[Webkit-unassigned] [Bug 113735] New: Web Inspector: Inspector crashes in Debug build when paused inside sort function

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 1 17:21:00 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=113735

           Summary: Web Inspector: Inspector crashes in Debug build when
                    paused inside sort function
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: prybin at chromium.org
                CC: keishi at webkit.org, pmuellr at yahoo.com,
                    pfeldman at chromium.org, yurys at chromium.org,
                    apavlov at chromium.org, loislo at chromium.org,
                    vsevik at chromium.org,
                    web-inspector-bugs at googlegroups.com


Compile debug build of Chrome.
Open inspector of any page and pause on any line.
Open inspector for inspector.
Make a step in the first inspector.

Problem: first inspector crashes with the following statcktrace:

#
# Fatal error in v8/src/objects.cc, line 84
# CHECK(IsJSObject()) failed
#

==== C stack trace ===============================

 1: ??
 2: ??
 3: ??
 4: ??
 5: ??

==== JS stack trace =========================================

Security context: 0xd84d9c642e9 <JS Object>#0#
    1: new constructor(aka FrameDetails) [native mirror.js:1374] (this=0x33637de76b01 <a FrameDetails>#1#,a=59,b=2)
    3: new constructor(aka FrameMirror) [native mirror.js:1524] (this=0x33637de76ac9 <a FrameMirror>#2#,a=59,b=2)
    5: frame [native debug.js:970] (this=0x33637de60f19 <an ExecutionState>#3#,a=2)
    6: currentCallFrame [0x215b59104121 <undefined>:209] (this=0xd84d9cee7f1 <an Object>#4#,execState=0x33637de60f19 <an ExecutionState>#3#,args=0x215b59104121 <undefined>)
    7: arguments adaptor frame: 1->2
Security context: 0x3a90d5d292a1 <String[26]: chrome-devtools://devtools>
   12: /* anonymous */ [chrome-devtools://devtools/ObjectPropertiesSection.js:132] (this=0x215b5915cef9 <JS Global Object>#5#,propertyA=0x33637de606b9 <JS Object>#6#,propertyB=0x33637de4dd61 <JS Object>#7#)
   13: InsertionSort(aka InsertionSort) [native array.js:773] (this=0x215b59104121 <undefined>,g=0x33637de60439 <JS Array[2]>#8#,h=0,i=2)
   14: QuickSort(aka QuickSort) [native array.js:802] (this=0x215b59104121 <undefined>,g=0x33637de60439 <JS Array[2]>#8#,h=0,i=2)
   15: sort [native array.js:1025] (this=0x33637de60439 <JS Array[2]>#8#,a=0x3f706c11e611 <JS Function>#9#)
   16: populateWithProperties [chrome-devtools://devtools/ObjectPropertiesSection.js:475] (this=0x3f706c11e679 <JS Function>#10#,treeElement=0x33637de4ebd9 <a TreeOutline>#11#,properties=0x33637de60439 <JS Array[2]>#8#,internalProperties=0x215b59104121 <undefined>,treeElementConstructor=0x1263e6b230d9 <JS Function>#12#,comparator=0x3f706c11e611 <JS Function>#9#,skipProto=0x215b59104181 <false>,value=0x33637de4e101 <JS Object>#13#)
   17: updateProperties [chrome-devtools://devtools/ObjectPropertiesSection.js:111] (this=0x33637de4e151 <JS Object>#14#,properties=0x33637de60439 <JS Array[2]>#8#,internalProp:

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list