[Webkit-unassigned] [Bug 31011] New: [v8] empty handler is used to access native DOM window implementaton
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 2 05:45:15 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31011
Summary: [v8] empty handler is used to access native DOM window
implementaton
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: antonm at chromium.org
CC: abarth at webkit.org
There are crashes in v8::Object::GetPointerFromInternalField(int) due to empty
handle (this is null in ::GetPointerFromInternalField). This handle
comes from V8DOMWrapper::lookupDOMWrapper (see
http://trac.webkit.org/browser/trunk/WebCore/bindings/v8/V8Proxy.cpp?rev=49510)
which means that somehow we failed to lookup (traversing proto chain)
DOM window from the current global (which sounds weird to me, but I
know too little about isolated worlds). Maybe it somehow related to
out of memory condition.
The sample stack trace:
0x6843b6ca [chrome.dll - v8.h:3006]
v8::Object::GetPointerFromInternalField(int)
0x6870bce0 [chrome.dll - v8proxy.cpp:525]
WebCore::V8Proxy::retrieveWindow(v8::Handle<v8::Context>)
0x6870bcf5 [chrome.dll - v8proxy.cpp:530]
WebCore::V8Proxy::retrieveFrame(v8::Handle<v8::Context>)
0x6870b663 [chrome.dll - v8proxy.cpp:250]
WebCore::V8Proxy::handleOutOfMemory()
0x6870bb0b [chrome.dll - v8proxy.cpp:394]
WebCore::V8Proxy::runScript(v8::Handle<v8::Script>,bool)
0x6870ba58 [chrome.dll - v8proxy.cpp:374]
WebCore::V8Proxy::evaluate(WebCore::ScriptSourceCode const &,WebCore::Node *)
0x6870b781 [chrome.dll - v8proxy.cpp:292]
WebCore::V8Proxy::evaluateInIsolatedWorld(int,WTF::Vector<WebCore::ScriptSourceCode,0>
const &,int)
0x686e7ee2 [chrome.dll - webframe_impl.cc:644]
WebFrameImpl::executeScriptInIsolatedWorld(int,WebKit::WebScriptSource const
*,unsigned int,int)
0x684e4e15 [chrome.dll - user_script_slave.cc:192]
UserScriptSlave::InjectScripts(WebKit::WebFrame *,UserScript::RunLocation)
0x684daf9c [chrome.dll - render_view.cc:2194]
RenderView::didCreateDocumentElement(WebKit::WebFrame *)
0x686fd04c [chrome.dll - webframeloaderclient_impl.cc:121]
WebFrameLoaderClient::documentElementAvailable()
0x6894cb27 [chrome.dll - htmlparser.cpp:383]
WebCore::HTMLParser::insertNode(WebCore::Node *,bool)
0x6894c716 [chrome.dll - htmlparser.cpp:274]
WebCore::HTMLParser::parseToken(WebCore::Token *)
0x688b79ba [chrome.dll - htmltokenizer.cpp:1935]
WebCore::HTMLTokenizer::processToken()
0x688b6b15 [chrome.dll - htmltokenizer.cpp:1506]
WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString
&,WebCore::HTMLTokenizer::State)
0x688b7384 [chrome.dll - htmltokenizer.cpp:1758]
WebCore::HTMLTokenizer::write(WebCore::SegmentedString const &,bool)
0x6872778e [chrome.dll - frameloader.cpp:1440]
WebCore::FrameLoader::addData(char const *,int)
0x686e86c3 [chrome.dll - webframe_impl.cc:905]
WebFrameImpl::commitDocumentData(char const *,unsigned int)
0x686fe277 [chrome.dll - webframeloaderclient_impl.cc:935]
WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader *,char const *,int)
0x6878cc54 [chrome.dll - documentloader.cpp:342]
WebCore::DocumentLoader::commitLoad(char const *,int)
0x688ca61f [chrome.dll - mainresourceloader.cpp:143]
WebCore::MainResourceLoader::addData(char const *,int,bool)
0x688cb6cb [chrome.dll - resourceloader.cpp:248]
WebCore::ResourceLoader::didReceiveData(char const *,int,__int64,bool)
0x688cac3f [chrome.dll - mainresourceloader.cpp:374]
WebCore::MainResourceLoader::didReceiveData(char const *,int,__int64,bool)
0x688cb9cd [chrome.dll - resourceloader.cpp:398]
WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle *,char const
*,int,int)
0x689b94ab [chrome.dll - resourcehandle.cpp:144]
WebCore::ResourceHandleInternal::didReceiveData(WebKit::WebURLLoader *,char
const *,int,__int64)
0x686f4d16 [chrome.dll - weburlloader_impl.cc:476]
webkit_glue::WebURLLoaderImpl::Context::OnReceivedData(char const *,int)
0x686aa252 [chrome.dll - resource_dispatcher.cc:384]
ResourceDispatcher::OnReceivedData(IPC::Message const &,int,void *,int)
0x686aa65b [chrome.dll - resource_dispatcher.cc:519]
ResourceDispatcher::DispatchMessageW(IPC::Message const &)
0x686aa047 [chrome.dll - resource_dispatcher.cc:301]
ResourceDispatcher::OnMessageReceived(IPC::Message const &)
0x686a83f6 [chrome.dll - child_thread.cc:99]
ChildThread::OnMessageReceived(IPC::Message const &)
0x6863caf7 [chrome.dll - task.h:277]
RunnableMethod<URLFetcher::Core,void ( URLFetcher::Core::*)(URLRequestStatus
const &),Tuple1<URLRequestStatus> >::Run()
0x684b4ec8 [chrome.dll - message_loop.cc:314]
MessageLoop::RunTask(Task *)
0x684b4f02 [chrome.dll - message_loop.cc:322]
MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &)
0x684b50b7 [chrome.dll - message_loop.cc:429] MessageLoop::DoWork()
0x684c61ba [chrome.dll - message_pump_default.cc:50]
base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x684b4d78 [chrome.dll - message_loop.cc:199]
MessageLoop::RunInternal()
0x684b4d41 [chrome.dll - message_loop.cc:181]
MessageLoop::RunHandler()
0x684b4ce4 [chrome.dll - message_loop.cc:155] MessageLoop::Run()
0x684cd654 [chrome.dll - renderer_main.cc:167]
RendererMain(MainFunctionParams const &)
0x684237ae [chrome.dll - chrome_dll_main.cc:544] ChromeMain
0x01382c0e [chrome.exe - google_update_client.cc:96]
google_update::GoogleUpdateClient::Launch(HINSTANCE__
*,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *)
0x01383009 [chrome.exe - chrome_exe_main.cc:96] wWinMain
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list