[Webkit-unassigned] [Bug 12671] New: CrashTracer: [USER] 1 crashes in Safari at com.apple.WebCore: WebCore::Frame::scriptProxy + 28

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 6 23:36:25 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=12671

           Summary: CrashTracer: [USER] 1 crashes in Safari at
                    com.apple.WebCore: WebCore::Frame::scriptProxy + 28
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P1
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mjs at apple.com


2007-02-02 20:01:55 CrashTracer System:
* SUMMARY
Safari has crashed on 9A343. Crash log attached. This Radar was filed by the
CrashTrace System on behalf of slewis at apple.com. More data for this crash and
similar instances will eventually be available at:
   
http://crashtracer.apple.com/detail.php?crash_id=6290252&app=Safari&build=9A343

* ALERT
Note: This issue *may* be a duplicate of this radar which has the same crashing
stack frame but different offset, rdar://4872556 . Please consider this when
screening, but make no assumptions.

* STEPS TO REPRODUCE
Trying to reproduce 4693380 on Leopard 9A343. Got this crash instead.  100%
reproducible

* STEPS TO REPRODUCE
1. launch Safari and go to www.apple.com
2. After page loads, press command -R
3. As the page starts to reload, click the bookmark icon to switch to bookmark
view
THEN immediately click the bookmark icon again to exit bookmark view.
4. A crash occurs for me when attempting to leave bookmark view

* BACKTRACE ('>' indicates stack frame used for CrashTracer aggregation)

Thread 0 Crashed:
>#0   com.apple.WebCore          0x965ba90c  WebCore::Frame::scriptProxy() + 28
  #1   com.apple.WebCore          0x967488e8 
KJS::JSHTMLElement::implementsCall() const + 168
  #2   com.apple.JavaScriptCore   0x96c89280  typeStringForValue(KJS::JSValue*)
+ 336
  #3   com.apple.JavaScriptCore   0x96c89ab8 
KJS::TypeOfResolveNode::evaluate(KJS::ExecState*) + 200
  #4   com.apple.JavaScriptCore   0x96c65f54 
KJS::EqualNode::evaluate(KJS::ExecState*) + 52
  #5   com.apple.JavaScriptCore   0x96c68d74 
KJS::IfNode::execute(KJS::ExecState*) + 100
  #6   com.apple.JavaScriptCore   0x96c65074 
KJS::SourceElementsNode::execute(KJS::ExecState*) + 468
  #7   com.apple.JavaScriptCore   0x96c64e14 
KJS::BlockNode::execute(KJS::ExecState*) + 148
  #8   com.apple.JavaScriptCore   0x96c69404 
KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52
  #9   com.apple.JavaScriptCore   0x96c8359c 
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 444
  #10  com.apple.JavaScriptCore   0x96c94c10 
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112
  #11  com.apple.JavaScriptCore   0x96c8b734 
KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 596
  #12  com.apple.JavaScriptCore   0x96c8a4cc 
KJS::AssignResolveNode::evaluate(KJS::ExecState*) + 236
  #13  com.apple.JavaScriptCore   0x96c65ca4 
KJS::ExprStatementNode::execute(KJS::ExecState*) + 100
  #14  com.apple.JavaScriptCore   0x96c64f98 
KJS::SourceElementsNode::execute(KJS::ExecState*) + 248
  #15  com.apple.JavaScriptCore   0x96c64e14 
KJS::BlockNode::execute(KJS::ExecState*) + 148
  #16  com.apple.JavaScriptCore   0x96c69404 
KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52
  #17  com.apple.JavaScriptCore   0x96c8359c 
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 444
  #18  com.apple.JavaScriptCore   0x96c94c10 
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112
  #19  com.apple.JavaScriptCore   0x96c8b1f4 
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 644
  #20  com.apple.JavaScriptCore   0x96c65ca4 
KJS::ExprStatementNode::execute(KJS::ExecState*) + 100
  #21  com.apple.JavaScriptCore   0x96c65074 
KJS::SourceElementsNode::execute(KJS::ExecState*) + 468
  #22  com.apple.JavaScriptCore   0x96c64e14 
KJS::BlockNode::execute(KJS::ExecState*) + 148
  #23  com.apple.JavaScriptCore   0x96c68e94 
KJS::IfNode::execute(KJS::ExecState*) + 388
  #24  com.apple.JavaScriptCore   0x96c64f98 
KJS::SourceElementsNode::execute(KJS::ExecState*) + 248
  #25  com.apple.JavaScriptCore   0x96c64e14 
KJS::BlockNode::execute(KJS::ExecState*) + 148
  #26  com.apple.JavaScriptCore   0x96c69404 
KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52
  #27  com.apple.JavaScriptCore   0x96c8359c 
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 444
  #28  com.apple.JavaScriptCore   0x96c94c10 
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112
  #29  com.apple.JavaScriptCore   0x96c81450 
KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 1600
  #30  com.apple.JavaScriptCore   0x96c94c10 
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112
  #31  com.apple.JavaScriptCore   0x96c8b1f4 
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 644
  #32  com.apple.JavaScriptCore   0x96c6a064 
KJS::ReturnNode::execute(KJS::ExecState*) + 228
  #33  com.apple.JavaScriptCore   0x96c64f98 
KJS::SourceElementsNode::execute(KJS::ExecState*) + 248
  #34  com.apple.JavaScriptCore   0x96c64e14 
KJS::BlockNode::execute(KJS::ExecState*) + 148
  #35  com.apple.JavaScriptCore   0x96c69404 
KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52
  #36  com.apple.JavaScriptCore   0x96c8359c 
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 444
  #37  com.apple.JavaScriptCore   0x96c94c10 
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112
  #38  com.apple.WebCore          0x964e191c 
KJS::ScheduledAction::execute(KJS::Window*) + 220
  #39  com.apple.WebCore          0x9675a278 
KJS::Window::timerFired(KJS::DOMWindowTimer*) + 232
  #40  com.apple.WebCore          0x9675a3bc  KJS::DOMWindowTimer::fired() + 44
  #41  com.apple.WebCore          0x966f6e90 
WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul>
const&) + 176
  #42  com.apple.WebCore          0x966f6f2c 
WebCore::TimerBase::sharedTimerFired() + 108
  #43  com.apple.CoreFoundation   0x9094b58c  CFRunLoopRunSpecific + 2724
  #44  com.apple.HIToolbox        0x93466c5c  RunCurrentEventLoopInMode + 288
  #45  com.apple.HIToolbox        0x9346632c  ReceiveNextEventCommon + 412
  #46  com.apple.HIToolbox        0x93466168 
BlockUntilNextEventMatchingListInMode + 84
  #47  com.apple.AppKit           0x94586278  _DPSNextEvent + 580
  #48  com.apple.AppKit           0x94585cd0  -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 108
  #49  com.apple.Safari           0x000068a0  -[BrowserApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 192
  #50  com.apple.AppKit           0x9458007c  -[NSApplication run] + 736
  #51  com.apple.AppKit           0x94574a54  NSApplicationMain + 548
  #52  com.apple.Safari           0x00002650  _start + 348
  #53  com.apple.Safari           0x0005026c  start + 44

* REGRESSION
So far this crash has been reported 1 time in OS build 9A343, Safari version
521.32.1.

* ABOUT CRASHTRACER
More information: http://howto.apple.com/db.cgi?CrashTracer
Questions, Comments, Concerns? email: crashtracer-help at group.apple.com

2007-02-03 05:35:35 John Sullivan:
This is crashing in JavaScript code, so it can't be a Safari Front End bug.

2007-02-05 13:16:07 Stephanie Lewis:
By virtue of being Safari Blocker Reviewed, these have been Safari BRB Reviewed

<rdar://problem/4974258>


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list