[Webkit-unassigned] [Bug 20241] [retitleme] Safari crashes at JSValueUnprotect() when fontpicker view close

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 9 08:48:10 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=20241





------- Comment #5 from mihnea at adobe.com  2008-10-09 08:48 PDT -------
Hello,

I was able to reproduce it using a local debug build and following the steps
already mentioned. I currently have revision 37446 on WinXP.

Here is the stack trace, taken from Visual Studio debugger:
1.WebKit.dll!JSC::Heap::registerThread()  Line 485 + 0x5 bytes  C++
2.WebKit.dll!JSValueUnprotect(const OpaqueJSContext * ctx=0x051e0170, const
OpaqueJSValue * value=0x055f2700)  Line 266 C++
3.Safari.exe!FontPicker::~FontPicker()  + 0x40 bytes    
4.Safari.exe!FontPicker::`vector deleting destructor'()  + 0x8 bytes    
5.Safari.exe!WindowDeleter::deleteAllWindows()  + 0x67 bytes    
6.Safari.exe!WindowDeleter::ProcessWindowMessage()  + 0x2a bytes        
7.Safari.exe!ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits<2147483648,524416>
>::WindowProc()  + 0x68 bytes        
8.user32.dll!_InternalCallWinProc at 20()  + 0x28 bytes    
9.user32.dll!_UserCallWinProcCheckWow at 32()  + 0xb7 bytes        
10.user32.dll!_DispatchMessageWorker at 8()  + 0xdc bytes  
11.user32.dll!_DispatchMessageW at 4()  + 0xf bytes        
12.Safari.exe!RSSPrefsDlg::`vector deleting destructor'()  + 0x20f bytes        
13.Safari.exe!run()  + 0x9d bytes       
14.Safari.exe!_wWinMain at 16()  + 0x34b bytes     
15.Safari.exe!_free()  + 0x1a1 bytes    
16.kernel32.dll!_BaseProcessStart at 4()  + 0x23 bytes     

The problem in function *void Heap::registerThread()* from file
javascriptcore/kjs/collector.cpp appears while calling:
if (pthread_getspecific(m_currentThreadRegistrar))

The problem is access violation while accessing a memory address.
m_currentThreadRegistrar is not defined and cannot be seen in debugger.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list