[Webkit-unassigned] [Bug 38535] WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 23 09:54:20 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=38535
--- Comment #12 from Yongjun Zhang <yongjun_zhang at apple.com> 2010-12-23 09:54:19 PST ---
(In reply to comment #10)
> (From update of attachment 77301 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=77301&action=review
>
> > WebKit/mac/WebView/WebScriptDebugDelegate.mm:207
> > + if (!_private->caller)
> > + return nil;
>
> Checking this seems OK, but random; not clearly connected to the rest of this function. Could you give more detail on what fails when caller is 0? Why is adding this check the best fix? Should we be making a fix inside the JavaScriptcore functionName function?
(In reply to comment #11)
> There must be a way to fix this in JavaScriptCore. I’m not satisfied with the current patch. Geoff, Ollie, ideas?
I agree we should fix it in JavaScriptCore. Here is what I saw. For top call frames, the caller is 0 and functionName of a top callframe is nil. As far as I understand, top call frame's callee (in JSC::DebuggerCallFrame::functionName()) should be 0, that way, we can bail out in DebuggerCallFrame::functionName() quickly (which is http://trac.webkit.org/changeset/58779 did). The odd thing is for this particular top call frame, the callee in DebuggerCallFrame is 0x2, seems like it was read from a wrong offset in the RegisterFile, and it crashes later on in asFunction(m_callFrame->callee()).
Geoff, Ollie, any idea why the callee is 0x2 in this case?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list