[Webkit-unassigned] [Bug 47331] New: REGRESSION(r60392): EXC_BAD_ACCESS in JSC::RegisterFile::end

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 7 02:21:46 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=47331

           Summary: REGRESSION(r60392): EXC_BAD_ACCESS in
                    JSC::RegisterFile::end
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: http://www.origo.hu/images/kozos/gemius/xgemius.js
        OS/Version: Mac OS X 10.6
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: zbujtas at gmail.com


Created an attachment (id=70056)
 --> (https://bugs.webkit.org/attachment.cgi?id=70056)
reduced testcase

reduced testcase attached (from xgemius.js gemius_parameters()) Odd (and unrelated) lines of js functions cause the crash. Couldn't reduce the testcase any further.
works with r60391 but not with r60392

http://trac.webkit.org/changeset/60392 looks like a major change.


#0  0x00000001007e6f82 in JSC::RegisterFile::end (this=0x18) at RegisterFile.h:118
#1  0x00000001007e98c4 in JSC::ExecState::init (this=0x11af10138, codeBlock=0x0, vPC=0x0, scopeChain=0x11ad47ec0, callerFrame=0x11af10119, argc=1, callee=0x11ad47f80) at CallFrame.h:121
#2  0x00000001007e4f68 in JSC::Interpreter::executeCall (this=0x11a04c110, callFrame=0x11af10118, function=0x11ad47f80, callType=JSC::CallTypeHost, callData=@0x7fff5fbfd2a0, thisValue={m_ptr = 0x11ad47ec0}, args=@0x7fff5fbfd290, exception=0x1070fd148) at /Users/bujtas/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:829
#3  0x000000010079ccb3 in JSC::call (exec=0x11af10118, functionObject={m_ptr = 0x11ad47f80}, callType=JSC::CallTypeHost, callData=@0x7fff5fbfd2a0, thisValue={m_ptr = 0x11ad47ec0}, args=@0x7fff5fbfd290) at /Users/bujtas/WebKit/JavaScriptCore/runtime/CallData.cpp:38
#4  0x0000000100848d1a in JSC::callDefaultValueFunction (exec=0x11af10118, object=0x11ad47ec0, propertyName=@0x11a04b2b8) at /Users/bujtas/WebKit/JavaScriptCore/runtime/JSObject.cpp:251
#5  0x0000000100848e26 in JSC::JSObject::defaultValue (this=0x11ad47ec0, exec=0x11af10118, hint=JSC::PreferString) at /Users/bujtas/WebKit/JavaScriptCore/runtime/JSObject.cpp:272
#6  0x0000000100761766 in JSC::JSObject::toPrimitive (this=0x11ad47ec0, exec=0x11af10118, preferredType=JSC::PreferString) at JSObject.h:637
#7  0x0000000100848895 in JSC::JSObject::toString (this=0x11ad47ec0, exec=0x11af10118) at /Users/bujtas/WebKit/JavaScriptCore/runtime/JSObject.cpp:476
#8  0x00000001008eade0 in JSC::JSValue::toThisString (this=0x7fff5fbfd490, exec=0x11af10118) at JSObject.h:751
#9  0x00000001008e7aed in JSC::stringProtoFuncSubstring (exec=0x11af10118) at /Users/bujtas/WebKit/JavaScriptCore/runtime/StringPrototype.cpp:785
#10 0x00003a30be0001aa in ?? ()
#11 0x00000001007e99ae in JSC::JITCode::execute (this=0x11aef7e68, registerFile=0x11a04c128, callFrame=0x11af10038, globalData=0x1070fb800, exception=0x7fff5fbfd740) at JITCode.h:77
#12 0x00000001007e5c0f in JSC::Interpreter::execute (this=0x11a04c110, program=0x11aef7e50, callFrame=0x11aef1b28, scopeChain=0x106373260, thisObj=0x11ad40000, exception=0x7fff5fbfd740) at /Users/bujtas/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:733
#13 0x00000001007b5f3b in JSC::evaluate (exec=0x11aef1b28, scopeChain=@0x11aef1af0, source=@0x7fff5fbfda88, thisValue={m_ptr = 0x11ad40000}) at /Users/bujtas/WebKit/JavaScriptCore/runtime/Completion.cpp:63
#14 0x0000000101bb0ce2 in WebCore::JSMainThreadExecState::evaluate (exec=0x11aef1b28, chain=@0x11aef1af0, source=@0x7fff5fbfda88, thisValue={m_ptr = 0x11ad40000}) at JSMainThreadExecState.h:54
#15 0x0000000101f6aee6 in WebCore::ScriptController::evaluateInWorld (this=0x1070058c8, sourceCode=@0x7fff5fbfda80, world=0x11a04cf50, shouldAllowXSS=WebCore::DoNotAllowXSS) at /Users/bujtas/WebKit/WebCore/bindings/js/ScriptController.cpp:151
#16 0x0000000101f6b0f0 in WebCore::ScriptController::evaluate (this=0x1070058c8, sourceCode=@0x7fff5fbfda80, shouldAllowXSS=WebCore::DoNotAllowXSS) at /Users/bujtas/WebKit/WebCore/bindings/js/ScriptController.cpp:177
#17 0x0000000101f709ba in WebCore::ScriptController::executeScript (this=0x1070058c8, sourceCode=@0x7fff5fbfda80, shouldAllowXSS=WebCore::DoNotAllowXSS) at /Users/bujtas/WebKit/WebCore/bindings/ScriptControllerBase.cpp:60
#18 0x0000000101969ca1 in WebCore::HTMLScriptRunner::executeScript (this=0x11aef6bf0, sourceCode=@0x7fff5fbfda80) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLScriptRunner.cpp:154
#19 0x0000000101969f32 in WebCore::HTMLScriptRunner::runScript (this=0x11aef6bf0, script=0x11aef7b60, startingLineNumber=2) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLScriptRunner.cpp:319
#20 0x000000010196a717 in WebCore::HTMLScriptRunner::execute (this=0x11aef6bf0, scriptElement=@0x7fff5fbfdb90, startLine=2) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLScriptRunner.cpp:179
#21 0x00000001019109a3 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x106a0da00) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLDocumentParser.cpp:202
#22 0x0000000101910e78 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x106a0da00, mode=WebCore::HTMLDocumentParser::AllowYield) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLDocumentParser.cpp:235
#23 0x0000000101911126 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x106a0da00, mode=WebCore::HTMLDocumentParser::AllowYield) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLDocumentParser.cpp:172
#24 0x00000001019115c8 in WebCore::HTMLDocumentParser::append (this=0x106a0da00, source=@0x7fff5fbfdcc0) at /Users/bujtas/WebKit/WebCore/html/parser/HTMLDocumentParser.cpp:330
#25 0x00000001016a8a4c in WebCore::DecodedDataDocumentParser::appendBytes (this=0x106a0da00, writer=0x1070055f0, data=0x0, length=0, shouldFlush=true) at /Users/bujtas/WebKit/WebCore/dom/DecodedDataDocumentParser.cpp:54
#26 0x0000000101708332 in WebCore::DocumentWriter::addData (this=0x1070055f0, str=0x0, len=0, flush=true) at /Users/bujtas/WebKit/WebCore/loader/DocumentWriter.cpp:200
#27 0x00000001017083b4 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x1070055f0) at /Users/bujtas/WebKit/WebCore/loader/DocumentWriter.cpp:220
#28 0x00000001017083fd in WebCore::DocumentWriter::end (this=0x1070055f0) at /Users/bujtas/WebKit/WebCore/loader/DocumentWriter.cpp:206
#29 0x00000001016f8fd8 in WebCore::DocumentLoader::finishedLoading (this=0x1069f2800) at /Users/bujtas/WebKit/WebCore/loader/DocumentLoader.cpp:276
#30 0x00000001018686ef in WebCore::FrameLoader::finishedLoading (this=0x107005450) at /Users/bujtas/WebKit/WebCore/loader/FrameLoader.cpp:2157
#31 0x0000000101d4c086 in WebCore::MainResourceLoader::didFinishLoading (this=0x106914200, finishTime=0) at /Users/bujtas/WebKit/WebCore/loader/MainResourceLoader.cpp:441
#32 0x0000000101f4beaa in WebCore::ResourceLoader::didFinishLoading (this=0x106914200, finishTime=0) at /Users/bujtas/WebKit/WebCore/loader/ResourceLoader.cpp:446
#33 0x0000000101f4733f in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x10637ba00, _cmd=0x7fff83af65de, connection=0x11ae1bc30) at /Users/bujtas/WebKit/WebCore/platform/network/mac/ResourceHandleMac.mm:920
#34 0x00007fff839d1b6c in _NSURLConnectionDidFinishLoading ()
#35 0x00007fff86b9405e in URLConnectionClient::_clientDidFinishLoading ()
#36 0x00007fff86bf93d2 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload ()
#37 0x00007fff86bf963e in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload ()
#38 0x00007fff86b8078f in URLConnectionClient::processEvents ()
#39 0x00007fff86b8056c in MultiplexerSource::perform ()
#40 0x00007fff83299e91 in __CFRunLoopDoSources0 ()
#41 0x00007fff83298089 in __CFRunLoopRun ()
#42 0x00007fff8329784f in CFRunLoopRunSpecific ()
#43 0x00007fff85a5d91a in RunCurrentEventLoopInMode ()
#44 0x00007fff85a5d71f in ReceiveNextEventCommon ()
#45 0x00007fff85a5d5d8 in BlockUntilNextEventMatchingListInMode ()
#46 0x00007fff825d629e in _DPSNextEvent ()
#47 0x00007fff825d5bed in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#48 0x00000001000165d8 in ?? ()
#49 0x00007fff8259b8d3 in -[NSApplication run] ()
#50 0x00007fff825945f8 in NSApplicationMain ()
#51 0x000000010000a4a4 in ?? ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list