[Webkit-unassigned] [Bug 31999] New: Crash in JSC::TypeInfo::type when moving mouse into Inspector window after calling monitorEvents(document.body)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 30 14:41:25 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31999
Summary: Crash in JSC::TypeInfo::type when moving mouse into
Inspector window after calling
monitorEvents(document.body)
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
To reproduce:
1. Go to http://webkit.org/
2. Open the Inspector
3. In the Inspector's console, run this command: monitorEvents(document.body)
4. Move the mouse around the page
5. Move the mouse back over the Inspector
You'll crash in JSC::TypeInfo::type. Here's the backtrace:
> JavaScriptCore.dll!JSC::TypeInfo::type() Line 60 + 0x11 bytes C++
JavaScriptCore.dll!JSC::JSCell::isString() Line 144 + 0x12 bytes C++
JavaScriptCore.dll!JSC::JSValue::isString() Line 165 + 0x1e bytes C++
JavaScriptCore.dll!JSC::JSValue::toString(JSC::ExecState *
exec=0x05050048) Line 260 + 0x8 bytes C++
JavaScriptCore.dll!cti_op_get_by_val(void * * args=0x0012f494) Line 1904
+ 0x13 bytes C++
JavaScriptCore.dll!@cti_op_convert_this at 4() + 0x10f bytes C++
JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile *
registerFile=0x0488b8d4, JSC::ExecState * callFrame=0x05050048,
JSC::JSGlobalData * globalData=0x048859c0, JSC::JSValue * exception=0x04886610)
Line 79 + 0x24 bytes C++
JavaScriptCore.dll!JSC::Interpreter::execute(JSC::FunctionExecutable *
functionExecutable=0x0b57b398, JSC::ExecState * callFrame=0x0b1465b0,
JSC::JSFunction * function=0x0d13b580, JSC::JSObject * thisObj=0x0797f9c0,
const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x0b6ce9b0,
JSC::JSValue * exception=0x04886610) Line 679 + 0x34 bytes C++
JavaScriptCore.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x0b1465b0,
JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}) Line 120 + 0x4e
bytes C++
JavaScriptCore.dll!JSC::call(JSC::ExecState * exec=0x0b1465b0,
JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const
JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const
JSC::ArgList & args={...}) Line 39 + 0x2b bytes C++
WebKit.dll!WebCore::callInWorld(JSC::ExecState * exec=0x0b1465b0,
JSC::JSValue function={...}, JSC::CallType callType=CallTypeJS, const
JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const
JSC::ArgList & args={...}, WebCore::DOMWrapperWorld * isolatedWorld=0x0488b988)
Line 866 + 0x29 bytes C++
WebKit.dll!WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject
* globalObject=, JSC::JSValue thisValue={...}) Line 106 + 0x5b bytes C++
WebKit.dll!WebCore::ScheduledAction::execute(WebCore::Document *
document=0x086e5fb0) Line 127 C++
WebKit.dll!WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext *
context=0x086e5fe4) Line 79 C++
WebKit.dll!WebCore::DOMTimer::fired() Line 151 C++
WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 +
0xf bytes C++
WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++
WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00150e00, unsigned
int message=49579, unsigned int wParam=0, long lParam=0) Line 102 + 0x8 bytes
C++
user32.dll!_InternalCallWinProc at 20() + 0x28 bytes
user32.dll!_UserCallWinProcCheckWow at 32() + 0xb7 bytes
user32.dll!_DispatchMessageWorker at 8() + 0xdc bytes
user32.dll!_DispatchMessageW at 4() + 0xf bytes
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list