[Webkit-unassigned] [Bug 19044] New: SquirrelFish: Null dereference

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 14 05:19:19 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19044

           Summary: SquirrelFish: Null dereference
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
               URL: http://blog.wired.com/games/2008/05/for-wiiware-nin.html
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: SquirrelFish, SquirrelFishBlocker
          Severity: Blocker
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: oliver at apple.com
                CC: mjs at apple.com, ggaren at apple.com, cwzwarich at uwaterloo.ca


Crash occurs with back trace
#0  0x00505437 in KJS::JSValue::toObject (this=0x0, exec=0xbfffde14) at
value.h:523
#1  0x00491273 in functionProtoFuncApply (exec=0xbfffde14, thisObj=0x1a7dc220,
args=@0xbfffd090) at function_object.cpp:91
#2  0x0046a8ea in KJS::PrototypeFunction::callAsFunction (this=0x1a4b00a0,
exec=0xbfffde14, thisObj=0x1a7dc220, args=@0xbfffd090) at function.cpp:747
#3  0x00520f12 in KJS::Machine::privateExecute (this=0x572960,
flag=KJS::Machine::Normal, exec=0xbfffde14, registerFile=0x1a6d9530,
r=0x1c73a450, scopeChain=0x1a622820, codeBlock=0x1a9f6a90,
exception=0xbfffdecc) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1764
#4  0x005228fd in KJS::Machine::execute (this=0x572960,
functionBodyNode=0x1a634c80, exec=0x1915e1e0, function=0x1a7dc180,
thisObj=0x1a7dc340, args=@0xbfffdf64, registerFileStack=0x1919c218,
scopeChain=0x1a622820, exception=0xbfffdecc) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:663
#5  0x004766fb in KJS::FunctionImp::callAsFunction (this=0x1a7dc180,
exec=0x1915e1e0, thisObj=0x1a7dc340, args=@0xbfffdf64) at function.cpp:90
#6  0x0048f1eb in KJS::JSObject::call (this=0x1a7dc180, exec=0x1915e1e0,
thisObj=0x1a7dc340, args=@0xbfffdf64) at object.cpp:99
#7  0x02c75162 in WebCore::JSAbstractEventListener::handleEvent
(this=0x1a64fd40, ele=0x1c7bd0e0, isWindowEvent=false) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/kjs_events.cpp:100
...
21 instructions; 320 bytes at 0x1a9f6a90; 2 locals (2 parameters); 42
temporaries

[   0] resolve           tr0, __method(@id0)
[   3] get_by_id         tr1, tr0, apply(@id1)
[   7] resolve           tr13, object(@id2)
[  10] new_array         tr15
[  12] mov               tr16, lr1
[  15] jtrue             tr16, 8(->25)
[  18] resolve           tr17, window(@id3)
[  21] get_by_id         tr16, tr17, event(@id4)
[  25] put_by_index      tr15, 0, tr16
[  29] load              tr16, 1(@k0)           
[  32] put_by_id         tr15, length(@id5), tr16
[  36] get_by_id         tr16, tr15, concat(@id6)
[  40] resolve           tr28, args(@id7)
[  43] call              tr15, tr16, tr15, 27, 2
[  49] get_by_id         tr16, tr15, concat(@id6)
[  53] resolve_func      tr28, tr29, $A(@id8)
[  57] resolve           tr41, arguments(@id9)
[  60] call              tr28, tr29, tr28, 40, 2
[  66] call              tr14, tr16, tr15, 27, 2
[  72] call              tr0, tr1, tr0, 12, 3
[  78] ret               tr0

Identifiers:
  id0 = __method
  id1 = apply
  id2 = object
  id3 = window
  id4 = event
  id5 = length
  id6 = concat
  id7 = args
  id8 = $A
  id9 = arguments

Constants:
  k0 = 1

Register frame: 

----------------------------------------
     use      |   address  |    value   
----------------------------------------
[call frame]  | 0x1c73a420 |        0x0 
[call frame]  | 0x1c73a424 |        0x4 
[call frame]  | 0x1c73a428 |        0x0 
[call frame]  | 0x1c73a42c |        0x0 
[call frame]  | 0x1c73a430 |        0x0 
[call frame]  | 0x1c73a434 |        0xa 
[call frame]  | 0x1c73a438 |        0x2 
[call frame]  | 0x1c73a43c |        0x0 
[call frame]  | 0x1c73a440 | 0x1a7dc180 
[call frame]  | 0x1c73a444 | 0x1a4be840 
----------------------------------------
[param]       | 0x1c73a448 | 0x1a7dc340 
[param]       | 0x1c73a44c | 0x1a4be860 
----------------------------------------
[temp]        | 0x1c73a450 | 0x1a7dc220 
[temp]        | 0x1c73a454 | 0x1a4b00a0 
[temp]        | 0x1c73a458 |        0x0 
[temp]        | 0x1c73a45c |        0x0 
[temp]        | 0x1c73a460 |        0x0 
[temp]        | 0x1c73a464 |        0x0 
[temp]        | 0x1c73a468 |        0x0 
[temp]        | 0x1c73a46c |        0x0 
[temp]        | 0x1c73a470 |        0x0 
[temp]        | 0x1c73a474 |        0x0 
[temp]        | 0x1c73a478 |        0x0 
[temp]        | 0x1c73a47c |        0x0 
[temp]        | 0x1c73a480 | 0x1a7dc220 
[temp]        | 0x1c73a484 |        0x0 
[temp]        | 0x1c73a488 | 0x1a4be500 
[temp]        | 0x1c73a48c | 0x1a4be780 
[temp]        | 0x1c73a490 | 0x1a4be7a0 
[temp]        | 0x1c73a494 |        0x0 
[temp]        | 0x1c73a498 |        0x0 
[temp]        | 0x1c73a49c |        0x0 
[temp]        | 0x1c73a4a0 |        0x0 
[temp]        | 0x1c73a4a4 |        0x0 
[temp]        | 0x1c73a4a8 |        0x0 
[temp]        | 0x1c73a4ac |        0x0 
[temp]        | 0x1c73a4b0 |        0x0 
[temp]        | 0x1c73a4b4 |        0x0 
[temp]        | 0x1c73a4b8 |        0x0 
[temp]        | 0x1c73a4bc | 0x1a4be780 
[temp]        | 0x1c73a4c0 | 0x1a4be520 
[temp]        | 0x1c73a4c4 | 0x1a4b49a0 
[temp]        | 0x1c73a4c8 | 0x1a9f6a90 
[temp]        | 0x1c73a4cc | 0x1c7a25b8 
[temp]        | 0x1c73a4d0 | 0x1a622820 
[temp]        | 0x1c73a4d4 |        0xc 
[temp]        | 0x1c73a4d8 |       0x1c 
[temp]        | 0x1c73a4dc |       0x28 
[temp]        | 0x1c73a4e0 |        0x2 
[temp]        | 0x1c73a4e4 |        0x0 
[temp]        | 0x1c73a4e8 | 0x1a4b49a0 
[temp]        | 0x1c73a4ec |        0x0 
[temp]        | 0x1c73a4f0 | 0x1a4b0000 
[temp]        | 0x1c73a4f4 | 0x1a4be760 
$10 = void


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list