[Webkit-unassigned] [Bug 18392] Crash in KJS::ArrayInstance::inlineGetOwnPropertySlot viewing enhanced Wikipedia diff

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 9 11:52:23 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18392


webkit at mattlilek.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |webkit at mattlilek.com
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
           Keywords|                            |NeedsReduction
           Priority|P2                          |P1
            Summary|KJS crash with wikipedia JS |Crash in
                   |tool                        |KJS::ArrayInstance::inlineGe
                   |                            |tOwnPropertySlot viewing
                   |                            |enhanced Wikipedia diff




------- Comment #3 from webkit at mattlilek.com  2008-04-09 11:52 PDT -------
Confirmed with r31753, probably a regression but it untested right now.

Top of debug stack trace:
Thread 0 Crashed:
0   com.apple.JavaScriptCore            0x0047df6c
KJS::ArrayInstance::inlineGetOwnPropertySlot(KJS::ExecState*, unsigned int,
KJS::PropertySlot&) + 162 (array_instance.cpp:148)
1   com.apple.JavaScriptCore            0x00427f42
KJS::ArrayInstance::getOwnPropertySlot(KJS::ExecState*, unsigned int,
KJS::PropertySlot&) + 38 (array_instance.cpp:182)
2   com.apple.JavaScriptCore            0x0040982f
KJS::JSObject::getPropertySlot(KJS::ExecState*, unsigned int,
KJS::PropertySlot&) + 51 (object.cpp:183)
3   com.apple.JavaScriptCore            0x0042697e
KJS::JSObject::get(KJS::ExecState*, unsigned int) const + 38 (object.cpp:172)
4   com.apple.JavaScriptCore            0x0047f9b5
KJS::BracketAccessorNode::inlineEvaluate(KJS::ExecState*) + 235 (nodes.cpp:912)
5   com.apple.JavaScriptCore            0x004351d4
KJS::BracketAccessorNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:919)
6   com.apple.JavaScriptCore            0x0047ed75
KJS::NotEqualNode::inlineEvaluateToBoolean(KJS::ExecState*) + 37
(nodes.cpp:3143)
7   com.apple.JavaScriptCore            0x0043308a
KJS::NotEqualNode::evaluateToBoolean(KJS::ExecState*) + 30 (nodes.cpp:3158)
8   com.apple.JavaScriptCore            0x004319b5
KJS::IfNode::execute(KJS::ExecState*) + 43 (nodes.cpp:4026)
9   com.apple.JavaScriptCore            0x0041535d
KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&,
KJS::ExecState*) + 85 (nodes.cpp:3946)
10  com.apple.JavaScriptCore            0x004153ea
KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3972)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list