[Webkit-unassigned] [Bug 15250] New: REGRESSION: Reproducible crash in Safari when evaluating script in Drosera console

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 21 03:37:11 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=15250

           Summary: REGRESSION: Reproducible crash in Safari when evaluating
                    script in Drosera console
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: Regression
          Severity: Major
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrowe at apple.com


Evaluating any JavaScript in the Drosera console will crash the Safari instance
it is attached to with the following backtrace:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x01640b39 in KJS::JSCell::isObject (this=0x0) at value.h:231
231         return type() == ObjectType;
(gdb) bt
#0  0x01640b39 in KJS::JSCell::isObject (this=0x0) at value.h:231
#1  0x01875015 in KJS::JSCell::isObject (this=0x0, info=0x1cb2120) at
object.h:539
#2  0x0187507d in KJS::JSValue::isObject (this=0x0, c=0x1cb2120) at
object.h:545
#3  0x018a1a28 in KJS::ScriptInterpreter::isGlobalObject (this=0x27ef6020,
v=0x0) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebCore/bindings/js/kjs_binding.cpp:270
#4  0x02c44cc5 in KJS::GlobalFuncImp::callAsFunction (this=0x27183360,
exec=0xbfffd82c, thisObj=0x0, args=@0xbfffc9a0) at function.cpp:820
#5  0x02c2298a in KJS::JSObject::call (this=0x27183360, exec=0xbfffd82c,
thisObj=0x0, args=@0xbfffc9a0) at object.cpp:94
#6  0x01640696 in -[WebCoreScriptCallFrame evaluateWebScript:]
(self=0x27c93e20, _cmd=0x3bc2fa, script=0x26d9b990) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebCore/bridge/mac/WebCoreScriptDebugger.mm:366
#7  0x00362880 in -[WebScriptCallFrame evaluateWebScript:] (self=0x26c1e9f0,
_cmd=0x3bc2fa, script=0x26d9b990) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebKit/WebView/WebScriptDebugDelegate.mm:192
#8  0x935a3f7d in __invoking___ ()
#9  0x935a3968 in -[NSInvocation invoke] ()
#10 0x935a3a38 in -[NSInvocation invokeWithTarget:] ()
#11 0x935a3eaa in ___forwarding___ ()
#12 0x935a3f12 in __forwarding_prep_0___ ()
#13 0x935a3f7d in __invoking___ ()
#14 0x935a3968 in -[NSInvocation invoke] ()
#15 0x93f4bc94 in -[NSConnection dispatchInvocation:] ()
#16 0x93f49c47 in -[NSConnection handleRequest:sequence:] ()
#17 0x93f4948d in -[NSConnection handlePortCoder:] ()
#18 0x93f48fbe in -[NSConcretePortCoder dispatch] ()

I'm pretty sure this is due to Antti's changes relating to the global object
used by "eval".


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list