[Webkit-unassigned] [Bug 113090] New: Web Inspector: Page crash in ScriptPreprocessor if content scripts are present
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 22 12:19:23 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=113090
Summary: Web Inspector: Page crash in ScriptPreprocessor if
content scripts are present
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: johnjbarton at chromium.org
CC: keishi at webkit.org, pmuellr at yahoo.com,
pfeldman at chromium.org, yurys at chromium.org,
apavlov at chromium.org, loislo at chromium.org,
vsevik at chromium.org,
web-inspector-bugs at googlegroups.com
Regarding ScriptPreprocessor see also bug 111889 Bug 80992 and Bug 104384 Bug 112926
When the script preprocessor is active and we have Chrome extensions with content scripts, we crash.
Here is some tracing output. First we enter the preprocessor code, then, in V8 we print the script just before the onBeforeCompile() call, using:
--------------------
script->Print(stdout);
// Notify debugger
isolate->debugger()->OnBeforeCompile(script);
printf("----- return from OnBeforeCompile -----\n");
-----------------
Notice that we are recursing, we are in the onBeforeCompile event for the preprocessor itself. The crash occurs because we are trying to lookup the World for the utility context set up for the preprocessor, see v8/bindings/V8Binding.cpp
WrapperWorldType worldTypeInMainThread(v8::Isolate* isolate)
{
if (!DOMWrapperWorld::isolatedWorldsExist())
return MainWorld;
ASSERT(!v8::Context::GetEntered().IsEmpty());
DOMWrapperWorld* isolatedWorld = DOMWrapperWorld::isolatedWorld(v8::Context::GetEntered());
if (isolatedWorld)
return IsolatedWorld;
return MainWorld;
}
In particular, without content scripts we'll take the first return and never call DOMWrapperWorld::isolatedWorld().
ERROR: setScriptPreprocessor: ------------------------------ preprocessor clear ------------------------------
../../third_party/WebKit/Source/WebCore/bindings/v8/ScriptDebugServer.cpp(405) : void WebCore::ScriptDebugServer::setScriptPreprocessor(const WTF::String&, WebCore::DOMWindow*)
0x256b47cdc089: [Script]
- source: 0x2ba751f04101 <Very long string[876129]>
- name: 0x2ba751fd9f81 <String[23]: $preprocessingScript.js>
- line_offset: 0
- column_offset: 0
- type: 2
- id: 67
- data: 0x258114804121 <undefined>
- context data: 0x258114804121 <undefined>
- wrapper: 0x25229152fb51 <Foreign>
- compilation type: 0
- line ends: 0x258114804121 <undefined>
- eval from shared: 0x258114804121 <undefined>
- eval from instructions offset: 0
ASSERTION FAILED: contextHasCorrectPrototype(context)
../../third_party/WebKit/Source/WebCore/bindings/v8/DOMWrapperWorld.h(67) : static WebCore::DOMWrapperWorld* WebCore::DOMWrapperWorld::isolatedWorld(v8::Handle<v8::Context>)
1 0x7f8898b7c62f
2 0x7f8898bc99ae
3 0x7f8898b98586
4 0x7f8898b99313
5 0x7f8898ba7c8e
6 0x7f8898ba7b56
7 0x7f889aa3b4b1
8 0x7f889aa3b3f7
9 0x7f889aa3b2c7
10 0x7f889aa3acaf
11 0x7f889aa25bfd
12 0x7f889aa2663d
13 0x7f889a9ce7bb
14 0x7f889a9ceab4
15 0x7f8898baa70f
16 0x7f8898ba7436
17 0x7f8898e563de
18 0x7f8898df1d79
19 0x7f8898e96b36
20 0x7f8898e94c29
21 0x7f8898e94b1a
22 0x7f8898e88a21
23 0x7f8898e6af34
24 0x7f88979bdc55
25 0x7f8897a31ebe
26 0x7f8898e6ad73
27 0x7f8898e6b674
28 0x7f8898ea857e
29 0x7f8898ed4425
30 0x7f8898ebad0d
31 0x7f8898ebaad3
Received signal 11 SEGV_MAPERR 0000bbadbeef
[0x7f8897cb43e8] base::debug::StackTrace::StackTrace()
[0x7f8897cb3cef] base::debug::(anonymous namespace)::StackDumpSignalHandler()
[0x7f8892145cb0] <unknown>
[0x7f8898b7c639] WebCore::DOMWrapperWorld::isolatedWorld()
[0x7f8898bc99ae] WebCore::worldTypeInMainThread()
[0x7f8898b98586] WebCore::retrieveFrameWithGlobalObjectCheck()
[0x7f8898b99313] WebCore::PageScriptDebugServer::getDebugListenerForContext()
[0x7f8898ba7c8e] WebCore::ScriptDebugServer::handleV8DebugEvent()
[0x7f8898ba7b56] WebCore::ScriptDebugServer::v8DebugEventCallback()
[0x7f889aa3b4b1] v8::internal::Debugger::CallCEventCallback()
[0x7f889aa3b3f7] v8::internal::Debugger::CallEventCallback()
[0x7f889aa3b2c7] v8::internal::Debugger::ProcessDebugEvent()
[0x7f889aa3acaf] v8::internal::Debugger::OnBeforeCompile()
[0x7f889aa25bfd] v8::internal::MakeFunctionInfo()
[0x7f889aa2663d] v8::internal::Compiler::Compile()
[0x7f889a9ce7bb] v8::Script::New()
[0x7f889a9ceab4] v8::Script::Compile()
[0x7f8898baa70f] WebCore::ScriptDebugServer::ScriptPreprocessor::ScriptPreprocessor()
[0x7f8898ba7436] WebCore::ScriptDebugServer::setScriptPreprocessor()
[0x7f8898e563de] WebCore::PageDebuggerAgent::didClearMainFrameWindowObject()
[0x7f8898df1d79] WebCore::InspectorInstrumentation::didClearWindowObjectInWorldImpl()
[0x7f8898e96b36] WebCore::InspectorInstrumentation::didClearWindowObjectInWorld()
[0x7f8898e94c29] WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld()
[0x7f8898e94b1a] WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds()
[0x7f8898e88a21] WebCore::FrameLoader::receivedFirstData()
[0x7f8898e6af34] WebCore::DocumentLoader::commitData()
[0x7f88979bdc55] WebKit::WebFrameImpl::commitDocumentData()
[0x7f8897a31ebe] WebKit::FrameLoaderClientImpl::committedLoad()
[0x7f8898e6ad73] WebCore::DocumentLoader::commitLoad()
[0x7f8898e6b674] WebCore::DocumentLoader::receivedData()
[0x7f8898ea857e] WebCore::MainResourceLoader::dataReceived()
[0x7f8898ed4425] WebCore::CachedRawResource::data()
[0x7f8898ebad0d] WebCore::SubresourceLoader::sendDataToResource()
[0x7f8898ebaad3] WebCore::SubresourceLoader::didReceiveDataOrBuffer()
[0x7f8898eba80b] WebCore::SubresourceLoader::didReceiveData()
[0x7f8898eb624f] WebCore::ResourceLoader::didReceiveData()
[0x7f889a8a084c] WebCore::ResourceHandleInternal::didReceiveData()
[0x7f889b1b9718] webkit_glue::WebURLLoaderImpl::Context::OnReceivedData()
[0x7f889984316c] content::ResourceDispatcher::OnReceivedData()
[0x7f8899846143] ResourceMsg_DataReceived::Dispatch<>()
[0x7f889984444c] content::ResourceDispatcher::DispatchMessage()
[0x7f8899842951] content::ResourceDispatcher::OnMessageReceived()
[0x7f8899747931] content::ChildThread::OnMessageReceived()
[0x7f889766d125] IPC::ChannelProxy::Context::OnDispatchMessage()
[0x7f8897670812] base::internal::RunnableAdapter<>::Run()
[0x7f88976702f0] base::internal::InvokeHelper<>::MakeItSo()
[0x7f889766fbba] base::internal::Invoker<>::Run()
[0x7f8896bbb7a5] base::Callback<>::Run()
[0x7f8897ce49c7] MessageLoop::RunTask()
[0x7f8897ce4ade] MessageLoop::DeferOrRunPendingTask()
[0x7f8897ce5345] MessageLoop::DoWork()
[0x7f8897cece0a] base::MessagePumpDefault::Run()
[0x7f8897ce45cf] MessageLoop::RunInternal()
[0x7f8897ce448a] MessageLoop::RunHandler()
[0x7f8897d0c270] base::RunLoop::Run()
[0x7f8897ce3dc2] MessageLoop::Run()
[0x7f889a06ee92] content::RendererMain()
[0x7f889a0098c5] content::RunZygote()
[0x7f889a009ae6] content::RunNamedProcessTypeMain()
[0x7f889a00a8f8] content::ContentMainRunnerImpl::Run()
[0x7f889a009043] content::ContentMain()
[0x7f8896b3694d] ChromeMain
r8: 00007f88962fd980 r9: 00007f88963422d0 r10: 000000000601fa4d r11: 0000000000000000
r12: 000001e148156020 r13: 00007fff43ad3980 r14: 0000000000000000 r15: 0000000000000000
di: 0000000000000000 si: 00000000efcdab90 bp: 00007fff43acf090 bx: 000001e14814d0e0
dx: 00007f889050daa0 ax: 00000000bbadbeef cx: 00007f889023991d sp: 00007fff43acf020
ip: 00007f8898b7c639 efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000006
trp: 000000000000000e msk: 0000000000000000 cr2: 00000000bbadbeef
[27709:27723:0322/120735:WARNING:crl_set_fetcher.cc(182)] Failed to parse delta CRL set
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list