[Webkit-unassigned] [Bug 55671] REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 11 10:41:22 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=55671





--- Comment #20 from Kevin M. Dean <kevin at rhubarbproductions.com>  2011-03-11 10:41:22 PST ---
(In reply to comment #18)

> Do gdb-safari --debug and see if that works

That worked, here's the result:


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000090
0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffb1d0, globalData=0x18, registerThread=true) at APIShims.h:40
40            , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable))
(gdb) bt
#0  0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffb1d0, globalData=0x18, registerThread=true) at APIShims.h:40
#1  0x008210d0 in JSC::APIEntryShim::APIEntryShim (this=0xbfffb1d0, exec=0x1d929a0, registerThread=true) at APIShims.h:67
#2  0x008a8928 in JSWeakObjectMapClear (ctx=0x1d929a0, map=0x244af1e0, key=0x1c4b6f90, object=0x1c3f7a00) at /Users/kdean/WebKit/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp:74
#3  0x001b402c in ?? ()
#4  0x001b3778 in ?? ()
#5  0x008335d8 in JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject (this=Cannot access memory at address 0x79
) at JSCallbackObjectFunctions.h:100
#6  0x008bb1a8 in JSC::MarkedBlock::allocate (this=0x1c3f4000) at JSCell.h:404
#7  0x008ba0bc in JSC::MarkedSpace::allocateFromSizeClass (this=0x99006b4, sizeClass=@0x9900714) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/MarkedSpace.cpp:77
#8  0x04a946cc in JSC::MarkedSpace::allocate (this=0x99006b4, bytes=52) at JSCell.h:424
#9  0x04a95024 in JSC::Heap::allocate (this=0x99006b0, bytes=52) at JSCell.h:436
#10 0x04a950b4 in JSC::JSCell::operator new (size=52, exec=0x1a9d6078) at JSCell.h:451
#11 0x0538d92c in WebCore::createDOMNodeWrapper<WebCore::JSHTMLImageElement, WebCore::HTMLImageElement> (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at JSDOMBinding.h:181
#12 0x05380044 in WebCore::createHTMLImageElementWrapper (exec=0x1a9d6078, globalObject=0x2398da20, element=@0xbfffb5dc) at /Users/kdean/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLElementWrapperFactory.cpp:389
#13 0x0537f2a0 in WebCore::createJSHTMLWrapper (exec=0x1a9d6078, globalObject=0x2398da20, element=@0xbfffc000) at /Users/kdean/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLElementWrapperFactory.cpp:694
#14 0x0543b06c in WebCore::createWrapperInline (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at /Users/kdean/WebKit/Source/WebCore/bindings/js/JSNodeCustom.cpp:173
#15 0x0543b334 in WebCore::createWrapper (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at /Users/kdean/WebKit/Source/WebCore/bindings/js/JSNodeCustom.cpp:223
#16 0x04db4980 in WebCore::toJS (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at js/JSNodeCustom.h:57
#17 0x054423a0 in WebCore::JSNodeList::indexGetter (exec=0x1a9d6078, slotBase={u = {asEncodedJSValue = -16595110272, asDouble = -nan(0xffffc22dab680), asBits = {tag = -4, payload = 584758912}}}, index=106) at /Users/kdean/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSNodeList.cpp:257
#18 0x0073aa84 in JSC::PropertySlot::getValue (this=0xbfffc240, exec=0x1a9d6078, propertyName=106) at PropertySlot.h:83
#19 0x0080cd10 in JSC::JSValue::get (this=0xbfffd598, exec=0x1a9d6078, propertyName=106, slot=@0xbfffc240) at JSObject.h:781
#20 0x0080cdec in JSC::JSValue::get (this=0xbfffd598, exec=0x1a9d6078, propertyName=106) at JSObject.h:767
#21 0x007fb8dc in JSC::Interpreter::privateExecute (this=0x9871a00, flag=JSC::Interpreter::Normal, registerFile=0x9871a0c, callFrame=0x1a9d6078) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:3278
#22 0x00803da8 in JSC::Interpreter::execute (this=0x9871a00, program=0x22dab648, callFrame=0x2398daa0, scopeChain=0x22ec7660, thisObj=0x21d39578) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:776
#23 0x007a5a9c in JSC::evaluate (exec=0x2398daa0, scopeChain=0x22ec7660, source=@0xbfffdd04, thisValue={u = {asEncodedJSValue = -16612354696, asDouble = -nan(0xffffc21d39578), asBits = {tag = -4, payload = 567514488}}}) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:67
#24 0x059ddeec in WebCore::JSMainThreadExecState::evaluate (exec=0x2398daa0, chain=0x22ec7660, source=@0xbfffdd04, thisValue={u = {asEncodedJSValue = -16612354696, asDouble = -nan(0xffffc21d39578), asBits = {tag = -4, payload = 567514488}}}) at JSMainThreadExecState.h:54
#25 0x059d5fa4 in WebCore::ScriptController::evaluateInWorld (this=0x9a137e8, sourceCode=@0xbfffdd00, world=0x967dbb0) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:142
#26 0x059d6178 in WebCore::ScriptController::evaluate (this=0x9a137e8, sourceCode=@0xbfffdd00) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:165
#27 0x059f1a04 in WebCore::ScriptElement::executeScript (this=0x22a74d58, sourceCode=@0xbfffdd00) at /Users/kdean/WebKit/Source/WebCore/dom/ScriptElement.cpp:256
#28 0x059f228c in WebCore::ScriptElement::prepareScript (this=0x22a74d58, scriptStartPosition=@0xbfffdf30, supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at /Users/kdean/WebKit/Source/WebCore/dom/ScriptElement.cpp:213
#29 0x05084320 in WebCore::HTMLScriptRunner::runScript (this=0x2265e2f0, script=0x22a74d10, scriptStartPosition=@0xbfffdf30) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:289
#30 0x05085240 in WebCore::HTMLScriptRunner::execute (this=0x2265e2f0, scriptElement=@0xbfffdf28, scriptStartPosition=@0xbfffdf30) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:173
#31 0x050038e8 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x209ce200) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:205
#32 0x05003998 in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x209ce200, mode=WebCore::HTMLDocumentParser::AllowYield, session=@0xbfffe008) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:216
#33 0x050051ac in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x209ce200, mode=WebCore::HTMLDocumentParser::AllowYield) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:255
#34 0x05005494 in WebCore::HTMLDocumentParser::resumeParsingAfterYield (this=0x209ce200) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:192
#35 0x0507d3e4 in WebCore::HTMLParserScheduler::continueNextChunkTimerFired (this=0x2265e1a0, timer=0x2265e1b0) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLParserScheduler.cpp:86
#36 0x0507d79c in WebCore::Timer<WebCore::HTMLParserScheduler>::fired (this=0x2265e1b0) at Timer.h:100
#37 0x05c0ee78 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x93b5c40) at /Users/kdean/WebKit/Source/WebCore/platform/ThreadTimers.cpp:112
#38 0x05c0f1f0 in WebCore::ThreadTimers::sharedTimerFired () at /Users/kdean/WebKit/Source/WebCore/platform/ThreadTimers.cpp:90
#39 0x05a597a0 in WebCore::timerFired () at /Users/kdean/WebKit/Source/WebCore/platform/mac/SharedTimerMac.mm:166
#40 0x901cc81c in CFRunLoopRunSpecific ()
#41 0x91f71b18 in RunCurrentEventLoopInMode ()
#42 0x91f7193c in ReceiveNextEventCommon ()
#43 0x91f7177c in BlockUntilNextEventMatchingListInMode ()
#44 0x90831248 in _DPSNextEvent ()
#45 0x90830c00 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#46 0x00019a14 in ?? ()
#47 0x9082a8a0 in -[NSApplication run] ()
#48 0x907fb29c in NSApplicationMain ()
#49 0x0000c05c in ?? ()
Current language:  auto; currently c++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list