[Webkit-unassigned] [Bug 60580] New: Assertion failure in JSC::Structure::typeInfo when reloading weather.com video page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 10 14:07:30 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=60580

           Summary: Assertion failure in JSC::Structure::typeInfo when
                    reloading weather.com video page
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
               URL: http://www.weather.com/outlook/videos/todays-top-forec
                    ast-4276
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com


Here's what I did. I haven't yet tried to reproduce:

1. Go to http://www.weather.com/outlook/videos/todays-top-forecast-4276
2. Pause the video
3. Reload

I hit this assertion in JSC::Structure:

        const TypeInfo& typeInfo() const { ASSERT(structure()->classInfo() == &s_info); return m_typeInfo; }

structure()->classInfo() is JSC::JSActivation::s_info.

Here's the (partial) backtrace:


>	JavaScriptCore.dll!JSC::Structure::typeInfo()  Line 101 + 0x43 bytes	C++
     JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 510 + 0xf bytes    C++
     JavaScriptCore.dll!JSC::JSObject::getPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 521 + 0x14 bytes    C++
     JavaScriptCore.dll!JSC::JSObject::hasProperty(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...})  Line 208    C++
     WebKit.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x0d563768)  Line 119 + 0x10 bytes    C++
     WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 38 + 0x15 bytes    C++
     WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 181 + 0x14 bytes    C++
     JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 512 + 0x1b bytes    C++
     JavaScriptCore.dll!cti_op_get_by_val(void * * args=0x0012c1d0)  Line 2353 + 0x1b bytes    C++
     JavaScriptCore.dll!@cti_op_create_this at 4()  + 0x1cf bytes    C++
     JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcadd4, JSC::ExecState * callFrame=0x06b00090, JSC::JSGlobalData * globalData=0x03db6e20)  Line 77 + 0x22 bytes    C++
     JavaScriptCore.dll!JSC::Interpreter::execute(JSC::EvalExecutable * eval=0x048c0cd8, JSC::ExecState * callFrame=0x06b00038, JSC::JSObject * thisObj=0x0a950128, int globalRegisterOffset=18, JSC::ScopeChainNode * scopeChain=0x1bd83068)  Line 1138 + 0x2b bytes    C++
     JavaScriptCore.dll!JSC::Interpreter::callEval(JSC::ExecState * callFrame=0x06b00038, JSC::RegisterFile * registerFile=0x03dcadd4, JSC::Register * argv=0x06b00050, int argc=2, int registerOffset=11)  Line 412 + 0x6c bytes    C++
     JavaScriptCore.dll!cti_op_call_eval(void * * args=0x0012c4c8)  Line 3210    C++
     JavaScriptCore.dll!@cti_op_create_this at 4()  + 0x1cf bytes    C++
     JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcadd4, JSC::ExecState * callFrame=0x06b00038, JSC::JSGlobalData * globalData=0x03db6e20)  Line 77 + 0x22 bytes    C++
     JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x048c0c80, JSC::ExecState * callFrame=0x0ba810a0, JSC::ScopeChainNode * scopeChain=0x1bd83068, JSC::JSObject * thisObj=0x0ba81028)  Line 767 + 0x25 bytes    C++
     JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec=0x0ba810a0, JSC::ScopeChainNode * scopeChain=0x1bd83068, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...})  Line 66    C++
     WebKit.dll!WebKit::NPRuntimeObjectMap::evaluate(NPObject * npObject=0x0d121a90, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4)  Line 196 + 0x4f bytes    C++
     WebKit.dll!WebKit::PluginView::evaluate(NPObject * npObject=0x0d121a90, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4, bool allowPopups=false)  Line 983 + 0x1a bytes    C++
     WebKit.dll!WebKit::NetscapePlugin::evaluate(NPObject * npObject=0x0d121a90, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4)  Line 215 + 0x2c bytes    C++
     WebKit.dll!WebKit::NPN_Evaluate(_NPP * npp=0x0cd59244, NPObject * npObject=0x0d121a90, _NPString * script=0x0012c7e4, _NPVariant * result=0x0012c7d4)  Line 681 + 0x1b bytes    C++
     NPSWF32.dll!15e2e947()     
     [Frames below may be incorrect and/or missing, no symbols loaded for NPSWF32.dll]

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list