[Webkit-unassigned] [Bug 121982] New: A mutation observer triggered in a method which throws an exception will cause an ASSERT.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 26 14:34:16 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=121982

           Summary: A mutation observer triggered in a method which throws
                    an exception will cause an ASSERT.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jer.noble at apple.com


Triggering a mutation observer then, in the same stack frame, throwing an exception will cause an ASSERT when the mutation observers are triggered.  The ASSERTion is testing (!vm->hasException()), and since the exception thrown in the event handler has not yet been cleared, the ASSERT is triggered.

0   com.apple.JavaScriptCore          0x00000001101a565a WTFCrash + 42 (Assertions.cpp:342)
1   com.apple.JavaScriptCore          0x000000010fecfbfc JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 124 (Interpreter.cpp:903)
2   com.apple.JavaScriptCore          0x000000010fc4540e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 (CallData.cpp:39)
3   com.apple.WebCore                 0x0000000111accd8b WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 91 (JSMainThreadExecState.h:53)
4   com.apple.WebCore                 0x0000000111d2fa16 WebCore::JSMutationCallback::call(WTF::Vector<WTF::RefPtr<WebCore::MutationRecord>, 0ul, WTF::CrashOnOverflow> const&, WebCore::MutationObserver*) + 694 (JSMutationCallback.cpp:90)
5   com.apple.WebCore                 0x00000001120f0ec2 WebCore::MutationObserver::deliver() + 514 (MutationObserver.cpp:207)
6   com.apple.WebCore                 0x00000001120f1152 WebCore::MutationObserver::deliverAllMutations() + 594 (MutationObserver.cpp:237)
7   com.apple.WebCore                 0x0000000111d07b6e WebCore::JSMainThreadExecState::didLeaveScriptContext() + 14 (JSMainThreadExecState.cpp:47)
8   com.apple.WebCore                 0x0000000111acceef WebCore::JSMainThreadExecState::~JSMainThreadExecState() + 159 (JSMainThreadExecState.h:82)
9   com.apple.WebCore                 0x0000000111acce45 WebCore::JSMainThreadExecState::~JSMainThreadExecState() + 21 (JSMainThreadExecState.h:82)
10  com.apple.WebCore                 0x0000000111accd9f WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 111 (JSMainThreadExecState.h:54)
11  com.apple.WebCore                 0x0000000111c0463f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1199 (JSEventListener.cpp:132)
12  com.apple.WebCore                 0x000000011157e682 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 498 (EventTarget.cpp:278)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list