[Webkit-unassigned] [Bug 25820] New: Crash in JSC::JITStubs::cti_op_loop_if_less when visiting sports.orange.fr

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 15 05:55:19 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=25820

           Summary: Crash in JSC::JITStubs::cti_op_loop_if_less when
                    visiting sports.orange.fr
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jeromeg at xfce.org


THis happens since the update to Webkit 1.1.7. Every time I visit
http://sports.orange.fr/, Webkit based browsers crash when the page has
finished loading.

Here is the backtrace:

#0  0xb7bd0592 in JSC::JITStubs::cti_op_loop_if_less (args=0x2)
    at ../JavaScriptCore/runtime/JSCell.h:251
#1  0xae1693fe in ?? ()
#2  0xb7bfa6fd in JSC::Interpreter::execute (this=0xb52d8900, 
    programNode=0xae2e18d0, callFrame=0xb52f0ca4, scopeChain=0xb2e6ebb8, 
    thisObj=0xb2fe0000, exception=0xbff2336c)
    at ../JavaScriptCore/jit/JITCode.h:76
#3  0xb7b8f4b8 in JSC::evaluate (exec=0xb52f0ca4, scopeChain=@0xb52f0c80, 
    source=@0xbff23728, thisValue={m_ptr = 0xb2fe0000})
    at ../JavaScriptCore/runtime/Completion.cpp:67
#4  0xb755b989 in WebCore::ScriptController::evaluate (this=0xb52a8908, 
    sourceCode=@0xbff23728) at ../WebCore/bindings/js/ScriptController.cpp:101
#5  0xb7773c36 in WebCore::FrameLoader::executeScript (this=0xb52a86a8, 
    sourceCode=@0xbff23728) at ../WebCore/loader/FrameLoader.cpp:802
#6  0xb772a832 in WebCore::HTMLTokenizer::scriptExecution (this=0xb52ce400, 
    sourceCode=@0xbff23728, state={static EntityShift = 4, m_bits = 0})
    at ../WebCore/html/HTMLTokenizer.cpp:555
#7  0xb772ca8e in WebCore::HTMLTokenizer::scriptHandler (this=0xb52ce400, 
    state={static EntityShift = 4, m_bits = 128})
    at ../WebCore/html/HTMLTokenizer.cpp:497
#8  0xb772dc19 in WebCore::HTMLTokenizer::parseSpecial (this=0xb52ce400, 
    src=@0xb52ced4c, state={static EntityShift = 4, m_bits = 128})
    at ../WebCore/html/HTMLTokenizer.cpp:348
#9  0xb77319ae in WebCore::HTMLTokenizer::parseTag (this=0xb52ce400, 
    src=@0xb52ced4c, state={static EntityShift = 4, m_bits = 1})
    at ../WebCore/html/HTMLTokenizer.cpp:1541
#10 0xb773234f in WebCore::HTMLTokenizer::write (this=0xb52ce400, 
    str=@0xbff23a60, appendData=false)
    at ../WebCore/html/HTMLTokenizer.cpp:1718
#11 0xb772c016 in WebCore::HTMLTokenizer::notifyFinished (this=0xb52ce400)
    at ../WebCore/html/HTMLTokenizer.cpp:2019
#12 0xb775a4dc in WebCore::CachedScript::checkNotify (this=0xae25e8c0)
    at ../WebCore/loader/CachedScript.cpp:106
#13 0xb77ab19c in WebCore::Loader::Host::didFinishLoading (this=0xae262aa8, 
    loader=0xae25d800) at ../WebCore/loader/loader.cpp:323
#14 0xb7799d70 in WebCore::SubresourceLoader::didFinishLoading (
    this=0xae25d800) at ../WebCore/loader/SubresourceLoader.cpp:183
#15 0xb7794e01 in WebCore::ResourceLoader::didFinishLoading (this=0xae25d800)
    at ../WebCore/loader/ResourceLoader.cpp:416
#16 0xb793f29c in finishedCallback (session=0x822a808, msg=0x8930528, 
    data=0xb00cc868)
    at ../WebCore/platform/network/soup/ResourceHandleSoup.cpp:352
#17 0xb6c7cdbb in ?? () from /usr/lib/libsoup-2.4.so.1
#18 0xb70513d4 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8a34a30, 
    return_value=0x0, n_param_values=1, param_values=0x8797f30, 
    invocation_hint=0xbff23dbc, marshal_data=0x822a808)
    at /build/buildd/glib2.0-2.18.2/gobject/gmarshal.c:77
#19 0xb7043c4b in IA__g_closure_invoke (closure=0x8a34a30, return_value=0x0, 
    n_param_values=1, param_values=0x8797f30, invocation_hint=0xbff23dbc)
    at /build/buildd/glib2.0-2.18.2/gobject/gclosure.c:767
#20 0xb705a5d8 in signal_emit_unlocked_R (node=0x86a1630, detail=0, 
    instance=0x8930528, emission_return=0x0, instance_and_params=0x8797f30)
    at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3314
#21 0xb705b7ac in IA__g_signal_emit_valist (instance=0x8930528, signal_id=195, 
    detail=0, 
    var_args=0xbff23f5c
"��ȶi�ƶ��ȶ\210?��K8Ƕ(\005\223\b\bQ\"\bp�\225\b�7Ƕ�_\a��>Ƕ�?���\023\005�h7\222\b(\005\223\bؠ�\b�_\a�P\006\233\b\002")
    at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:2977
#22 0xb705bc26 in IA__g_signal_emit (instance=0x8930528, signal_id=195, 
    detail=0) at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3034
#23 0xb6c6ea8f in soup_message_finished () from /usr/lib/libsoup-2.4.so.1
#24 0xb6c7384b in ?? () from /usr/lib/libsoup-2.4.so.1
#25 0xb70513d4 in IA__g_cclosure_marshal_VOID__VOID (closure=0x89b0650, 
    return_value=0x0, n_param_values=1, param_values=0x8797b78, 
    invocation_hint=0xbff2410c, marshal_data=0x8930528)
    at /build/buildd/glib2.0-2.18.2/gobject/gmarshal.c:77
#26 0xb7043c4b in IA__g_closure_invoke (closure=0x89b0650, return_value=0x0, 
    n_param_values=1, param_values=0x8797b78, invocation_hint=0xbff2410c)
    at /build/buildd/glib2.0-2.18.2/gobject/gclosure.c:767
#27 0xb705a095 in signal_emit_unlocked_R (node=0x86a6dd0, detail=0, 
    instance=0x8923768, emission_return=0x0, instance_and_params=0x8797b78)
    at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3244
#28 0xb705b7ac in IA__g_signal_emit_valist (instance=0x8923768, signal_id=206, 
    detail=0, 
    var_args=0xbff242ac
"�\037\003��\037\003�\b��\b�B��\035���(\033�\b\001")
    at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:2977
#29 0xb705bc26 in IA__g_signal_emit (instance=0x8923768, signal_id=206, 
    detail=0) at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3034
#30 0xb6c7ebc2 in ?? () from /usr/lib/libsoup-2.4.so.1
#31 0xb6fec71d in g_io_unix_dispatch (source=0x8923768, callback=0xb6c7eb70, 
    user_data=0x8923768) at /build/buildd/glib2.0-2.18.2/glib/giounix.c:162
#32 0xb6fb5718 in IA__g_main_context_dispatch (context=0x81e2618)
    at /build/buildd/glib2.0-2.18.2/glib/gmain.c:2144
#33 0xb6fb8dc3 in g_main_context_iterate (context=0x81e2618, block=1, 
    dispatch=1, self=0x81e21d8)
    at /build/buildd/glib2.0-2.18.2/glib/gmain.c:2778
#34 0xb6fb92e2 in IA__g_main_loop_run (loop=0x8924f48)
    at /build/buildd/glib2.0-2.18.2/glib/gmain.c:2986
#35 0xb719e3a9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#36 0x08049c21 in main (argc=Cannot access memory at address 0x70
) at ../WebKitTools/GtkLauncher/main.c:205


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list