[Webkit-unassigned] [Bug 19185] New: Reproducible crash in fast/js/toString-stack-overflow.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 22 02:10:08 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19185

           Summary: Reproducible crash in fast/js/toString-stack-
                    overflow.html
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ap at webkit.org


run-webkit-tests fast/js/toString-stack-overflow.html

Thread 0 Crashed:
0   com.apple.JavaScriptCore            0x0039ee4c
std::pair<WTF::HashTableIterator<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>,
WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >, bool>
WTF::HashTable<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>,
WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>
>::add<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityHashTranslator<KJS::JSObject*, KJS::JSObject*,
WTF::PtrHash<KJS::JSObject*> > >(KJS::JSObject* const&, KJS::JSObject* const&)
+ 8 (HashTable.h:607)
1   com.apple.JavaScriptCore            0x0039f106
WTF::HashTable<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>,
WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>
>::add(KJS::JSObject* const&) + 52 (HashTable.h:306)
2   com.apple.JavaScriptCore            0x0039f13a WTF::HashSet<KJS::JSObject*,
WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>
>::add(KJS::JSObject* const&) + 38 (HashSet.h:207)
3   com.apple.JavaScriptCore            0x00347dba
KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&)
+ 118 (array_object.cpp:95)
4   com.apple.JavaScriptCore            0x0031f57a
KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 34 (function.cpp:742)
5   com.apple.JavaScriptCore            0x0031f7b5
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123
(object.cpp:51)
6   com.apple.JavaScriptCore            0x003253dd
KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*,
KJS::Identifier const&) + 175 (object.cpp:260)
7   com.apple.JavaScriptCore            0x00344415
KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145
(object.cpp:287)
8   com.apple.JavaScriptCore            0x0037843c
KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38
(object.h:641)
9   com.apple.JavaScriptCore            0x00342da4
KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498)
10  com.apple.JavaScriptCore            0x003bb681
KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518)
11  com.apple.JavaScriptCore            0x00347f1b
KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&)
+ 471 (array_object.cpp:114)
12  com.apple.JavaScriptCore            0x0031f57a
KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 34 (function.cpp:742)
13  com.apple.JavaScriptCore            0x0031f7b5
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123
(object.cpp:51)
14  com.apple.JavaScriptCore            0x003253dd
KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*,
KJS::Identifier const&) + 175 (object.cpp:260)
15  com.apple.JavaScriptCore            0x00344415
KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145
(object.cpp:287)
16  com.apple.JavaScriptCore            0x0037843c
KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38
(object.h:641)
17  com.apple.JavaScriptCore            0x00342da4
KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498)
18  com.apple.JavaScriptCore            0x003bb681
KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518)
19  com.apple.JavaScriptCore            0x00347f1b
KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&)
+ 471 (array_object.cpp:114)
...

(as the title says, it's a stack overflow, so the top of your trace may be
different).


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list