[Webkit-unassigned] [Bug 37661] [v8] Bail out if fetching of Object.prototype fails

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 19 05:34:44 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=37661





--- Comment #4 from anton muhin <antonm at chromium.org>  2010-04-19 05:34:44 PST ---
Sorry, I should have been more explicit.

It's a crash in Chromium.  Sample stack trace:

0x025ec87a     [chrome.dll     - handles.cc:217]   
v8::internal::SetProperty(v8::internal::Handle<v8::internal::JSObject>,v8::internal::Handle<v8::internal::String>,v8::internal::Handle<v8::internal::Object>,PropertyAttributes)
0x0265d733     [chrome.dll     - runtime.cc:3799]   
v8::internal::Runtime::SetObjectProperty(v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,PropertyAttributes)
0x025e9bb5     [chrome.dll     - objects.cc:1416]   
v8::internal::JSObject::SetPropertyPostInterceptor(v8::internal::String
*,v8::internal::Object *,PropertyAttributes)
0x025ec9fa     [chrome.dll     - handles.cc:226]   
v8::internal::SetProperty(v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,PropertyAttributes)
0x025c7cd2     [chrome.dll     - api.cc:2393]   
v8::Object::SetHiddenValue(v8::Handle<v8::String>,v8::Handle<v8::Value>)
0x025cb321     [chrome.dll     - api.cc:2083]   
v8::Object::Get(v8::Handle<v8::Value>)
0x025ccbff     [chrome.dll     - api.cc:3069]    v8::Context::Global()
0x01d8a5f0     [chrome.dll     - v8domwindowshell.cpp:518]   
WebCore::V8DOMWindowShell::installHiddenObjectPrototype(v8::Handle<v8::Context>)
0x01d89ffe     [chrome.dll     - v8domwindowshell.cpp:289]   
WebCore::V8DOMWindowShell::initContextIfNeeded()
0x01d8c66e     [chrome.dll     - v8proxy.cpp:279]   
WebCore::V8Proxy::evaluateInIsolatedWorld(int,WTF::Vector<WebCore::ScriptSourceCode,0>
const &,int)
0x01e89d98     [chrome.dll     - webframeimpl.cpp:736]   
WebKit::WebFrameImpl::executeScriptInIsolatedWorld(int,WebKit::WebScriptSource
const *,unsigned int,int)
0x01ffd199     [chrome.dll     - user_script_slave.cc:219]   
UserScriptSlave::InjectScripts(WebKit::WebFrame *,UserScript::RunLocation)
0x01fee20c     [chrome.dll     - render_view.cc:2658]   
RenderView::didFinishDocumentLoad(WebKit::WebFrame *)
0x01e943db     [chrome.dll     - frameloaderclientimpl.cpp:391]   
WebKit::FrameLoaderClientImpl::dispatchDidFinishDocumentLoad()
0x01c6c37e     [chrome.dll     - frameloader.cpp:1076]   
WebCore::FrameLoader::finishedParsing()
0x01cc243a     [chrome.dll     - document.cpp:4203]   
WebCore::Document::finishedParsing()
0x01e401a8     [chrome.dll     - htmlparser.cpp:1666]   
WebCore::HTMLParser::finished()
0x01dc66a7     [chrome.dll     - htmltokenizer.cpp:1870]   
WebCore::HTMLTokenizer::end()
0x01dc654f     [chrome.dll     - htmltokenizer.cpp:1811]   
WebCore::HTMLTokenizer::write(WebCore::SegmentedString const &,bool)
0x01dc661d     [chrome.dll     - htmltokenizer.cpp:1848]   
WebCore::HTMLTokenizer::timerFired(WebCore::Timer<WebCore::HTMLTokenizer> *)
0x01e07a0f     [chrome.dll     - timer.h:98]   
WebCore::Timer<WebCore::Scrollbar>::fired()
0x01d2334b     [chrome.dll     - threadtimers.cpp:112]   
WebCore::ThreadTimers::sharedTimerFiredInternal()
0x01d232be     [chrome.dll     - threadtimers.cpp:90]   
WebCore::ThreadTimers::sharedTimerFired()
0x01fc2b6f     [chrome.dll     - message_loop.cc:329]   
MessageLoop::RunTask(Task *)
0x01fc2bac     [chrome.dll     - message_loop.cc:337]   
MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &)
0x01fc2d42     [chrome.dll     - message_loop.cc:444]    MessageLoop::DoWork()
0x01fd321f     [chrome.dll     - message_pump_default.cc:50]   
base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x01fc2a1a     [chrome.dll     - message_loop.cc:205]   
MessageLoop::RunInternal()
0x01fc299f     [chrome.dll     - message_loop.cc:177]   
MessageLoop::RunHandler()
0x01fc294d     [chrome.dll     - message_loop.cc:155]    MessageLoop::Run()
0x01fdd2fe     [chrome.dll     - renderer_main.cc:289]   
RendererMain(MainFunctionParams const &)
0x01c33bb9     [chrome.dll     - chrome_dll_main.cc:716]    ChromeMain
0x004033ec     [chrome.exe     - client_util.cc:195]   
MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00403a72     [chrome.exe     - chrome_exe_main.cc:46]    wWinMain
0x00445dce     [chrome.exe     - crt0.c:263]    __tmainCRTStartup
0x7c816fd6     [kernel32.dll     + 0x00016fd6]    BaseProcessStart

The analysis still apply: it's almost for sure empty handle of value being set.

Alas, I don't have an easy repro case.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list