[Webkit-unassigned] [Bug 19108] New: SquirrelFish: Null dereference on random blog thing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat May 17 14:12:19 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19108

           Summary: SquirrelFish: Null dereference on random blog thing
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
               URL: http://drnicwilliams.com/2008/05/12/textmate-bundles-
                    for-merb/
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: SquirrelFish
          Severity: Critical
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: oliver at apple.com
                CC: mjs at apple.com, ggaren at apple.com, cwzwarich at uwaterloo.ca


The issue appears to be us getting a null argument, although i'm not sure where
this goes wrong.

#0  0x0049433f in KJS::JSCell::isObject (this=0x0) at value.h:330
#1  0x0049452a in KJS::JSValue::isObject (this=0x0) at value.h:387
#2  0x004e8c04 in isNotObject (exec=0xbfffceb4, value=0x0,
exceptionData=@0xbfffc194) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:397
#3  0x004edc1c in KJS::Machine::privateExecute (this=0x540960,
flag=KJS::Machine::Normal, exec=0xbfffceb4, registerFile=0x18dfb4a0,
r=0x4ab7ba8, scopeChain=0x18dfb7d0, codeBlock=0x1b249270, exception=0xbfffcf6c)
at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1366
#4  0x004f0bd5 in KJS::Machine::execute (this=0x540960,
functionBodyNode=0x1b2967f0, exec=0xbfffe03c, function=0x1b0ecec0,
thisObj=0x18c80000, args=@0xbfffcfe0, registerFileStack=0x1a49f418,
scopeChain=0x1a53f320, exception=0xbfffcf6c) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:664
#5  0x00449e51 in KJS::FunctionImp::callAsFunction (this=0x1b0ecec0,
exec=0xbfffe03c, thisObj=0x18c80000, args=@0xbfffcfe0) at function.cpp:95
#6  0x00462523 in KJS::JSObject::call (this=0x1b0ecec0, exec=0xbfffe03c,
thisObj=0x18c80000, args=@0xbfffcfe0) at object.cpp:99
#7  0x004d310f in KJS::CompareWithCompareFunctionArguments::operator()
(this=0xbfffd07c, va=0x0, vb=0x1b0e9c80) at array_instance.cpp:501
#8  0x004d35f5 in std::__unguarded_partition<KJS::JSValue**, KJS::JSValue*,
KJS::CompareWithCompareFunctionArguments> (__first=0x1b2e89fc,
__last=0x1b2e898c, __pivot=0x1b0e9c80, __comp={exec = 0xbfffe03c,
compareFunction = 0x1b0ecec0, globalThisValue = 0x18c80000}) at
bits/stl_algo.h:2056
#9  0x004d371b in std::__introsort_loop<KJS::JSValue**, int,
KJS::CompareWithCompareFunctionArguments> (__first=0x1b2e8968,
__last=0x1b2e89b0, __depth_limit=8, __comp={exec = 0xbfffe03c, compareFunction
= 0x1b0ecec0, globalThisValue = 0x18c80000}) at bits/stl_algo.h:2536
#10 0x004d3991 in std::sort<KJS::JSValue**,
KJS::CompareWithCompareFunctionArguments> (__first=0x1b2e8968,
__last=0x1b2e89fc, __comp={exec = 0xbfffe03c, compareFunction = 0x1b0ecec0,
globalThisValue = 0x18c80000}) at bits/stl_algo.h:2606
#11 0x00462d8a in KJS::ArrayInstance::sort (this=0x1b0e9900, exec=0xbfffe03c,
compareFunction=0x1b0ecec0) at array_instance.cpp:517
#12 0x004631a5 in KJS::arrayProtoFuncSort (exec=0xbfffe03c, thisObj=0x1b0e9900,
args=@0xbfffd2c8) at array_object.cpp:371
#13 0x0043df16 in KJS::PrototypeFunction::callAsFunction (this=0x1a35da20,
exec=0xbfffe03c, thisObj=0x1b0e9900, args=@0xbfffd2c8) at function.cpp:747
#14 0x004ef24e in KJS::Machine::privateExecute (this=0x540960,
flag=KJS::Machine::Normal, exec=0xbfffe03c, registerFile=0x18dfb4a0,
r=0x4ab7834, scopeChain=0x1a53f320, codeBlock=0x1b2ee4b0, exception=0xbfffe0c8)
at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1792
#15 0x004f0d90 in KJS::Machine::execute (this=0x540960, programNode=0x1b40aed0,
exec=0x18dfb4c0, scopeChain=0x18dfb7d0, thisObj=0x18c80000,
registerFileStack=0x1a49f418, exception=0xbfffe0c8) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:611
#16 0x0048e580 in KJS::Interpreter::evaluate (exec=0x18dfb4c0,
scopeChain=@0x1a49f438, sourceURL=@0xbfffe164, startingLineNumber=0,
source=@0xbfffe15c, thisValue=0x18c80000) at interpreter.cpp:85
#17 0x029acd02 in WebCore::KJSProxy::evaluate (this=0x48646a8,
filename=@0x1b273ffc, baseLine=0, str=@0x1b2740d8) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/kjs_proxy.cpp:89
#18 0x0257b626 in WebCore::HTMLScriptElement::evaluateScript (this=0x1b256ca0,
url=@0x1b273ffc, script=@0x1b2740d8) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/html/HTMLScriptElement.cpp:233
#19 0x0257b6f7 in WebCore::HTMLScriptElement::notifyFinished (this=0x1b256ca0,
o=0x1b273fe0) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/html/HTMLScriptElement.cpp:162
#20 0x023b201c in WebCore::CachedScript::checkNotify (this=0x1b273fe0) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/loader/CachedScript.cpp:95
#21 0x023b217d in WebCore::CachedScript::data (this=0x1b273fe0,
data=@0xbfffe2cc, allDataReceived=true) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/loader/CachedScript.cpp:85
#22 0x029af066 in WebCore::Loader::Host::didFinishLoading (this=0x1b271720,
loader=0x1b277500) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/loader/loader.cpp:268
#23 0x02934f5f in WebCore::SubresourceLoader::didFinishLoading
(this=0x1b277500) at
/Volumes/Data/git/WebKit/OpenSource/WebCore/loader/SubresourceLoader.cpp:193
#24 0x02802b5a in WebCore::ResourceLoader::didFinishLoading (this=0x1b277500)
at /Volumes/Data/git/WebKit/OpenSource/WebCore/loader/ResourceLoader.cpp:389
#25 0x028002bf in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] (self=0x1b107b90, _cmd=0x921e25c4, con=0x1b12ed80)
at
/Volumes/Data/git/WebKit/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:521
#26 0x92c7a8b7 in -[NSURLConnection(NSURLConnectionReallyInternal)
sendDidFinishLoading] ()
#27 0x92c7a844 in _NSURLConnectionDidFinishLoading ()
#28 0x914027f3 in sendDidFinishLoadingCallback ()
#29 0x913ff920 in _CFURLConnectionSendCallbacks ()
#30 0x913ff0d9 in muxerSourcePerform ()
#31 0x91d5462e in CFRunLoopRunSpecific ()
#32 0x91d54d18 in CFRunLoopRunInMode ()
#33 0x953fb6a0 in RunCurrentEventLoopInMode ()
#34 0x953fb4b9 in ReceiveNextEventCommon ()
#35 0x953fb32d in BlockUntilNextEventMatchingListInMode ()
#36 0x907c57d9 in _DPSNextEvent ()
#37 0x907c508e in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#38 0x00007f2e in ?? ()
#39 0x907be0c5 in -[NSApplication run] ()
#40 0x9078b30a in NSApplicationMain ()
#41 0x000b9906 in ?? ()


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list