[Webkit-unassigned] [Bug 70433] New: Crash in JSC::WriteBarrierBase<JSC::Structure>::operator->() due to assert failure

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 19 11:40:59 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=70433

           Summary: Crash in
                    JSC::WriteBarrierBase<JSC::Structure>::operator->()
                    due to assert failure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Blocker
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com


Created an attachment (id=111654)
 --> (https://bugs.webkit.org/attachment.cgi?id=111654&action=review)
Crash log.

Reproducibility: always

Steps:
1. Open any webpage.
2. Open a 2nd tab and navigate to http://www.google.com/intl/el/landing/transit/#dmy

What happened:
Assert failure and crash.

ASSERTION FAILED: m_cell
/Users/rex/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h(108) : JSC::Structure *JSC::WriteBarrierBase<JSC::Structure>::operator->() const
1   0x108efd667 JSC::WriteBarrierBase<JSC::Structure>::operator->() const
2   0x108f08f1c JSC::JSCell::isString() const
3   0x108f09a42 JSC::JSValue::isString() const
4   0x108f0981b JSC::JSValue::toString(JSC::ExecState*) const
5   0x10911dd28 _ZN3JSCL29objectProtoFuncHasOwnPropertyEPNS_9ExecStateE
6   0x2c750de011f8
7   0x108ff6f09 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*)
8   0x108ff3812 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
9   0x108f52151 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
10  0x10a4ac4e3 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
11  0x10ad694f3 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*)
12  0x10ad68fd9 WebCore::ScheduledAction::execute(WebCore::Document*)
13  0x10ad68e04 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*)
14  0x10a0248cf WebCore::DOMTimer::fired()
15  0x10afc09f7 WebCore::ThreadTimers::sharedTimerFiredInternal()
16  0x10afc07c9 WebCore::ThreadTimers::sharedTimerFired()
17  0x10adea5b3 _ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv
18  0x107950f84 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
19  0x107950ad6 __CFRunLoopDoTimer
20  0x107931471 __CFRunLoopRun
21  0x107930ae6 CFRunLoopRunSpecific
22  0x1135c63d3 RunCurrentEventLoopInMode
23  0x1135cd63d ReceiveNextEventCommon
24  0x1135cd4ca BlockUntilNextEventMatchingListInMode
25  0x10f1dc3f1 _DPSNextEvent
26  0x10f1dbcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
27  0x10f1d862d -[NSApplication run]
28  0x108154d5c RunLoop::run()
29  0x10823ea9f WebKit::WebProcessMain(WebKit::CommandLine const&)
30  0x1081aa68f _ZL10WebKitMainRKN6WebKit11CommandLineE
31  0x1081aa57d WebKitMain

Expected result:
WebKit does not crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list