[Webkit-unassigned] [Bug 119868] New: REGRESSION: Crash in JSC::getByVal during XHR

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 15 15:15:52 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119868

           Summary: REGRESSION: Crash in JSC::getByVal during XHR
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: Regression
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ggaren at apple.com, oliver at apple.com,
                    barraclough at apple.com, fpizlo at apple.com


Saw this crash while scrolling down on plus.google.com.

Thread 0:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore          0x0000000107b57cb3 JSC::getByVal(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::ReturnAddressPtr) + 147
1   com.apple.JavaScriptCore          0x0000000107b57b09 cti_op_get_by_val + 617
2   ???                               0x00003cbfc65e16c5 0 + 66794364475077
3   com.apple.JavaScriptCore          0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
4   com.apple.JavaScriptCore          0x0000000107b16eff JSC::Interpreter::execute(JSC::CallFrameClosure&) + 287
5   com.apple.JavaScriptCore          0x00000001079dc064 JSC::arrayProtoFuncForEach(JSC::ExecState*) + 1060
6   ???                               0x00003cbfc6401045 0 + 66794362507333
7   com.apple.JavaScriptCore          0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
8   com.apple.JavaScriptCore          0x0000000107b167aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
9   com.apple.JavaScriptCore          0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
10  com.apple.JavaScriptCore          0x0000000107b665be JSC::boundFunctionCall(JSC::ExecState*) + 526
11  ???                               0x00003cbfc6401045 0 + 66794362507333
12  com.apple.JavaScriptCore          0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
13  com.apple.JavaScriptCore          0x0000000107b167aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
14  com.apple.JavaScriptCore          0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
15  com.apple.JavaScriptCore          0x0000000107b665be JSC::boundFunctionCall(JSC::ExecState*) + 526
16  ???                               0x00003cbfc6401045 0 + 66794362507333
17  com.apple.JavaScriptCore          0x0000000107b30a91 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
18  com.apple.JavaScriptCore          0x0000000107b167aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
19  com.apple.JavaScriptCore          0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
20  com.apple.JavaScriptCore          0x0000000107b665be JSC::boundFunctionCall(JSC::ExecState*) + 526
21  com.apple.JavaScriptCore          0x0000000107b167eb JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 715
22  com.apple.JavaScriptCore          0x00000001079fdff5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
23  com.apple.WebCore                 0x0000000108473d5c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 908
24  com.apple.WebCore                 0x00000001081420dc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 364
25  com.apple.WebCore                 0x0000000108141df6 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 390
26  com.apple.WebCore                 0x0000000108141c58 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 88
27  com.apple.WebCore                 0x0000000108b5439f WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 335
28  com.apple.WebCore                 0x0000000108b54418 WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 56
29  com.apple.WebCore                 0x0000000108b4edec WebCore::XMLHttpRequest::callReadyStateChangeListener() + 252
30  com.apple.WebCore                 0x0000000108b52d46 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 358
31  com.apple.WebCore                 0x0000000107ee90cd WebCore::CachedResource::checkNotify() + 93
32  com.apple.WebCore                 0x0000000107ee6052 WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*) + 194
33  com.apple.WebCore                 0x00000001089bf625 WebCore::SubresourceLoader::didFinishLoading(double) + 133
34  com.apple.Foundation              0x00007fff91cc2d88 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
35  com.apple.Foundation              0x00007fff91cc2ccc -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227
36  com.apple.Foundation              0x00007fff91cc2bc8 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63
37  com.apple.CFNetwork               0x00007fff8fcf3091 ___delegate_didFinishLoading_block_invoke_0 + 40
38  com.apple.CFNetwork               0x00007fff8fce554a ___withDelegateAsync_block_invoke_0 + 90
39  com.apple.CFNetwork               0x00007fff8fd75f3a __block_global_1 + 28
40  com.apple.CoreFoundation          0x00007fff8e39d154 CFArrayApplyFunction + 68
41  com.apple.CFNetwork               0x00007fff8fcd62b4 RunloopBlockContext::perform() + 124
42  com.apple.CFNetwork               0x00007fff8fcd618b MultiplexerSource::perform() + 221
43  com.apple.CoreFoundation          0x00007fff8e37eb31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
44  com.apple.CoreFoundation          0x00007fff8e37e455 __CFRunLoopDoSources0 + 245
45  com.apple.CoreFoundation          0x00007fff8e3a17f5 __CFRunLoopRun + 789
46  com.apple.CoreFoundation          0x00007fff8e3a10e2 CFRunLoopRunSpecific + 290
47  com.apple.HIToolbox               0x00007fff8d7e8eb4 RunCurrentEventLoopInMode + 209
48  com.apple.HIToolbox               0x00007fff8d7e8c52 ReceiveNextEventCommon + 356
49  com.apple.HIToolbox               0x00007fff8d7e8ae3 BlockUntilNextEventMatchingListInMode + 62
50  com.apple.AppKit                  0x00007fff90bbb533 _DPSNextEvent + 685
51  com.apple.AppKit                  0x00007fff90bbadf2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
52  com.apple.AppKit                  0x00007fff90bb21a3 -[NSApplication run] + 517
53  com.apple.WebCore                 0x00000001089058f2 WebCore::RunLoop::run() + 82
54  com.apple.WebKit2                 0x000000010761ceb2 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 614
55  com.apple.WebProcess              0x0000000107531e23 main + 337
56  libdyld.dylib                     0x00007fff944237e1 start + 1

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list