[Webkit-unassigned] [Bug 24738] Multiple crashes in JSDOMWindow::getOwnPropertySlot
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 21 01:37:51 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=24738
------- Comment #1 from xan.lopez at gmail.com 2009-03-21 01:37 PDT -------
Debug build:
(gdb) bt full
#0 0xb66c9ff4 in JSC::JSCell::structure (this=0x1) at
../../JavaScriptCore/runtime/JSCell.h:144
No locals.
#1 0xb66ca663 in JSC::JSCell::fastGetOwnPropertySlot (this=0x1,
exec=0xbfce703c, propertyName=@0x0,
slot=@0xbfce6ebc) at ../../JavaScriptCore/runtime/JSObject.h:330
No locals.
#2 0xb66ca724 in JSC::JSObject::getPropertySlot (this=0x1, exec=0xbfce703c,
propertyName=@0x0,
slot=@0xbfce6ebc) at ../../JavaScriptCore/runtime/JSObject.h:341
prototype = {m_ptr = 0xb66ca0d4}
object = (class JSC::JSObject *) 0x1
#3 0xb6e43fc0 in JSC::JITStubs::cti_op_resolve_with_base (args=0x87db8d8)
at ../../JavaScriptCore/jit/JITStubs.cpp:1653
slot = {m_getValue = 0, m_slotBase = {m_ptr = 0x1}, m_data =
{getterFunc = 0xc8,
valueSlot = 0xc8, registerSlot = 0xc8, index = 200}, m_value = {m_ptr =
0x0},
m_offset = 4294967295}
vl_args = 0xbfce6f28 ""
stackHack = {returnAddressLocation = 0xbfce6f20, savedReturnAddress =
0x0}
callFrame = (CallFrame *) 0xbfce703c
scopeChain = (class JSC::ScopeChainNode *) 0x8740a60
iter = {m_node = 0x8740a60}
end = {m_node = 0x0}
ident = (JSC::Identifier &) @0x0: <error reading variable>
base = (class JSC::JSObject *) 0x1
codeBlock = (class JSC::CodeBlock *) 0x0
vPCIndex = 2978943744
__PRETTY_FUNCTION__ = "static JSC::VoidPtrPair
JSC::JITStubs::cti_op_resolve_with_base(void*, ...)"
#4 0xb1d1d7af in ?? ()
No symbol table info available.
#5 0xb6ed2902 in JSC::JITCode::execute (this=0xbfce6fbc,
registerFile=0x8740a68,
callFrame=0xb191d048, globalData=0x873f508, exception=0xbfce703c)
at ../../JavaScriptCore/jit/JITCode.h:86
No locals.
#6 0xb6ebd61f in JSC::Interpreter::execute (this=0x8740a60,
programNode=0x87b4bd8,
callFrame=0x87b603c, scopeChain=0x87b7838, thisObj=0xb18f0000,
exception=0xbfce703c)
at ../../JavaScriptCore/interpreter/Interpreter.cpp:623
callRecord = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, <No
data fields>}
codeBlock = (class JSC::CodeBlock *) 0x87c1520
oldEnd = (JSC::Register *) 0xb191d000
newEnd = (JSC::Register *) 0xb191d120
globalObjectScope = {<WTFNoncopyable::Noncopyable> = {<No data
fields>},
m_dynamicGlobalObjectSlot = @0x873fa7c, m_savedDynamicGlobalObject = 0x0}
lastGlobalObject = (class JSC::JSGlobalObject *) 0xb18f1380
globalObject = (class JSC::JSGlobalObject *) 0xb18f1380
newCallFrame = (CallFrame *) 0xb191d048
profiler = (JSC::Profiler **) 0xb7fccbac
result = {m_ptr = 0x0}
__PRETTY_FUNCTION__ = "JSC::JSValuePtr
JSC::Interpreter::execute(JSC::ProgramNode*, JSC::CallFrame*,
JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValuePtr*)"
#7 0xb6edf26d in JSC::evaluate (exec=0x87b603c, scopeChain=@0x87b5ff8,
source=@0xbfce7340, thisValue=
{m_ptr = 0xb18f0000}) at ../../JavaScriptCore/runtime/Completion.cpp:67
lock = {<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_lockingForReal = false}
errLine = -1
errMsg = {m_rep = {m_ptr = 0x8712d40}, static nullUString = 0x8712db0}
programNode = {m_ptr = 0x87b4bd8}
thisObj = (class JSC::JSObject *) 0xb18f0000
exception = {m_ptr = 0x0}
result = {m_ptr = 0xbfce7048}
#8 0xb67186d5 in WebCore::ScriptController::evaluate (this=0x85c57d4,
sourceCode=@0xbfce7340)
at ../../WebCore/bindings/js/ScriptController.cpp:112
jsSourceCode = (const JSC::SourceCode &) @0xbfce7340: {m_provider =
{m_ptr = 0x87da438},
m_startChar = 0, m_endChar = 31033, m_firstLine = 1}
exec = (class JSC::ExecState *) 0x87b603c
savedSourceURL = (const WebCore::String *) 0x0
sourceURL = {m_impl = {m_ptr = 0x87c5a40}}
lock = {<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_lockingForReal = false}
comp = {m_type = 141634016, m_value = {m_ptr = 0xbfce70c8}}
#9 0xb69ede6f in WebCore::FrameLoader::executeScript (this=0x85c54ec,
sourceCode=@0xbfce7340)
at ../../WebCore/loader/FrameLoader.cpp:792
wasRunningScript = false
result = {_vptr.ScriptValue = 0xbfce7290, m_value = {m_value = {m_ptr =
0xb7faa51c}}}
#10 0xb6972a7e in WebCore::HTMLTokenizer::scriptExecution (this=0x87bf078,
sourceCode=@0xbfce7340,
state={static EntityShift = 4, m_bits = 4194304}) at
../../WebCore/html/HTMLTokenizer.cpp:554
savedPrependingSrc = (WebCore::SegmentedString *) 0x0
prependingSrc = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString
= {m_length = 0,
m_current = 0x0, m_string = {m_impl = {m_ptr = 0x0}},
m_doNotExcludeLineNumbers = true},
m_currentChar = 0x0, m_substrings = {m_start = 0, m_end = 0,
m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x0, m_capacity
= 0}, <No data fields>}, m_iterators = 0x0},
m_composite = false}
#11 0xb6972ed3 in WebCore::HTMLTokenizer::notifyFinished (this=0x87bf078)
at ../../WebCore/html/HTMLTokenizer.cpp:1974
cs = (class WebCore::CachedScript *) 0x87c0ea0
sourceCode = {m_code = {m_provider = {m_ptr = 0x87da438}, m_startChar =
0, m_endChar = 31033,
m_firstLine = 1}}
errorOccurred = false
n = {m_ptr = 0x87c0c28}
finished = false
__PRETTY_FUNCTION__ = "virtual void
WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*)"
#12 0xb69c12dc in WebCore::CachedScript::checkNotify (this=0x87c0ea0)
at ../../WebCore/loader/CachedScript.cpp:106
c = (class WebCore::CachedResourceClient *) 0x87bf080
w = {m_clientSet = @0x87c0ea4, m_clientVector = {m_size = 1,
m_buffer = {<WTF::VectorBufferBase<WebCore::CachedResourceClient*>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x87da340,
m_capacity = 1}, <No data fields>}}, m_index = 1}
#13 0xb69c13c2 in WebCore::CachedScript::data (this=0x87c0ea0, data={m_ptr =
0xbfce7438},
allDataReceived=true) at ../../WebCore/loader/CachedScript.cpp:96
No locals.
...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list