[Webkit-unassigned] [Bug 93937] Web Inspector: Calling getEventListeners() on element with malformed javascript event listeners crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 13 23:59:57 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=93937





--- Comment #2 from Alice Boxhall <aboxhall at chromium.org>  2012-08-14 00:00:26 PST ---
Chrome stack trace:

#
# Fatal error in ../../v8/src/handles-inl.h, line 64
# CHECK(location_ != __null) failed
#


==== Stack trace ============================================

Security context: 0x32527351 <String[16]: http://localhost>
    1: getEventListeners [0x32408091 <undefined>:1049] (this=0x327a649d <a CommandLineAPIImpl>#0#,node=0x427c5889 <an HTMLDivElement>#1#)
    5: getEventListeners [native v8natives.js:1597] (this=0x427d6565 <a CommandLineAPI>#2#)
    6: arguments adaptor frame: 1->0
    7: /* anonymous */ [0x32408091 <undefined>:2] (this=0x3271b25d <JS Global Object>#3#)
    8: eval [native v8natives.js:170] (this=0x3271b25d <JS Global Object>#3#,a=0x427d804d <String[122]\: with ((window && window.console && window.console._commandLineAPI) || {}) {\ngetEventListeners(document.body.children[0])\n}>)
    9: _evaluateOn [0x32408091 <undefined>:450] (this=0x42708129 <JS Object>#4#,evalFunction=0x32714fe5 <JS Function eval>#5#,object=0x3271b25d <JS Global Object>#3#,objectGroup=0x35812271 <String[7]: console>,expression=0x427d804d <String[122]\: with ((window && window.console && window.console._commandLineAPI) || {}) {\ngetEventListeners(document.body.children[0])\n}>,isEvalOnCallFrame=0x324080c1 <false>,injectCommandLineAPI=0x324080b1 <true>)
   10: _evaluateAndWrap [0x32408091 <undefined>:409] (this=0x42708129 <JS Object>#4#,evalFunction=0x32714fe5 <JS Function eval>#5#,object=0x3271b25d <JS Global Object>#3#,expression=0x427d653d <String[44]: getEventListeners(document.body.children[0])>,objectGroup=0x35812271 <String[7]: console>,isEvalOnCallFrame=0x324080c1 <false>,injectCommandLineAPI=0x324080b1 <true>,returnByValue=0x324080c1 <false>)
   11: evaluate [0x32408091 <undefined>:345] (this=0x42708129 <JS Object>#4#,expression=0x427d653d <String[44]: getEventListeners(document.body.children[0])>,objectGroup=0x35812271 <String[7]: console>,injectCommandLineAPI=0x324080b1 <true>,returnByValue=0x324080c1 <false>)

==== Details ================================================

[1]: getEventListeners [0x32408091 <undefined>:1049] (this=0x327a649d <a CommandLineAPIImpl>#0#,node=0x427c5889 <an HTMLDivElement>#1#) {
  // expression stack (top to bottom)
  [02] : 0x327922f9 <JS Function getEventListeners>#6#
  [01] : 0x427c5889 <an HTMLDivElement>#1#
  [00] : 0x427082ad <an InjectedScriptHost>#7#
--------- s o u r c e   c o d e ---------
function (node)?    {?        return InjectedScriptHost.getEventListeners(node);?    }
-----------------------------------------
}

[5]: getEventListeners [native v8natives.js:1597] (this=0x427d6565 <a CommandLineAPI>#2#) {
  // stack-allocated locals
  var arguments = 0x427d84bd <an Arguments>#8#
  var d = 1
  var g = 0x32408091 <undefined>
  var h = 0x32408091 <undefined>
  var c = 0x427d84d9 <JS Array[2]>#9#
  var f = 0x32408091 <undefined>
  var e = 0x32408091 <undefined>
  // expression stack (top to bottom)
  [11] : 1
  [10] : 0
  [09] : 0x427d84bd <an Arguments>#8#
  [08] : 0x327a649d <a CommandLineAPIImpl>#0#
  [07] : 0x327b26f9 <JS Function>#10#
--------- s o u r c e   c o d e ---------
function (){??"use strict";???if(%_IsConstructCall()){?return %NewObjectFromBound(b);?}?var c=%BoundFunctionGetBindings(b);??var d=%_ArgumentsLength();?if(d==0){?return %Apply(c[0],c[1],c,2,c.length-2);?}?if(c.length===2){?return %Apply(c[0],c[1],arguments,0,d);?}?var e=c.length-2;?var f=new InternalArray(e+...

-----------------------------------------
}

[6]: arguments adaptor frame: 1->0 {
  // actual arguments
  [00] : 0x427c5889 <an HTMLDivElement>#1#  // not passed to callee
}

[7]: /* anonymous */ [0x32408091 <undefined>:2] (this=0x3271b25d <JS Global Object>#3#) {  // stack-allocated locals
  var .result = 0x32408091 <undefined>  // expression stack (top to bottom)
  [03] : 0x427c5889 <an HTMLDivElement>#1#  [02] : 0x427d6565 <a CommandLineAPI>#2#
  [01] : 0x427d6f51 <JS Function>#11#
--------- s o u r c e   c o d e ---------
with ((window && window.console && window.console._commandLineAPI) || {}) {?getEventListeners(document.body.children[0])?}
-----------------------------------------
}

[8]: eval [native v8natives.js:170] (this=0x3271b25d <JS Global Object>#3#,a=0x427d804d <String[122]\: with ((window && window.console && window.console._commandLineAPI) || {}) {\ngetEventListeners(document.body.children[0])\n}>) {
  // stack-allocated locals
  var c = 0x324080c1 <false>
  var d = 0x427d8471 <JS Function>#12#
  var b = 0x3271b25d <JS Global Object>#3#
  // expression stack (top to bottom)
  [03] : 0x3271b25d <JS Global Object>#3#
--------- s o u r c e   c o d e ---------
function eval(a){?if(!(typeof(a)==='string'))return a;??var b=%GlobalReceiver(global);?var c=(global===b);???????if(c){?throw new $EvalError('The "this" value passed to eval must '+?'be the global object from which eval originated');?}??var d=%CompileString(a);?if(!(%_IsFunction(d)))return d;??return %_CallFunct...

-----------------------------------------
}

[9]: _evaluateOn [0x32408091 <undefined>:450] (this=0x42708129 <JS Object>#4#,evalFunction=0x32714fe5 <JS Function eval>#5#,object=0x3271b25d <JS Global Object>#3#,objectGroup=0x35812271 <String[7]: console>,expression=0x427d804d <String[122]\: with ((window && window.console && window.console._commandLineAPI) || {}) {\ngetEventListeners(document.body.children[0])\n}>,isEvalOnCallFrame=0x324080c1 <false>,injectCommandLineAPI=0x324080b1 <true>) {
  // stack-allocated locals
  var result = 0x32408091 <undefined>
  // expression stack (top to bottom)
  [07] : 0x427d804d <String[122]\: with ((window && window.console && window.console._commandLineAPI) || {}) {\ngetEventListeners(document.body.children[0])\n}>
  [06] : 0x3271b25d <JS Global Object>#3#
--------- s o u r c e   c o d e ---------
function (evalFunction, object, objectGroup, expression, isEvalOnCallFrame, injectCommandLineAPI)?    {?        // Only install command line api object for the time of evaluation.?        // Surround the expression in with statements to inject our command line API so that?        // the window object propert...
-----------------------------------------
}

[10]: _evaluateAndWrap [0x32408091 <undefined>:409] (this=0x42708129 <JS Object>#4#,evalFunction=0x32714fe5 <JS Function eval>#5#,object=0x3271b25d <JS Global Object>#3#,expression=0x427d653d <String[44]: getEventListeners(document.body.children[0])>,objectGroup=0x35812271 <String[7]: console>,isEvalOnCallFrame=0x324080c1 <false>,injectCommandLineAPI=0x324080b1 <true>,returnByValue=0x324080c1 <false>) {
  // expression stack (top to bottom)
  [13] : 0x324080b1 <true>
  [12] : 0x324080c1 <false>
  [11] : 0x427d804d <String[122]\: with ((window && window.console && window.console._commandLineAPI) || {}) {\ngetEventListeners(document.body.children[0])\n}>
  [10] : 0x35812271 <String[7]: console>
  [09] : 0x3271b25d <JS Global Object>#3#
  [08] : 0x32714fe5 <JS Function eval>#5#
  [07] : 0x42708129 <JS Object>#4#
  [06] : 0x42708129 <JS Object>#4#
  [05] : 0x427d6551 <an Object>#13#
--------- s o u r c e   c o d e ---------
function (evalFunction, object, expression, objectGroup, isEvalOnCallFrame, injectCommandLineAPI, returnByValue)?    {?        try {?            return { wasThrown: false,?                     result: this._wrapObject(this._evaluateOn(evalFunction, object, objectGroup, expression, isEvalOnCallFrame, injectCo...

-----------------------------------------
}

[11]: evaluate [0x32408091 <undefined>:345] (this=0x42708129 <JS Object>#4#,expression=0x427d653d <String[44]: getEventListeners(document.body.children[0])>,objectGroup=0x35812271 <String[7]: console>,injectCommandLineAPI=0x324080b1 <true>,returnByValue=0x324080c1 <false>) {
  // expression stack (top to bottom)
  [07] : 0x324080c1 <false>
  [06] : 0x324080b1 <true>
  [05] : 0x324080c1 <false>
  [04] : 0x35812271 <String[7]: console>
  [03] : 0x427d653d <String[44]: getEventListeners(document.body.children[0])>
  [02] : 0x3271b25d <JS Global Object>#3#
  [01] : 0x32714fe5 <JS Function eval>#5#
  [00] : 0x42708129 <JS Object>#4#
--------- s o u r c e   c o d e ---------
function (expression, objectGroup, injectCommandLineAPI, returnByValue)?    {?        return this._evaluateAndWrap(inspectedWindow.eval, inspectedWindow, expression, objectGroup, false, injectCommandLineAPI, returnByValue);?    }
-----------------------------------------
}

==== Key         ============================================

 #0# 0x327a649d: 0x327a649d <a CommandLineAPIImpl>
 #1# 0x427c5889: 0x427c5889 <an HTMLDivElement>
 #2# 0x427d6565: 0x427d6565 <a CommandLineAPI>
                $$: 0x427d6695 <JS Function>#14#
             clear: 0x427d6ea9 <JS Function>#15#
 getEventListeners: 0x427d6f51 <JS Function>#11#
                $x: 0x427d673d <JS Function>#16#
                 $: 0x427d65ed <JS Function>#17#
              copy: 0x427d6e01 <JS Function>#18#
           inspect: 0x427d6d39 <JS Function>#19#
   unmonitorEvents: 0x427d6c91 <JS Function>#20#
              keys: 0x427d6935 <JS Function>#21#
               dir: 0x427d67e5 <JS Function>#22#
           profile: 0x427d6a85 <JS Function>#23#
            dirxml: 0x427d688d <JS Function>#24#
        profileEnd: 0x427d6b2d <JS Function>#25#
                $_: 0x427c5889 <an HTMLDivElement>#1#
            values: 0x427d69dd <JS Function>#26#
     monitorEvents: 0x427d6be9 <JS Function>#27#
 #3# 0x3271b25d: 0x3271b25d <JS Global Object>
 #4# 0x42708129: 0x42708129 <JS Object>
     _objectGroups: 0x327a6485 <an Object>#28#
          _modules: 0x327a6491 <an Object>#29#
_idToWrappedObject: 0x327a646d <an Object>#30#
_commandLineAPIImpl: 0x327a649d <a CommandLineAPIImpl>#0#
_lastBoundObjectId: 20
_idToObjectGroupName: 0x327a6479 <an Object>#31#
       _lastResult: 0x427c5889 <an HTMLDivElement>#1#
 #5# 0x32714fe5: 0x32714fe5 <JS Function eval>
 #6# 0x327922f9: 0x327922f9 <JS Function getEventListeners>
 #7# 0x427082ad: 0x427082ad <an InjectedScriptHost>
 #8# 0x427d84bd: 0x427d84bd <an Arguments>
            length: 1
 #9# 0x427d84d9: 0x427d84d9 <JS Array[2]>
                 0: 0x327b26f9 <JS Function>#10#
                 1: 0x327a649d <a CommandLineAPIImpl>#0#
 #10# 0x327b26f9: 0x327b26f9 <JS Function>
 #11# 0x427d6f51: 0x427d6f51 <JS Function>
            length: 1
 #12# 0x427d8471: 0x427d8471 <JS Function>
 #13# 0x427d6551: 0x427d6551 <an Object>
         wasThrown: 0x324080c1 <false>
            result: 0x32408091 <undefined>
 #14# 0x427d6695: 0x427d6695 <JS Function>
            length: 0
 #15# 0x427d6ea9: 0x427d6ea9 <JS Function>
            length: 0
 #16# 0x427d673d: 0x427d673d <JS Function>
            length: 2
 #17# 0x427d65ed: 0x427d65ed <JS Function>
            length: 0
 #18# 0x427d6e01: 0x427d6e01 <JS Function>
            length: 1
 #19# 0x427d6d39: 0x427d6d39 <JS Function>
            length: 1
 #20# 0x427d6c91: 0x427d6c91 <JS Function>
            length: 2
 #21# 0x427d6935: 0x427d6935 <JS Function>
            length: 1
 #22# 0x427d67e5: 0x427d67e5 <JS Function>
            length: 0
 #23# 0x427d6a85: 0x427d6a85 <JS Function>
            length: 0
 #24# 0x427d688d: 0x427d688d <JS Function>
            length: 0
 #25# 0x427d6b2d: 0x427d6b2d <JS Function>
            length: 0
 #26# 0x427d69dd: 0x427d69dd <JS Function>
            length: 1
 #27# 0x427d6be9: 0x427d6be9 <JS Function>
            length: 2
 #28# 0x327a6485: 0x327a6485 <an Object>
 #29# 0x327a6491: 0x327a6491 <an Object>
 #30# 0x327a646d: 0x327a646d <an Object>
 #31# 0x327a6479: 0x327a6479 <an Object>
=====================

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list