[Webkit-unassigned] [Bug 18797] Safari crashes in KJS::ArrayInstance::~ArrayInstance

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 29 05:05:39 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18797


webkit at mattlilek.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|Page Loading                |JavaScriptCore
           Keywords|                            |NeedsReduction, Regression
           Priority|P2                          |P1




------- Comment #1 from webkit at mattlilek.com  2008-04-29 05:05 PDT -------
This crashed for me the first time I reloaded the page:

Safari(22391,0xa019efa0) malloc: *** error for object 0x4ef8e8: pointer being
freed was not allocated
Safari(22391,0xa019efa0) malloc: *** error for object 0x12ddae80: pointer being
freed was not allocated

Top of debug stack trace:
Thread 0 Crashed:
0   com.apple.JavaScriptCore            0x00474142 unsigned long
KJS::Collector::sweep<(KJS::Collector::HeapType)0>(bool) + 750
(collector.cpp:876)
1   com.apple.JavaScriptCore            0x0043273c KJS::Collector::collect() +
382 (collector.cpp:958)
2   com.apple.JavaScriptCore            0x00484157 void*
KJS::Collector::heapAllocate<(KJS::Collector::HeapType)0>(unsigned long) + 753
3   com.apple.JavaScriptCore            0x004327a3
KJS::Collector::allocate(unsigned long) + 17 (collector.cpp:298)
4   com.apple.JavaScriptCore            0x004327b7 KJS::JSCell::operator
new(unsigned long) + 17 (value.cpp:86)
5   com.apple.JavaScriptCore            0x0044084f KJS::jsString(KJS::UString
const&) + 105 (value.cpp:217)
6   com.apple.JavaScriptCore            0x0044483c
KJS::StringObjectImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 108 (string_object.cpp:996)
7   com.apple.JavaScriptCore            0x004474fe
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222
(object.cpp:99)
8   com.apple.JavaScriptCore            0x004a6847 KJS::JSValue*
KJS::ExpressionNode::resolveAndCall<(KJS::ExpressionNode::CallerType)1,
false>(KJS::ExecState*, KJS::Identifier const&, KJS::ArgumentsNode*, unsigned
long) + 673
9   com.apple.JavaScriptCore            0x004a6925
KJS::NonLocalVarFunctionCallNode::inlineEvaluate(KJS::ExecState*) + 141
(nodes.cpp:1357)
10  com.apple.JavaScriptCore            0x0046d752
KJS::NonLocalVarFunctionCallNode::evaluate(KJS::ExecState*) + 30
(nodes.cpp:1362)
11  com.apple.JavaScriptCore            0x0044f596
KJS::AssignLocalVarNode::evaluate(KJS::ExecState*) + 144 (nodes.cpp:3554)
12  com.apple.JavaScriptCore            0x0044ea41
KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3993)
13  com.apple.JavaScriptCore            0x004313ad
KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&,
KJS::ExecState*) + 85 (nodes.cpp:3946)
14  com.apple.JavaScriptCore            0x0043143a
KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3972)
15  com.apple.JavaScriptCore            0x0044e98f
KJS::IfNode::execute(KJS::ExecState*) + 121 (nodes.cpp:4030)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list