[Webkit-unassigned] [Bug 29554] New: REGRESSION (r48573): Assertion failure in Structure::toDictionaryTransition when loading page with simple JavaScript
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 21 07:39:12 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=29554
Summary: REGRESSION (r48573): Assertion failure in
Structure::toDictionaryTransition when loading page
with simple JavaScript
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
URL: data:text/html,<script>function foo() { }</script>
OS/Version: All
Status: NEW
Keywords: NeedsRadar, Regression
Severity: Normal
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
CC: oliver at apple.com
To reproduce:
1. Go to data:text/html,<script>function foo() { }</script>
You'll hit this assertion in Structure::toDictionaryTransition:
ASSERT(!structure->isDictionary());
Here's the backtrace:
#0 0x100c4ccad in JSC::Structure::toDictionaryTransition at
Structure.cpp:559
#1 0x100c4cdcf in JSC::Structure::toUncacheableDictionaryTransition at
Structure.cpp:580
#2 0x100c4ce3d in JSC::Structure::removePropertyTransition at
Structure.cpp:459
#3 0x100b0d04c in JSC::JSObject::removeDirect at JSObject.cpp:481
#4 0x100b2f46c in JSC::BytecodeGenerator::BytecodeGenerator at
BytecodeGenerator.cpp:260
#5 0x100c5b1b0 in JSC::ProgramExecutable::compile at Executable.cpp:107
#6 0x100b2b64a in JSC::evaluate at Completion.cpp:53
#7 0x101de71dd in WebCore::ScriptController::evaluate at
ScriptController.cpp:115
#8 0x1018c9162 in WebCore::FrameLoader::executeScript at FrameLoader.cpp:781
#9 0x101992c5a in WebCore::HTMLTokenizer::scriptExecution at
HTMLTokenizer.cpp:562
#10 0x101993922 in WebCore::HTMLTokenizer::scriptHandler at
HTMLTokenizer.cpp:504
#11 0x1019940ae in WebCore::HTMLTokenizer::parseNonHTMLText at
HTMLTokenizer.cpp:351
#12 0x1019967e4 in WebCore::HTMLTokenizer::parseTag at
HTMLTokenizer.cpp:1521
#13 0x10199733d in WebCore::HTMLTokenizer::write at HTMLTokenizer.cpp:1755
#14 0x1018c775d in WebCore::FrameLoader::write at FrameLoader.cpp:1030
#15 0x1018c78f9 in WebCore::FrameLoader::endIfNotLoadingMainResource at
FrameLoader.cpp:1065
#16 0x1018c7938 in WebCore::FrameLoader::end at FrameLoader.cpp:1051
#17 0x10176c7ba in WebCore::DocumentLoader::finishedLoading at
DocumentLoader.cpp:330
#18 0x1018cb61b in WebCore::FrameLoader::finishedLoading at
FrameLoader.cpp:3183
#19 0x101c2b4d5 in WebCore::MainResourceLoader::didFinishLoading at
MainResourceLoader.cpp:375
#20 0x101dcda62 in WebCore::ResourceLoader::didFinishLoading at
ResourceLoader.cpp:403
#21 0x101dc9dfb in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] at ResourceHandleMac.mm:748
#22 0x7fff831fdbc8 in _NSURLConnectionDidFinishLoading
#23 0x7fff846378d1 in URLConnectionClient::_clientDidFinishLoading
#24 0x7fff846982a6 in
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
#25 0x7fff84698512 in
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
#26 0x7fff8462262b in URLConnectionClient::processEvents
#27 0x7fff84622406 in MultiplexerSource::perform
#28 0x7fff805d6281 in __CFRunLoopDoSources0
#29 0x7fff805d4879 in __CFRunLoopRun
#30 0x7fff805d403f in CFRunLoopRunSpecific
#31 0x7fff876f4c4e in RunCurrentEventLoopInMode
#32 0x7fff876f4a53 in ReceiveNextEventCommon
#33 0x7fff876f490c in BlockUntilNextEventMatchingListInMode
#34 0x7fff84c6d520 in _DPSNextEvent
#35 0x7fff84c6ce89 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:]
#36 0x10005fe45 in -[BrowserApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] at BrowserApplication.mm:225
#37 0x7fff84c32a7d in -[NSApplication run]
#38 0x7fff84c2b798 in NSApplicationMain
#39 0x100161b63 in main at main.mm:157
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list