[Webkit-unassigned] [Bug 19183] New: REGRESSION (r33979): Crash in DebuggerCallFrame::functionName when clicking button in returnEvent-crash.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 22 01:23:56 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19183

           Summary: REGRESSION (r33979): Crash in
                    DebuggerCallFrame::functionName when clicking button in
                    returnEvent-crash.html
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: NeedsRadar
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com
                CC: ggaren at apple.com


I'm seeing a crash in DebuggerCallFrame::functionName when running
WebCore/manual-tests/inspector/returnEvent-crash.html

Steps to repro:
0. Run a debug Windows build or a debug Mac build with MallocScribble enabled
1. Set Safari to open new windows with empty pages
2. Open a new window
3. Open the Inspector
4. Go to WebCore/manual-tests/inspector/returnEvent-crash.html
5. Attach the Inspector's debugger
6. Set a breakpoint on line 9 of returnEvent-crash.html
7. Click the button that says "click me" in returnEvent-crash.html

>	WebKit_debug.dll!KJS::DebuggerCallFrame::functionName()  Line 49 + 0x3 bytes	C++
        WebKit_debug.dll!WebCore::JavaScriptCallFrame::functionName()  Line 67
+ 0xb bytes      C++
       
WebKit_debug.dll!WebCore::JSJavaScriptCallFrame::getValueProperty(KJS::ExecState
* exec=0x06a7e820, int token=5)  Line 115 + 0x10 bytes C++
       
WebKit_debug.dll!KJS::staticValueGetter<WebCore::JSJavaScriptCallFrame>(KJS::ExecState
* exec=0x06a7e820, KJS::JSObject * __formal=0x07fa7480, KJS::JSObject *
__formal=0x07fa7480, const KJS::PropertySlot & slot={...})  Line 110     C++
        WebKit_debug.dll!KJS::PropertySlot::getValue(KJS::ExecState *
exec=0x06a7e820, KJS::JSObject * originalObject=0x07fa7480, const
KJS::Identifier & propertyName={...})  Line 49 + 0x19 bytes     C++
       
WebKit_debug.dll!WebCore::JSQuarantinedObjectWrapper::getOwnPropertySlot(KJS::ExecState
* exec=0x0012e804, const KJS::Identifier & identifier={...}, KJS::PropertySlot
& slot={...})  Line 113 + 0x1c bytes     C++
        WebKit_debug.dll!KJS::JSObject::getPropertySlot(KJS::ExecState *
exec=0x0012e804, const KJS::Identifier & propertyName={...}, KJS::PropertySlot
& slot={...})  Line 553 + 0x1b bytes    C++
        WebKit_debug.dll!KJS::JSObject::get(KJS::ExecState * exec=0x0012e804,
const KJS::Identifier & propertyName={...})  Line 532 + 0x14 bytes        C++
       
WebKit_debug.dll!KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag
flag=Normal, KJS::ExecState * exec=0x0012e804, KJS::RegisterFile *
registerFile=0x075fffe8, KJS::Register * r=0x07608208, KJS::ScopeChainNode *
scopeChain=0x067be9f8, KJS::CodeBlock * codeBlock=0x06d60a60, KJS::JSValue * *
exception=0x0012e8a0)  Line 1544 + 0x16 bytes  C++
        WebKit_debug.dll!KJS::Machine::execute(KJS::FunctionBodyNode *
functionBodyNode=0x06a12738, KJS::ExecState * exec=0x067bea88, KJS::FunctionImp
* function=0x046533c0, KJS::JSObject * thisObj=0x046526e0, const KJS::List &
args={...}, KJS::RegisterFileStack * registerFileStack=0x067be830,
KJS::ScopeChainNode * scopeChain=0x06a123e8, KJS::JSValue * *
exception=0x0012e8a0)  Line 709 + 0x22 bytes       C++
        WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState *
exec=0x067bea88, KJS::JSObject * thisObj=0x046526e0, const KJS::List &
args={...})  Line 90 + 0x3c bytes     C++
        WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x067bea88,
KJS::JSObject * thisObj=0x046526e0, const KJS::List & args={...})  Line 99 +
0x1b bytes  C++
        WebKit_debug.dll!JSObjectCallAsFunction(const OpaqueJSContext *
ctx=0x067bea88, OpaqueJSValue * object=0x046533c0, OpaqueJSValue *
thisObject=0x046526e0, unsigned int argumentCount=0, const OpaqueJSValue *
const * arguments=0x00000000, const OpaqueJSValue * * exception=0x0012e9a4) 
Line 288 + 0x14 bytes        C++
        WebKit_debug.dll!WebCore::InspectorController::callFunction(const
OpaqueJSContext * context=0x067bea88, OpaqueJSValue * thisObject=0x046526e0,
const char * functionName=0x01841e44, unsigned int argumentCount=0, const
OpaqueJSValue * const * arguments=0x00000000, const OpaqueJSValue * &
exception=0x00000000)  Line 143 + 0x1d bytes     C++
        WebKit_debug.dll!WebCore::InspectorController::didPause()  Line 2391   
C++
        WebKit_debug.dll!WebCore::dispatchFunctionToListeners(const
WTF::HashSet<WebCore::JavaScriptDebugListener
*,WTF::PtrHash<WebCore::JavaScriptDebugListener
*>,WTF::HashTraits<WebCore::JavaScriptDebugListener *> > & listeners={...},
void (void)* callback=0x00f9c7d0)  Line 306 + 0x13 bytes  C++
       
WebKit_debug.dll!WebCore::JavaScriptDebugServer::dispatchFunctionToListeners(void
(void)* callback=0x00f9c7d0, WebCore::Page * page=0x046d3378)  Line 321 + 0xd
bytes   C++
       
WebKit_debug.dll!WebCore::JavaScriptDebugServer::pauseIfNeeded(WebCore::Page *
page=0x046d3378)  Line 406       C++
        WebKit_debug.dll!WebCore::JavaScriptDebugServer::atStatement(const
KJS::DebuggerCallFrame & debuggerCallFrame={...}, int sourceID=41, int
lineNumber=9)  Line 435       C++
        WebKit_debug.dll!KJS::Machine::debug(KJS::ExecState * exec=0x0012f0b8,
const KJS::Instruction * vPC=0x07607098, const KJS::CodeBlock *
codeBlock=0x076065a8, KJS::ScopeChainNode * scopeChain=0x06ae3cb0,
KJS::Register * * registerBase=0x07605808, KJS::Register * r=0x06aea738)  Line
812 + 0x22 bytes       C++
       
WebKit_debug.dll!KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag
flag=Normal, KJS::ExecState * exec=0x0012f0b8, KJS::RegisterFile *
registerFile=0x076057f8, KJS::Register * r=0x06aea738, KJS::ScopeChainNode *
scopeChain=0x06ae3cb0, KJS::CodeBlock * codeBlock=0x076065a8, KJS::JSValue * *
exception=0x0012f154)  Line 2233       C++
        WebKit_debug.dll!KJS::Machine::execute(KJS::FunctionBodyNode *
functionBodyNode=0x07605e40, KJS::ExecState * exec=0x06a7e820, KJS::FunctionImp
* function=0x05650620, KJS::JSObject * thisObj=0x07fb4160, const KJS::List &
args={...}, KJS::RegisterFileStack * registerFileStack=0x06c0e5c0,
KJS::ScopeChainNode * scopeChain=0x076058a0, KJS::JSValue * *
exception=0x0012f154)  Line 709 + 0x22 bytes       C++
        WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState *
exec=0x06a7e820, KJS::JSObject * thisObj=0x07fb4160, const KJS::List &
args={...})  Line 90 + 0x3c bytes     C++
        WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x06a7e820,
KJS::JSObject * thisObj=0x07fb4160, const KJS::List & args={...})  Line 99 +
0x1b bytes  C++
       
WebKit_debug.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event *
ele=0x07367150, bool isWindowEvent=false)  Line 100 + 0x14 bytes        C++
       
WebKit_debug.dll!WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode
* referenceNode=0x072fc8c8, WebCore::Event * evt=0x07367150, bool
useCapture=false)  Line 314 + 0x2e bytes    C++
       
WebKit_debug.dll!WebCore::EventTargetNode::handleLocalEvents(WebCore::Event *
evt=0x07367150, bool useCapture=false)  Line 106  C++
       
WebKit_debug.dll!WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode
* referenceNode=0x072fc8c8, WTF::PassRefPtr<WebCore::Event> e={...}, int &
__formal=0, bool tempEvent=true)  Line 212 + 0x1d bytes C++
       
WebKit_debug.dll!WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>
e={...}, int & ec=0, bool tempEvent=true)  Line 121 + 0x1e bytes       C++
        WebKit_debug.dll!WebCore::EventTargetNode::dispatchMouseEvent(const
WebCore::AtomicString & eventType={...}, int button=0, int detail=1, int
pageX=41, int pageY=93, int screenX=545, int screenY=190, bool ctrlKey=false,
bool altKey=false, bool shiftKey=false, bool metaKey=false, bool
isSimulated=false, WebCore::Node * relatedTargetArg=0x00000000,
WTF::PassRefPtr<WebCore::Event> underlyingEvent={...})  Line 297    C++
        WebKit_debug.dll!WebCore::EventTargetNode::dispatchMouseEvent(const
WebCore::PlatformMouseEvent & event={...}, const WebCore::AtomicString &
eventType={...}, int detail=1, WebCore::Node * relatedTarget=0x00000000)  Line
215 C++
        WebKit_debug.dll!WebCore::EventHandler::dispatchMouseEvent(const
WebCore::AtomicString & eventType={...}, WebCore::Node * targetNode=0x072fc8c8,
bool cancelable=true, int clickCount=1, const WebCore::PlatformMouseEvent &
mouseEvent={...}, bool setUnder=true)  Line 1279 + 0x29 bytes      C++
        WebKit_debug.dll!WebCore::EventHandler::handleMouseReleaseEvent(const
WebCore::PlatformMouseEvent & mouseEvent={...})  Line 1101 + 0x28 bytes   C++
        WebKit_debug.dll!WebView::handleMouseEvent(unsigned int message=514,
unsigned int wParam=0, long lParam=6094889)  Line 1244     C++
        WebKit_debug.dll!WebViewWndProc(HWND__ * hWnd=0x002b06d0, unsigned int
message=514, unsigned int wParam=0, long lParam=6094889)  Line 1673 + 0x14
bytes C++


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list