[Webkit-unassigned] [Bug 53376] r76727-r77034: REGRESSION: Crash on page load in JSC::JSValue::toString

Sat Jan 29 09:59:15 PST 2011

https://bugs.webkit.org/show_bug.cgi?id=53376

Patrick R. Gansterer <paroga at paroga.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |paroga at paroga.com
     Ever Confirmed|0                           |1

--- Comment #3 from Patrick R. Gansterer <paroga at paroga.com>  2011-01-29 09:59:14 PST ---
I get the following crash with a debug build:

ASSERTION FAILED: m_runtimeObjects.get(object)
(/Users/paroga/WebKit/Source/WebCore/bridge/runtime_root.cpp:189 void JSC::Bindings::RootObject::removeRuntimeObject(JSC::Bindings::RuntimeObject*))

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x000000010202d3ff JSC::Bindings::RootObject::removeRuntimeObject(JSC::Bindings::RuntimeObject*) + 143 (runtime_root.cpp:189)
1   com.apple.WebCore                 0x00000001015c037e JSC::Bindings::Instance::willDestroyRuntimeObject(JSC::Bindings::RuntimeObject*) + 184 (BridgeJSC.cpp:111)
2   com.apple.WebCore                 0x000000010202cfb9 JSC::Bindings::RuntimeObject::~RuntimeObject() + 75 (runtime_object.cpp:59)
3   com.apple.WebKit                  0x0000000100f5fac7 WebKit::ProxyRuntimeObject::~ProxyRuntimeObject() + 35 (ProxyRuntimeObject.mm:45)
4   com.apple.JavaScriptCore          0x000000010088f9d8 JSC::MarkedSpace::sweep() + 122 (MarkedSpace.cpp:285)
5   com.apple.JavaScriptCore          0x00000001007d3f3c JSC::Heap::collectAllGarbage() + 138 (Heap.cpp:403)
6   com.apple.JavaScriptCore          0x00000001007d19e3 JSC::DefaultGCActivityCallbackPlatformData::trigger(__CFRunLoopTimer*, void*) + 59 (GCActivityCallbackCF.cpp:61)
7   com.apple.CoreFoundation          0x00007fff80571be8 __CFRunLoopRun + 6488
8   com.apple.CoreFoundation          0x00007fff8056fdbf CFRunLoopRunSpecific + 575
9   com.apple.HIToolbox               0x00007fff8736c93a RunCurrentEventLoopInMode + 333
10  com.apple.HIToolbox               0x00007fff8736c73f ReceiveNextEventCommon + 310
11  com.apple.HIToolbox               0x00007fff8736c5f8 BlockUntilNextEventMatchingListInMode + 59
12  com.apple.AppKit                  0x00007fff81691e64 _DPSNextEvent + 718
13  com.apple.AppKit                  0x00007fff816917a9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
14  com.apple.Safari                  0x00000001000162f4 0x100000000 + 90868
15  com.apple.AppKit                  0x00007fff8165748b -[NSApplication run] + 395
16  com.apple.AppKit                  0x00007fff816501a8 NSApplicationMain + 364
17  com.apple.Safari                  0x000000010000a1c0 0x100000000 + 41408

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.