[Webkit-unassigned] [Bug 18934] New: SQUIRRELFISH: ASSERT @ nytimes.com due to invalid exception table entry

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 7 21:48:20 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=18934

           Summary: SQUIRRELFISH: ASSERT @ nytimes.com due to invalid
                    exception table entry
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
               URL: http://nytimes.com
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: SquirrelFishBlocker
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ggaren at apple.com


TO REPRODUCE:
1. navigate to nytimes.com
-> crash

ASSERTION FAILED: addressOffset < instructions.size()
(/Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/CodeBlock.cpp:541
bool KJS::CodeBlock::getHandlerForVPC(const KJS::Instruction*,
KJS::Instruction*&, int&))
Program received signal:  “EXC_BAD_ACCESS”.

Script URL: 

http://pagead2.googlesyndication.com/pagead/show_ads.js

Script:

      m_buffer = 0x1a0d1000 "(function(){?var
f=document,j=navigator,l=window;function da(){var b=f.cookie,a=Math.round((new
Date).getTime()/1000),c=b.indexOf(\"__utma=\")>-1,e=b.indexOf(\"__utmb=\")>-1,d=b.indexOf(\"__utmc=\")>-1,g,i="..., 
      m_capacity = 19864

Top of Backtrace:

#0  0x00651cfe in KJS::CodeBlock::getHandlerForVPC (this=0x19d40000,
vPC=0x19d48280, target=@0xbfffccb0, scopeDepth=@0xbfffccb4) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/CodeBlock.cpp:541
#1  0x0063bd43 in KJS::Machine::throwException (this=0x682760, exec=0xbfffdab4,
exceptionValue=0x19d4b260, registerBase=0x18037680, vPC=0x19d48280,
codeBlock=@0xbfffda98, k=@0xbfffce08, scopeChain=@0xbfffda94, r=@0xbfffda90) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:539
#2  0x00641a92 in KJS::Machine::privateExecute (this=0x682760,
flag=KJS::Machine::Normal, exec=0xbfffdab4, registerFile=0x18037670,
r=0x6c26bef0, scopeChain=0x19fe7270, codeBlock=0x19d40000,
exception=0xbfffdb4c) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:2008
#3  0x00642303 in KJS::Machine::execute (this=0x682760, programNode=0x19fb8760,
exec=0x19bc9c8c, scopeChain=0x18037660, thisObj=0x19d40000,
registerFileStack=0x19bc9c68, exception=0xbfffdb4c) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:577
#4  0x005e2e5b in KJS::Interpreter::evaluate (exec=0x19bc9c8c,
scopeChain=@0x19bc9c88, sourceURL=@0xbfffdbd4, startingLineNumber=0,
code=0x19ed5000, codeLength=19863, thisValue=0x19d40000) at interpreter.cpp:84
#5  0x024282e7 in WebCore::KJSProxy::evaluate (this=0x152c2dc0,
filename=@0xbfffde08, baseLine=0, str=@0xbfffde8c) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/kjs_proxy.cpp:87
#6  0x01fea437 in WebCore::FrameLoader::executeScript (this=0x409b800,
url=@0xbfffde08, baseLine=0, script=@0xbfffde8c) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:771
#7  0x0206e53e in WebCore::HTMLTokenizer::scriptExecution (this=0x418d200,
str=@0xbfffde8c, state={static EntityShift = 4, m_bits = 0},
scriptURL=@0xbfffde88, baseLine=0) at
/Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/html/HTMLTokenizer.cpp:540


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list