[Webkit-unassigned] [Bug 28503] New: Crash in JSValue::toString when closing a modal dialog by clicking the close button in the titlebar

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 20 13:47:35 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=28503

           Summary: Crash in JSValue::toString when closing a modal dialog
                    by clicking the close button in the titlebar
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
               URL: https://bug-18121-attachments.webkit.org/attachment.cg
                    i?id=20095
        OS/Version: Windows XP
            Status: NEW
          Keywords: NeedsRadar, PlatformOnly
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com


To reproduce:

1. Go to attachment 20095
(https://bug-18121-attachments.webkit.org/attachment.cgi?id=20095)
2. Click on "Browser picker"
3. Click the Close button in the titlebar of the modal dialog that appears.

You'll crash. Here's the backtrace:

     WebKit_debug.dll!JSC::JSValue::toString(JSC::ExecState * exec=0x0aa80100) 
Line 321 + 0x18 bytes    C++
     WebKit_debug.dll!WebCore::jsDOMWindowPrototypeFunctionAlert(JSC::ExecState
* exec=0x0aa80100, JSC::JSObject * __formal=0x075983c0, JSC::JSValue
thisValue={...}, const JSC::ArgList & args={...})  Line 5667 + 0x1d bytes   
C++
     0756018e()    
    
JavaScriptCore_debug.dll!WTF::Vector<JSC::Instruction,0>::shrinkCapacity(unsigned
int newCapacity=0)  Line 796    C++
     JavaScriptCore_debug.dll!WTF::Vector<JSC::Instruction,0>::clear()  Line
516 + 0x18 bytes    C++
     JavaScriptCore_debug.dll!JSC::CodeBlock::discardBytecode()  Line 353 +
0x19 bytes    C++
     0012ef00()    
     JavaScriptCore_debug.dll!JSC::JITCode::execute(JSC::RegisterFile *
registerFile=0x07fa1df8, JSC::ExecState * callFrame=0x0aa80050,
JSC::JSGlobalData * globalData=0x0800aba0, JSC::JSValue * exception=0x0800b0f8)
 Line 79 + 0x24 bytes    C++
     JavaScriptCore_debug.dll!JSC::Interpreter::execute(JSC::FunctionExecutable
* functionExecutable=0x082451b8, JSC::ExecState * callFrame=0x0d213a00,
JSC::JSFunction * function=0x0759fe00, JSC::JSObject * thisObj=0x0bcd10c0,
const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x0d445e40,
JSC::JSValue * exception=0x0800b0f8)  Line 721 + 0x30 bytes    C++
     JavaScriptCore_debug.dll!JSC::JSFunction::call(JSC::ExecState *
exec=0x0d213a00, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...})
 Line 122 + 0x51 bytes    C++
     JavaScriptCore_debug.dll!JSC::call(JSC::ExecState * exec=0x0d213a00,
JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const
JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const
JSC::ArgList & args={...})  Line 39 + 0x2b bytes    C++
     WebKit_debug.dll!WebCore::JSEventListener::handleEvent(WebCore::Event *
event=, bool isWindowEvent=)  Line 133 + 0x4d bytes    C++
     WebKit_debug.dll!WebCore::Node::handleLocalEvents(WebCore::Event *
event=0x07e9ff68, bool useCapture=false)  Line 2466 + 0x20 bytes    C++
    
WebKit_debug.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>
prpEvent={...})  Line 2587 + 0x1d bytes    C++
    
WebKit_debug.dll!WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>
e={...}, int & ec=0)  Line 2520 + 0x12 bytes    C++
     WebKit_debug.dll!WebCore::Node::dispatchMouseEvent(const
WebCore::AtomicString & eventType={...}, int button=0, int detail=1, int
pageX=52, int pageY=16, int screenX=418, int screenY=132, bool ctrlKey=false,
bool altKey=false, bool shiftKey=false, bool metaKey=false, bool
isSimulated=false, WebCore::Node * relatedTargetArg=0x00000000,
WTF::PassRefPtr<WebCore::Event> underlyingEvent={...})  Line 2801    C++
     WebKit_debug.dll!WebCore::Node::dispatchMouseEvent(const
WebCore::PlatformMouseEvent & event={...}, const WebCore::AtomicString &
eventType={...}, int detail=1, WebCore::Node * relatedTarget=0x00000000)  Line
2708    C++
     WebKit_debug.dll!WebCore::EventHandler::dispatchMouseEvent(const
WebCore::AtomicString & eventType={...}, WebCore::Node * targetNode=0x0d146028,
bool __formal=true, int clickCount=1, const WebCore::PlatformMouseEvent &
mouseEvent={...}, bool setUnder=true)  Line 1680 + 0x23 bytes    C++
     WebKit_debug.dll!WebCore::EventHandler::handleMouseReleaseEvent(const
WebCore::PlatformMouseEvent & mouseEvent={...})  Line 1439 + 0x2c bytes    C++
>	WebKit_debug.dll!WebView::handleMouseEvent(unsigned int message=514, unsigned int wParam=0, long lParam=1048628)  Line 1295	C++
     WebKit_debug.dll!WebViewWndProc(HWND__ * hWnd=0x001d0440, unsigned int
message=514, unsigned int wParam=0, long lParam=1048628)  Line 1844 + 0x14
bytes    C++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list