[Webkit-unassigned] [Bug 61834] New: Web Inspector: CRASH if Expanding Event Listener on document

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 31 20:21:54 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=61834

           Summary: Web Inspector: CRASH if Expanding Event Listener on
                    document
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: joepeck at webkit.org
                CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
                    pmuellr at yahoo.com, joepeck at webkit.org,
                    pfeldman at chromium.org, yurys at chromium.org,
                    bweinstein at apple.com, apavlov at chromium.org,
                    loislo at chromium.org


Created an attachment (id=95535)
 --> (https://bugs.webkit.org/attachment.cgi?id=95535&action=review)
[TEST] Test Case

STEPS TO REPRODUCE:

  1. Inspect the Button on the attached page.
  2. Expand Event Listeners in the Elements Panel Sidebar
  3. Expand the "document" listener => CRASH

CRASH:

    Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
    Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
    Crashed Thread:  0  Dispatch queue: com.apple.main-thread

    Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
    0   WebCore::InspectorObject::writeJSON(WTF::Vector<unsigned short, 0ul>*) const + 581 (InspectorValues.cpp:716)
    1   WebCore::InspectorObject::writeJSON(WTF::Vector<unsigned short, 0ul>*) const + 597 (InspectorValues.cpp:716)
    2   WebCore::InspectorValue::toJSONString() const + 98 (InspectorValues.cpp:555)
    3   WebCore::InspectorBackendDispatcher::sendResponse(long, WTF::PassRefPtr<WebCore::InspectorObject>, WTF::PassRefPtr<WebCore::InspectorArray>, WTF::String) + 543 (InspectorBackendDispatcher.cpp:2812)
    4   WebCore::InspectorBackendDispatcher::DOM_resolveNode(long, WebCore::InspectorObject*) + 1702 (InspectorBackendDispatcher.cpp:1533)
    5   WebCore::InspectorBackendDispatcher::dispatch(WTF::String const&) + 3127 (InspectorBackendDispatcher.cpp:2794)
    6   WebCore::InspectorController::dispatchMessageFromFrontend(WTF::String const&) + 81 (InspectorController.cpp:400)
    7   WebCore::InspectorFrontendClientLocal::sendMessageToBackend(WTF::String const&) + 33 (InspectorFrontendClientLocal.cpp:167)
    8   WebCore::InspectorFrontendHost::sendMessageToBackend(WTF::String const&) + 62 (InspectorFrontendHost.cpp:247)
    9   WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend(JSC::ExecState*) + 708 (JSInspectorFrontendHost.cpp:478)
    10  0 + 62762422112744
    11  JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 108 (JITCode.h:77)
    12  JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1769 (Interpreter.cpp:852)
    13  JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 229 (CallData.cpp:38)
    14  JSC::JSObject::put(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 1783 (JSObject.cpp:150)
    15  JSC::JSValue::put(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 176 (JSObject.h:812)
    16  cti_op_put_by_id + 286 (JITStubs.cpp:1439)
    17  jscGeneratedNativeCode + 0 (JITStubs.cpp:952)
    18  JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 108 (JITCode.h:77)
    19  JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1769 (Interpreter.cpp:852)
    20  JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 229 (CallData.cpp:38)
    21  WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 95 (JSMainThreadExecState.h:48)
    22  WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 2126 (JSEventListener.cpp:127)
    23  WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 508 (EventTarget.cpp:389)
    24  WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 520 (EventTarget.cpp:358)
    25  WebCore::Node::handleLocalEvents(WebCore::Event*) + 161 (Node.cpp:2707)
    26  WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 2006 (EventDispatcher.cpp:307)
    27  WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 433 (MouseEvent.cpp:183)
    28  WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::EventDispatchMediator const&) + 167 (EventDispatcher.cpp:54)
    29  WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) + 173 (Node.cpp:2755)
    30  WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 275 (EventHandler.cpp:2062)
    31  WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 1509 (EventHandler.cpp:1726)
    32  WebCore::EventHandler::mouseUp(NSEvent*) + 367 (EventHandlerMac.mm:526)
    33  -[WebHTMLView mouseUp:] + 349 (WebHTMLView.mm:3658)
    34  -[NSWindow sendEvent:] + 5547
    35  -[NSApplication sendEvent:] + 4719
    36  0x100000000 + 233078
    37  -[NSApplication run] + 474
    38  NSApplicationMain + 364
    39  0x100000000 + 40732

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list