[Webkit-unassigned] [Bug 49976] [Qt] Fix crashes in debug mode
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 23 18:46:26 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49976
--- Comment #3 from Gavin Barraclough <barraclough at apple.com> 2010-11-23 18:46:26 PST ---
If I'm reading the backtrace correctly, it looks like this assert is failing:
> result == CallTypeNone || value.isValidCallee()
Which means value is not a valid callee. We now require all callable objects in JSC (i.e. host functions) to be derived from JSObjectWithGlobalObject, which is what isValidCallee() tests. Objects created via the JSC API should all derive from JSObjectWithGlobalObject (well, bar global objects created via the API, but they'll still be okay – isValidCallee() actually checks the contents of anonymous slot 0, GOs will pass this check too).
So my guess would be something like, that the Qt DRT is exposing some host functions to JS by directly deriving from a JSObject type that is not a JSObjectWithGlobalObject, and directly implementing the getCallData() callback itself. If so, a fix would be to use the NativeFunctionWrapper type when wrapping C functions.
My next step in debugging this would be to see what function was being called when this ASSERT fired.
Hope this helps.
G.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list