[Webkit-unassigned] [Bug 19185] New: Reproducible crash in fast/js/toString-stack-overflow.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 22 02:10:08 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=19185
Summary: Reproducible crash in fast/js/toString-stack-
overflow.html
Product: WebKit
Version: 526+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ap at webkit.org
run-webkit-tests fast/js/toString-stack-overflow.html
Thread 0 Crashed:
0 com.apple.JavaScriptCore 0x0039ee4c
std::pair<WTF::HashTableIterator<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>,
WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >, bool>
WTF::HashTable<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>,
WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>
>::add<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityHashTranslator<KJS::JSObject*, KJS::JSObject*,
WTF::PtrHash<KJS::JSObject*> > >(KJS::JSObject* const&, KJS::JSObject* const&)
+ 8 (HashTable.h:607)
1 com.apple.JavaScriptCore 0x0039f106
WTF::HashTable<KJS::JSObject*, KJS::JSObject*,
WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>,
WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>
>::add(KJS::JSObject* const&) + 52 (HashTable.h:306)
2 com.apple.JavaScriptCore 0x0039f13a WTF::HashSet<KJS::JSObject*,
WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>
>::add(KJS::JSObject* const&) + 38 (HashSet.h:207)
3 com.apple.JavaScriptCore 0x00347dba
KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&)
+ 118 (array_object.cpp:95)
4 com.apple.JavaScriptCore 0x0031f57a
KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 34 (function.cpp:742)
5 com.apple.JavaScriptCore 0x0031f7b5
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123
(object.cpp:51)
6 com.apple.JavaScriptCore 0x003253dd
KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*,
KJS::Identifier const&) + 175 (object.cpp:260)
7 com.apple.JavaScriptCore 0x00344415
KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145
(object.cpp:287)
8 com.apple.JavaScriptCore 0x0037843c
KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38
(object.h:641)
9 com.apple.JavaScriptCore 0x00342da4
KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498)
10 com.apple.JavaScriptCore 0x003bb681
KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518)
11 com.apple.JavaScriptCore 0x00347f1b
KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&)
+ 471 (array_object.cpp:114)
12 com.apple.JavaScriptCore 0x0031f57a
KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 34 (function.cpp:742)
13 com.apple.JavaScriptCore 0x0031f7b5
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123
(object.cpp:51)
14 com.apple.JavaScriptCore 0x003253dd
KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*,
KJS::Identifier const&) + 175 (object.cpp:260)
15 com.apple.JavaScriptCore 0x00344415
KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145
(object.cpp:287)
16 com.apple.JavaScriptCore 0x0037843c
KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38
(object.h:641)
17 com.apple.JavaScriptCore 0x00342da4
KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498)
18 com.apple.JavaScriptCore 0x003bb681
KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518)
19 com.apple.JavaScriptCore 0x00347f1b
KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&)
+ 471 (array_object.cpp:114)
...
(as the title says, it's a stack overflow, so the top of your trace may be
different).
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list