[Webkit-unassigned] [Bug 23551] Crash on page load with profiler enabled and running
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 29 10:39:14 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23551
------- Comment #10 from ggaren at apple.com 2009-01-29 10:39 PDT -------
I don't understand how you could trigger this problem just by loading
about:blank, since you shouldn't execute any JavaScript, let alone
Interpreter::execute(FunctionBodyNode*,...), which only gets called for special
direct invocations of functions, like event handlers.
That said, a function derefs its scope chain before returning, so calling
"didExecute(newCallFrame...)" might provide a garbage scope chain to the
profiler. That would explain why lexicalGlobalObject() could crash.
The best solution is probably to pass "callFrame" rather than "newCallFrame" to
the profiler.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list