[Webkit-unassigned] [Bug 49935] New: Crash at WebCore::ScriptElementData::execute

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 22 13:41:05 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=49935

           Summary: Crash at WebCore::ScriptElementData::execute
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: HasReduction, NeedsRadar
          Severity: Normal
          Priority: P1
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ap at webkit.org, mitz at webkit.org, sam at webkit.org,
                    abarth at webkit.org, tonyg at chromium.org


Created an attachment (id=74591)
 --> (https://bugs.webkit.org/attachment.cgi?id=74591&action=review)
demo

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb1e5ab70 (LWP 9849)]
WebCore::ScriptElementData::execute (this=0x35c62f4, cachedScript=0x0) at third_party/WebKit/WebCore/dom/ScriptElement.cpp:219
219         if (cachedScript->errorOccurred())

#0  WebCore::ScriptElementData::execute (this=0x35c62f4, cachedScript=0x0) at third_party/WebKit/WebCore/dom/ScriptElement.cpp:219
#1  0x019e1d04 in WebCore::AsyncScriptRunner::timerFired (this=0x3588740, timer=0x3588750) at third_party/WebKit/WebCore/dom/AsyncScriptRunner.cpp:87
#2  0x019e17f1 in WebCore::Timer<WebCore::AsyncScriptRunner>::fired (this=0x35c62f4) at third_party/WebKit/WebCore/platform/Timer.h:98
#3  0x015d33b1 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x32a5d00) at third_party/WebKit/WebCore/platform/ThreadTimers.cpp:112
#4  0x015d3495 in WebCore::ThreadTimers::sharedTimerFired () at third_party/WebKit/WebCore/platform/ThreadTimers.cpp:90
#5  0x01074882 in webkit_glue::WebKitClientImpl::DoTimeout (this=0x31d8e60) at ./webkit/glue/webkitclient_impl.h:68
#6  0x010749a7 in DispatchToMethod<webkit_glue::WebKitClientImpl, void (webkit_glue::WebKitClientImpl::*)()> (this=0x32a5b60) at ./base/tuple.h:537
#7  base::BaseTimer<webkit_glue::WebKitClientImpl, false>::TimerTask::Run (this=0x32a5b60) at ./base/timer.h:160
#8  0x009cc66b in MessageLoop::RunTask (this=0xb1e5a1dc, task=0x32a5b60) at base/message_loop.cc:418
#9  0x009cdc0e in MessageLoop::DeferOrRunPendingTask (this=0xb1e5a1dc, pending_task=...) at base/message_loop.cc:427
#10 0x009cdefc in MessageLoop::DoWork (this=0xb1e5a1dc) at base/message_loop.cc:534
#11 0x009cff20 in base::MessagePumpDefault::Run (this=0x3162400, delegate=0xb1e5a1dc) at base/message_pump_default.cc:23
#12 0x009cd134 in MessageLoop::RunInternal (this=0xb1e5a1dc) at base/message_loop.cc:266
#13 0x009cd25d in MessageLoop::RunHandler (this=0x35c62f4) at base/message_loop.cc:238
#14 MessageLoop::Run (this=0x35c62f4) at base/message_loop.cc:216
#15 0x009eff9d in base::Thread::Run (this=0x31276c0, message_loop=0xb1e5a1dc) at base/thread.cc:140
#16 0x009f05ab in base::Thread::ThreadMain (this=0x31276c0) at base/thread.cc:164
#17 0x009de951 in ThreadFunc (closure=0x31276c0) at base/platform_thread_posix.cc:35
#18 0xb75db96e in start_thread (arg=0xb1e5ab70) at pthread_create.c:300
#19 0xb7153a4e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Copied from http://crbug.com/63302

On TOT debug build, we hit the assertion in ScriptElement::notifyFinished:
void ScriptElement::notifyFinished(CachedResource* o)
{
    ASSERT_UNUSED(o, o == m_cachedScript);
    m_element->document()->asyncScriptRunner()->executeScriptSoon(this, m_cachedScript);
    m_cachedScript = 0;
}
which is added by http://trac.webkit.org/changeset/42665

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list