[Webkit-unassigned] [Bug 82402] New: Crash in WebKit!WKBackForwardListItemGetTypeID+0x3f72a.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 27 17:25:37 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=82402

           Summary: Crash in
                    WebKit!WKBackForwardListItemGetTypeID+0x3f72a.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: netfuzzer at gmail.com


Tested on Windows 7 SP1
Apple Safari 5.1.5

Reproduce:
1. Open poc.html.
2. Wait...
3. See the crash.

Stacktrace
===================
(ff4.17f4): Access violation - code c0000005 (!!! second chance !!!)
eax=7feabbb0 ebx=7ff46c00 ecx=00000001 edx=7ff0bc70 esi=00000000 edi=7feabaa8
eip=557c645a esp=0012e6c8 ebp=0012eb78 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Safari\Apple Application Support\WebKit.dll - 
WebKit!WKBackForwardListItemGetTypeID+0x3f72a:
557c645a 837e3000        cmp     dword ptr [esi+30h],0 ds:0023:00000030=????????
0:000> .exr -1
ExceptionAddress: 557c645a (WebKit!WKBackForwardListItemGetTypeID+0x0003f72a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000030
Attempt to read from address 00000030
0:000> .lastevent
Last event: ff4.17f4: Access violation - code c0000005 (!!! second chance !!!)
  debugger time: Tue Mar 27 20:26:13.722 2012 (UTC - 3:00)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Safari\Apple Application Support\JavaScriptCore.dll - 
0:000> k
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0012eb78 55a95056 WebKit!WKBackForwardListItemGetTypeID+0x3f72a
0012eb94 55a8438d WebKit!DllRegisterServer+0x7acc6
0012ebe8 559bfc34 WebKit!DllRegisterServer+0x69ffd
0012ec1c 556fe322 WebKit!WKArrayGetTypeID+0x1f8be4
0012ec60 5571219f WebKit!SetWebLocalizedStringMainBundle+0x20bb2
0012eca8 559c14d8 WebKit!WKDictionaryGetTypeID+0x1b9f
0012ecd4 558eea40 WebKit!WKArrayGetTypeID+0x1fa488
0012ed00 559b2826 WebKit!WKArrayGetTypeID+0x1279f0
0012ed40 558bceac WebKit!WKArrayGetTypeID+0x1eb7d6
0012ed70 558ccbec WebKit!WKArrayGetTypeID+0xf5e5c
0012eda0 558e399c WebKit!WKArrayGetTypeID+0x105b9c
0012edd0 59b14aad WebKit!WKArrayGetTypeID+0x11c94c
0012edf8 59b153cf JavaScriptCore!JSObjectSetProperty+0x3ca
0012ee88 59a607c9 JavaScriptCore!JSObjectSetProperty+0xcec
0012eea4 59ac69d8 JavaScriptCore!JSC::JSGlobalObject::~JSGlobalObject+0x99
0012eeb0 59ab4788 JavaScriptCore!JSC::Interpreter::retrieveCallerFromVMCode+0x4f1
0012eeb4 59ab48b1 JavaScriptCore!WTF::deleteOwnedPtr+0x29288
0012eee4 59a6496a JavaScriptCore!WTF::deleteOwnedPtr+0x293b1
0012ef18 55674ca4 JavaScriptCore!JSC::call+0x3a
0012f03c 5572c027 WebKit!WKPluginSiteDataManagerGetTypeID+0x2edd4
0012f068 5572bf38 WebKit!WKDictionaryGetTypeID+0x1ba27
0012f098 5586b2b0 WebKit!WKDictionaryGetTypeID+0x1b938
0012f0c8 5586b350 WebKit!WKArrayGetTypeID+0xa4260
0012f0d8 5586b0af WebKit!WKArrayGetTypeID+0xa4300
00000000 00000000 WebKit!WKArrayGetTypeID+0xa405f

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list