[webkit-dev] Why does this code crash (jsString() call)

Alexander Vassilev avasilev at voipgate.com
Mon Feb 9 05:55:08 PST 2009

Here are some more clues :

>      JSC::JSLock lock(false);
>      QWebFrame* frame = qobject_cast<QWebFrame*>(webView->page()->mainFrame());
> //QWebFrame::getWebCoreFrame() is added by me to access webkit directly, the implementation of that method
> //returns d->frame
>      WebCore::Frame* f = frame->getWebCoreFrame();
>      WebCore::JSDOMWindow *window = toJSDOMWindow(f);
>      if (!window)
>      {
>           printf("Warning: couldn't get window object");
>           return;
>      }
>      JSC::ExecState* exec = window->globalExec();
>     JSC::JSString* p =  jsString(exec, JSC::UString("test"));  //<=== CRASH HERE

> Program received signal SIGSEGV, Segmentation fault.
> 0x01b7fe91 in JSC::ExecState::globalData (this=0x6ff38bc)
>     at /work/qt-4.5new/src/3rdparty/webkit/JavaScriptCore/interpreter/CallFrame.h:68
> 68                  return *scopeChain()->globalData;
> Current language:  auto; currently c++
> (gdb) call scopeChain()
> $1 = (ScopeChainNode *) 0x0
> (gdb) bt
> #0  0x01b7fe91 in JSC::ExecState::globalData (this=0x6ff38bc)
>     at /work/qt-4.5new/src/3rdparty/webkit/JavaScriptCore/interpreter/CallFrame.h:6

Indeed, when I log exec->scopeChain() just before the call to
jsString(), it is often (but not always) NULL. In these cases, I the
crash message from Windows says that the invalid access is to address
0x00000008. In other cases exec->scopeChain() is not NULL and then the
crash message says invalid access to address 0x000004ba. Interestingly,
when I load a heavy web page from internet (no problem with this at all,
everything works normal and the page is displayed), and query
exec->scopeChain() i also often get NULL, so it seems that it is normal
for this to be NULL. Still i'm shooting in the dark, I will dig more
deeply in the webkit code, but I will be very thankful if someone can
give me a hint.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: avasilev.vcf
Type: text/x-vcard
Size: 134 bytes
Desc: not available
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20090209/c074d392/attachment.vcf>

More information about the webkit-dev mailing list