[Webkit-unassigned] [Bug 19044] New: SquirrelFish: Null dereference
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 14 05:19:19 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=19044
Summary: SquirrelFish: Null dereference
Product: WebKit
Version: 526+ (Nightly build)
Platform: Macintosh
URL: http://blog.wired.com/games/2008/05/for-wiiware-nin.html
OS/Version: Mac OS X 10.5
Status: NEW
Keywords: SquirrelFish, SquirrelFishBlocker
Severity: Blocker
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: oliver at apple.com
CC: mjs at apple.com, ggaren at apple.com, cwzwarich at uwaterloo.ca
Crash occurs with back trace
#0 0x00505437 in KJS::JSValue::toObject (this=0x0, exec=0xbfffde14) at
value.h:523
#1 0x00491273 in functionProtoFuncApply (exec=0xbfffde14, thisObj=0x1a7dc220,
args=@0xbfffd090) at function_object.cpp:91
#2 0x0046a8ea in KJS::PrototypeFunction::callAsFunction (this=0x1a4b00a0,
exec=0xbfffde14, thisObj=0x1a7dc220, args=@0xbfffd090) at function.cpp:747
#3 0x00520f12 in KJS::Machine::privateExecute (this=0x572960,
flag=KJS::Machine::Normal, exec=0xbfffde14, registerFile=0x1a6d9530,
r=0x1c73a450, scopeChain=0x1a622820, codeBlock=0x1a9f6a90,
exception=0xbfffdecc) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1764
#4 0x005228fd in KJS::Machine::execute (this=0x572960,
functionBodyNode=0x1a634c80, exec=0x1915e1e0, function=0x1a7dc180,
thisObj=0x1a7dc340, args=@0xbfffdf64, registerFileStack=0x1919c218,
scopeChain=0x1a622820, exception=0xbfffdecc) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:663
#5 0x004766fb in KJS::FunctionImp::callAsFunction (this=0x1a7dc180,
exec=0x1915e1e0, thisObj=0x1a7dc340, args=@0xbfffdf64) at function.cpp:90
#6 0x0048f1eb in KJS::JSObject::call (this=0x1a7dc180, exec=0x1915e1e0,
thisObj=0x1a7dc340, args=@0xbfffdf64) at object.cpp:99
#7 0x02c75162 in WebCore::JSAbstractEventListener::handleEvent
(this=0x1a64fd40, ele=0x1c7bd0e0, isWindowEvent=false) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/kjs_events.cpp:100
...
21 instructions; 320 bytes at 0x1a9f6a90; 2 locals (2 parameters); 42
temporaries
[ 0] resolve tr0, __method(@id0)
[ 3] get_by_id tr1, tr0, apply(@id1)
[ 7] resolve tr13, object(@id2)
[ 10] new_array tr15
[ 12] mov tr16, lr1
[ 15] jtrue tr16, 8(->25)
[ 18] resolve tr17, window(@id3)
[ 21] get_by_id tr16, tr17, event(@id4)
[ 25] put_by_index tr15, 0, tr16
[ 29] load tr16, 1(@k0)
[ 32] put_by_id tr15, length(@id5), tr16
[ 36] get_by_id tr16, tr15, concat(@id6)
[ 40] resolve tr28, args(@id7)
[ 43] call tr15, tr16, tr15, 27, 2
[ 49] get_by_id tr16, tr15, concat(@id6)
[ 53] resolve_func tr28, tr29, $A(@id8)
[ 57] resolve tr41, arguments(@id9)
[ 60] call tr28, tr29, tr28, 40, 2
[ 66] call tr14, tr16, tr15, 27, 2
[ 72] call tr0, tr1, tr0, 12, 3
[ 78] ret tr0
Identifiers:
id0 = __method
id1 = apply
id2 = object
id3 = window
id4 = event
id5 = length
id6 = concat
id7 = args
id8 = $A
id9 = arguments
Constants:
k0 = 1
Register frame:
----------------------------------------
use | address | value
----------------------------------------
[call frame] | 0x1c73a420 | 0x0
[call frame] | 0x1c73a424 | 0x4
[call frame] | 0x1c73a428 | 0x0
[call frame] | 0x1c73a42c | 0x0
[call frame] | 0x1c73a430 | 0x0
[call frame] | 0x1c73a434 | 0xa
[call frame] | 0x1c73a438 | 0x2
[call frame] | 0x1c73a43c | 0x0
[call frame] | 0x1c73a440 | 0x1a7dc180
[call frame] | 0x1c73a444 | 0x1a4be840
----------------------------------------
[param] | 0x1c73a448 | 0x1a7dc340
[param] | 0x1c73a44c | 0x1a4be860
----------------------------------------
[temp] | 0x1c73a450 | 0x1a7dc220
[temp] | 0x1c73a454 | 0x1a4b00a0
[temp] | 0x1c73a458 | 0x0
[temp] | 0x1c73a45c | 0x0
[temp] | 0x1c73a460 | 0x0
[temp] | 0x1c73a464 | 0x0
[temp] | 0x1c73a468 | 0x0
[temp] | 0x1c73a46c | 0x0
[temp] | 0x1c73a470 | 0x0
[temp] | 0x1c73a474 | 0x0
[temp] | 0x1c73a478 | 0x0
[temp] | 0x1c73a47c | 0x0
[temp] | 0x1c73a480 | 0x1a7dc220
[temp] | 0x1c73a484 | 0x0
[temp] | 0x1c73a488 | 0x1a4be500
[temp] | 0x1c73a48c | 0x1a4be780
[temp] | 0x1c73a490 | 0x1a4be7a0
[temp] | 0x1c73a494 | 0x0
[temp] | 0x1c73a498 | 0x0
[temp] | 0x1c73a49c | 0x0
[temp] | 0x1c73a4a0 | 0x0
[temp] | 0x1c73a4a4 | 0x0
[temp] | 0x1c73a4a8 | 0x0
[temp] | 0x1c73a4ac | 0x0
[temp] | 0x1c73a4b0 | 0x0
[temp] | 0x1c73a4b4 | 0x0
[temp] | 0x1c73a4b8 | 0x0
[temp] | 0x1c73a4bc | 0x1a4be780
[temp] | 0x1c73a4c0 | 0x1a4be520
[temp] | 0x1c73a4c4 | 0x1a4b49a0
[temp] | 0x1c73a4c8 | 0x1a9f6a90
[temp] | 0x1c73a4cc | 0x1c7a25b8
[temp] | 0x1c73a4d0 | 0x1a622820
[temp] | 0x1c73a4d4 | 0xc
[temp] | 0x1c73a4d8 | 0x1c
[temp] | 0x1c73a4dc | 0x28
[temp] | 0x1c73a4e0 | 0x2
[temp] | 0x1c73a4e4 | 0x0
[temp] | 0x1c73a4e8 | 0x1a4b49a0
[temp] | 0x1c73a4ec | 0x0
[temp] | 0x1c73a4f0 | 0x1a4b0000
[temp] | 0x1c73a4f4 | 0x1a4be760
$10 = void
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list