from javascript. But when I needed to
call jsString() I had this crash.
The crash report says invalid read access to memory at 0x000004ba. I
tried to debug it, but GDB behaves strangely, so I cannot trust it.
Putting breakpoints and logging statements just before my call to
jsString, they are never executed, and the backtrace shows a path that
is completely different. Still when i comment out my call to jsString()
there is not crash and everything works perfectly. Also, putting an
exit() statement just before the sjString() call and running under gdb
causes no crash, the app exists cleanly, and now I am able to put a
breakpoint before the exit. This is why I cannot trust gdb for debugging
this. Maybe it would be easier if someone can note an obvious error in
my code if such exists.  Here is the gdb output anyway:

Program received signal SIGSEGV, Segmentation fault.
0x01b7fe91 in JSC::ExecState::globalData (this=0x6ff38bc)
    at /work/qt-4.5new/src/3rdparty/webkit/JavaScriptCore/interpreter/CallFrame.h:68
68                  return *scopeChain()->globalData;
Current language:  auto; currently c++
(gdb) call scopeChain()
$1 = (ScopeChainNode *) 0x0
(gdb) bt
#0  0x01b7fe91 in JSC::ExecState::globalData (this=0x6ff38bc)
    at /work/qt-4.5new/src/3rdparty/webkit/JavaScriptCore/interpreter/CallFrame.h:68
#1  0x01798a35 in JSC::ExecState::heap ()
#2  0x00439181 in JSC::JSCell::operator new ()
#3  0x0059d1b4 in JSC::JSGlobalObject::reset ()
#4  0x0059cee8 in JSC::JSGlobalObject::init ()
#5  0x01768d2a in JSC::JSGlobalObject::JSGlobalObject ()
#6  0x0059851d in WebCore::JSDOMGlobalObject::JSDOMGlobalObject ()
#7  0x00455de1 in WebCore::JSDOMWindowBase::JSDOMWindowBase ()
#8  0x006777eb in WebCore::JSDOMWindow::JSDOMWindow ()
#9  0x00599da6 in WebCore::JSDOMWindowShell::setWindow ()
#10 0x00599969 in WebCore::JSDOMWindowShell::JSDOMWindowShell ()
#11 0x00447018 in WebCore::ScriptController::initScript ()
#12 0x01a45008 in WebCore::ScriptController::initScriptIfNeeded ()
#13 0x01a44f91 in WebCore::ScriptController::windowShell ()
#14 0x0045b7b2 in WebCore::toJSDOMWindow ()
#15 0x0043fbf4 in QWebFrame::addToJavaScriptWindowObject ()
#16 0x00401d3c in qMain (argc=1, argv=0x35640) at main.cpp:239
#17 0x00402f83 in WinMain (instance=0x400000, prevInstance=0x0, cmdShow=10)
    at qtmain_win.cpp:133
#18 0x00402a2a in main ()
(gdb) 



Thanks for any help
Best regards
Alex


-------------- next part --------------
A non-text attachment was scrubbed...
Name: avasilev.vcf
Type: text/x-vcard
Size: 134 bytes
Desc: not available
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20090209/b0f5c605/attachment.vcf>

More information about the webkit-dev mailing list