[Webkit-unassigned] [Bug 25695] New: REGRESSION: Crash in JSValue::put when calling alert()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 11 09:22:00 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=25695
Summary: REGRESSION: Crash in JSValue::put when calling alert()
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: data:text/html,<script>alert('hi')</script>
OS/Version: Windows XP
Status: NEW
Keywords: Regression, PlatformOnly, NeedsRadar
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
To reproduce:
1. Go to this URL: data:text/html,%3Cscript%3Ealert('hi')</script>
Backtrace:
ccfc45c7()
> JavaScriptCore_debug.dll!JSC::JSValue::put(JSC::ExecState * exec=0x09fd8084, const JSC::Identifier & propertyName={...}, JSC::JSValue value={...}, JSC::PutPropertySlot & slot={...}) Line 545 + 0x2a bytes C++
JavaScriptCore_debug.dll!JSC::JITStubs::cti_op_put_by_id(void * *
args=0x00f1c7d4) Line 660 C++
JavaScriptCore_debug.dll!JSC::JITStubs::cti_op_convert_this() + 0xff
bytes C++
JavaScriptCore_debug.dll!JSC::JITCode::execute(JSC::RegisterFile *
registerFile=0x0796fb80, JSC::ExecState * callFrame=0x09fd8084,
JSC::JSGlobalData * globalData=0x079372c8, JSC::JSValue * exception=0x00f1c8f0)
Line 76 + 0x21 bytes C++
JavaScriptCore_debug.dll!JSC::Interpreter::execute(JSC::ProgramNode *
programNode=0x079551c0, JSC::ExecState * callFrame=0x07974fbc,
JSC::ScopeChainNode * scopeChain=0x07984678, JSC::JSObject *
thisObj=0x02f413a0, JSC::JSValue * exception=0x00f1c8f0) Line 633 + 0x2d bytes
C++
JavaScriptCore_debug.dll!JSC::evaluate(JSC::ExecState *
exec=0x07974fbc, JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode &
source={...}, JSC::JSValue thisValue={...}) Line 69 C++
WebKit_debug.dll!WebCore::ScriptController::evaluate(const
WebCore::ScriptSourceCode & sourceCode={...}) Line 101 + 0x30 bytes C++
WebKit_debug.dll!WebCore::FrameLoader::executeScript(const
WebCore::ScriptSourceCode & sourceCode={...}) Line 804 C++
WebKit_debug.dll!WebCore::HTMLTokenizer::scriptExecution(const
WebCore::ScriptSourceCode & sourceCode={...}, WebCore::HTMLTokenizer::State
state={...}) Line 555 + 0x27 bytes C++
WebKit_debug.dll!WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource
* __formal=0x0798bd30) Line 1993 + 0x1d bytes C++
WebKit_debug.dll!WebCore::CachedScript::checkNotify() Line 106 + 0x13
bytes C++
WebKit_debug.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>
data={...}, bool allDataReceived=true) Line 97 C++
WebKit_debug.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader
* loader=0x07969300) Line 324 C++
WebKit_debug.dll!WebCore::SubresourceLoader::didFinishLoading() Line
183 + 0x1f bytes C++
WebKit_debug.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle
* __formal=0x0795f170) Line 416 + 0xf bytes C++
WebKit_debug.dll!WebCore::didFinishLoading(_CFURLConnection *
conn=0x07985f18, const void * clientInfo=0x0795f170) Line 169 + 0x1e bytes
C++
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list