[Webkit-unassigned] [Bug 19767] New: ASSERT failure when visiting http://www.onnyturf.com/subway/

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 25 09:00:56 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=19767

           Summary: ASSERT failure when visiting
                    http://www.onnyturf.com/subway/
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: andersca at apple.com


When I go to that page I get 

ASSERTION FAILED: i < size()
(./wtf/Vector.h:437 T& WTF::Vector<T, inlineCapacity>::at(size_t) [with T =
KJS::AVLTreeNodeForArrayCompare, long unsigned int inlineCapacity = 0ul])

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x006ad3d1 in WTF::Vector<KJS::AVLTreeNodeForArrayCompare, 0ul>::at
(this=0xbfffca74, i=2147483647) at Vector.h:437
437                 ASSERT(i < size());

(gdb) bt
#0  0x006ad3d1 in WTF::Vector<KJS::AVLTreeNodeForArrayCompare, 0ul>::at
(this=0xbfffca74, i=2147483647) at Vector.h:437
#1  0x006ad414 in WTF::Vector<KJS::AVLTreeNodeForArrayCompare, 0ul>::operator[]
(this=0xbfffca74, i=2147483647) at Vector.h:446
#2  0x006ad5be in KJS::AVLTreeAbstractorForArrayCompare::set_balance_factor
(this=0xbfffca74, h=2147483647, bf=1) at JSArray.cpp:581
#3  0x006ad611 in KJS::AVLTree<KJS::AVLTreeAbstractorForArrayCompare, 44u,
KJS::AVLTreeDefaultBSet<44u> >::set_bf (this=0xbfffca74, h=2147483647, bf=1) at
AVLTree.h:479
#4  0x006da0c0 in KJS::AVLTree<KJS::AVLTreeAbstractorForArrayCompare, 44u,
KJS::AVLTreeDefaultBSet<44u> >::insert (this=0xbfffca74, h=251) at
AVLTree.h:662
#5  0x0067a0b4 in KJS::JSArray::sort (this=0x182f5980, exec=0xbfffdabc,
compareFunction=0x182f5940) at JSArray.cpp:651
#6  0x0067a738 in KJS::arrayProtoFuncSort (exec=0xbfffdabc, thisObj=0x182f5980,
args=@0xbfffcc9c) at ArrayPrototype.cpp:384
#7  0x006555ba in KJS::PrototypeFunction::callAsFunction (this=0x182f59a0,
exec=0xbfffdabc, thisObj=0x182f5980, args=@0xbfffcc9c) at JSFunction.cpp:731
#8  0x006f409d in KJS::Machine::privateExecute (this=0x344c5c0,
flag=KJS::Machine::Normal, exec=0xbfffdabc, registerFile=0x18708400,
r=0x16dc8f1c, scopeChain=0x18708420, codeBlock=0x16dc8bf0,
exception=0xbfffdb48) at
/Volumes/Shared/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:2122
#9  0x006f611f in KJS::Machine::execute (this=0x344c5c0,
programNode=0x18758810, exec=0x18705a50, scopeChain=0x18708420,
thisObj=0x182f0000, registerFileStack=0x34eb2e8, exception=0xbfffdb48) at
/Volumes/Shared/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:669
#10 0x0069bfbe in KJS::Interpreter::evaluate (exec=0x18705a50,
scopeChain=@0x34eb308, sourceURL=@0xbfffdbe4, startingLineNumber=1,
source=@0xbfffdbdc, thisValue=0x182f0000) at interpreter.cpp:82
#11 0x014c4f00 in WebCore::ScriptController::evaluate (this=0x38804c0,
filename=@0xbfffde08, baseLine=1, str=@0xbfffde88) at
/Volumes/Shared/WebKit/OpenSource/WebCore/bindings/js/ScriptController.cpp:90
#12 0x01007767 in WebCore::FrameLoader::executeScript (this=0x3880224,
url=@0xbfffde08, baseLine=1, script=@0xbfffde88) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:783
#13 0x01098e16 in WebCore::HTMLTokenizer::scriptExecution (this=0x393fc00,
str=@0xbfffde88, state={static EntityShift = 4, m_bits = 0},
scriptURL=@0xbfffdf28, baseLine=1) at
/Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:543
#14 0x0109a4d9 in WebCore::HTMLTokenizer::scriptHandler (this=0x393fc00,
state={static EntityShift = 4, m_bits = 0}) at
/Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:483
#15 0x0109ab2a in WebCore::HTMLTokenizer::parseSpecial (this=0x393fc00,
src=@0x3940550, state={static EntityShift = 4, m_bits = 128}) at
/Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:331
#16 0x0109cb98 in WebCore::HTMLTokenizer::parseTag (this=0x393fc00,
src=@0x3940550, state={static EntityShift = 4, m_bits = 128}) at
/Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:1497
#17 0x0109d545 in WebCore::HTMLTokenizer::write (this=0x393fc00,
str=@0xbfffe234, appendData=true) at
/Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:1732
#18 0x00ffeeb1 in WebCore::FrameLoader::write (this=0x3880224, str=0x0, len=0,
flush=true) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:1025
#19 0x01006c39 in WebCore::FrameLoader::endIfNotLoadingMainResource
(this=0x3880224) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:1061
#20 0x01006c83 in WebCore::FrameLoader::end (this=0x3880224) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:1046
#21 0x00f88410 in WebCore::DocumentLoader::finishedLoading (this=0x3935000) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/DocumentLoader.cpp:343
#22 0x01001ca8 in WebCore::FrameLoader::finishedLoading (this=0x3880224) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:2899
#23 0x0120029d in WebCore::MainResourceLoader::didFinishLoading
(this=0x3936800) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/MainResourceLoader.cpp:320
#24 0x0130dde8 in WebCore::ResourceLoader::didFinishLoading (this=0x3936800) at
/Volumes/Shared/WebKit/OpenSource/WebCore/loader/ResourceLoader.cpp:389
#25 0x0130b54d in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] (self=0x16de1070, _cmd=0x945135c4, con=0x16de1eb0)
at
/Volumes/Shared/WebKit/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:521
#26 0x965133f7 in -[NSURLConnection(NSURLConnectionReallyInternal)
sendDidFinishLoading] ()
#27 0x96513363 in _NSURLConnectionDidFinishLoading ()
#28 0x96abcd57 in sendDidFinishLoadingCallback ()
#29 0x96ab9e4a in _CFURLConnectionSendCallbacks ()
#30 0x96ab95e7 in muxerSourcePerform ()
#31 0x947ee60e in CFRunLoopRunSpecific ()
#32 0x947eecf8 in CFRunLoopRunInMode ()
#33 0x90805da4 in RunCurrentEventLoopInMode ()
#34 0x90805af6 in ReceiveNextEventCommon ()
#35 0x90805a31 in BlockUntilNextEventMatchingListInMode ()
#36 0x952e4505 in _DPSNextEvent ()
#37 0x952e3db8 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#38 0x00026172 in -[BrowserApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] (self=0x341cb40,
_cmd=0x944c6be0, mask=4294967295, expiration=0x3416420, mode=0xa0644b40,
dequeue=1 '\001') at
/Volumes/Shared/WebKit/Internal/Safari/mac/BrowserApplication.m:183
#39 0x952dcdf3 in -[NSApplication run] ()
#40 0x952aa030 in NSApplicationMain ()


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list