[Webkit-unassigned] [Bug 30938] recent nightlies cannot run with public v4.0.3 (531.9.1) safari

Thu Oct 29 20:53:11 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=30938

--- Comment #4 from 808caaa4.8ce9.9cd6c799e9f6 at gmail.com  2009-10-29 20:53:10 PDT ---
For example safari v4.0.3 (531.9.1) + WebKit-r50233, crashes before main window
appear.
ntsd said:
---
(c24.ba0): Access violation - code c0000005 (!!! second chance !!!)
eax=1001525a ebx=7fea4a01 ecx=1d74c084 edx=7fc72934 esi=7fea4b10 edi=00ef0483
eip=100658c5 esp=0012f2d8 ebp=7fea4b10 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for
...\Safari.dll - 
Safari_10000000+0x658c5:
100658c5 8b5108          mov     edx,dword ptr [ecx+8]
ds:0023:1d74c08c=????????
0:000> 
---

// It seems no correspond pdbs for safari.dll found on Apple's symsrv.

With ntsd, safari.dll seems want to call IWebFramePrivate::isFrameSet() around
there, 
but since r50233, IWebFramePrivate have counterValueForElementById() at #5
entry in vtable,
so it calls WebFrame::spoolPages().
spoolPages has 4 arguments while isFrameSet has 1 argument, so stack will be
broken.

--
100658a5 8b10             mov     edx,[eax]         ds:0023:7fc72934=016bd060
100658a7 8b522c           mov     edx,[edx+0x2c]{WebKit!WebFrame__spoolPages
(01206590)} ds:0023:016bd08c=01206590
100658aa 53               push    ebx  ; <- not argument, popped just before
retn
100658ab 8d4c240c         lea     ecx,[esp+0xc]     ss:0023:0012f2d8=00000000
100658af 51               push    ecx  ; <- BOOL* result
100658b0 50               push    eax  ; <- this
100658b1 ffd2             call   edx {WebKit!WebFrame__spoolPages (01206590)}
--

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.