[Webkit-unassigned] [Bug 128051] New: Crash in WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 1 14:17:44 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=128051
Summary: Crash in
WebCore::ScriptController::shouldBypassMainWorldConten
tSecurityPolicy()
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: https://www.google.com/maps/preview/
OS/Version: Mac OS X 10.9
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rex_4539 at yahoo.com
Created an attachment (id=222891)
--> (https://bugs.webkit.org/attachment.cgi?id=222891&action=review)
Crash log
r163227
Reproducibility: always
Steps:
1. https://www.google.com/maps/preview/
2. Type something in search box.
3. Click on any of the suggested results.
What happened:
3. Crash.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000111a5f8a9 WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy() + 41
1 com.apple.WebCore 0x000000011101ac8f WebCore::CachedResourceLoader::canRequest(WebCore::CachedResource::Type, WebCore::URL const&, WebCore::ResourceLoaderOptions const&, bool) + 95
2 com.apple.WebCore 0x000000011101b0c8 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 360
3 com.apple.WebCore 0x000000011101abf8 WebCore::CachedResourceLoader::requestImage(WebCore::CachedResourceRequest&) + 328
4 com.apple.WebCore 0x00000001110c426c WebCore::CSSImageValue::cachedImage(WebCore::CachedResourceLoader*, WebCore::ResourceLoaderOptions const&) + 540
5 com.apple.WebCore 0x0000000111b0154b WebCore::StyleResolver::loadPendingImage(WebCore::StylePendingImage*, WebCore::ResourceLoaderOptions const&) + 91
6 com.apple.WebCore 0x0000000111b01a56 WebCore::StyleResolver::loadPendingImages() + 870
7 com.apple.WebCore 0x0000000111af6f5f WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) + 1951
8 com.apple.WebCore 0x0000000111af4cfb WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) + 1083
9 com.apple.WebCore 0x000000011124afdb WebCore::Element::styleForRenderer() + 107
10 com.apple.WebCore 0x0000000111041c5f WebCore::Style::attachRenderTree(WebCore::Element&, WTF::PassRefPtr<WebCore::RenderStyle>) + 495
11 com.apple.WebCore 0x0000000111042251 WebCore::Style::attachChildren(WebCore::ContainerNode&) + 321
12 com.apple.WebCore 0x0000000111042052 WebCore::Style::attachRenderTree(WebCore::Element&, WTF::PassRefPtr<WebCore::RenderStyle>) + 1506
13 com.apple.WebCore 0x0000000111040e4b WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 523
14 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
15 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
16 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
17 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
18 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
19 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
20 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
21 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
22 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
23 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
24 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
25 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
26 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
27 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
28 com.apple.WebCore 0x00000001110413c9 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1929
29 com.apple.WebCore 0x0000000111040c26 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 278
30 com.apple.WebCore 0x000000011118e60b WebCore::Document::recalcStyle(WebCore::Style::Change) + 235
31 com.apple.WebCore 0x000000011118b773 WebCore::Document::updateStyleIfNeeded() + 147
32 com.apple.WebCore 0x000000011118c23e WebCore::Document::updateLayout() + 126
33 com.apple.WebCore 0x000000011118ec76 WebCore::Document::updateLayoutIgnorePendingStylesheets() + 262
34 com.apple.WebCore 0x0000000111247e66 WebCore::Element::offsetHeight() + 22
35 com.apple.WebCore 0x00000001115aa0ee WebCore::jsElementOffsetHeight(JSC::ExecState*, long long, long long, JSC::PropertyName) + 110
36 ??? 0x000022fe6fb0e27a 0 + 38476190900858
37 com.apple.JavaScriptCore 0x0000000110c75006 llint_op_call + 132
38 ??? 0x000000011de536c0 0 + 4796528320
39 com.apple.JavaScriptCore 0x0000000110c708dc callToJavaScript + 321
40 ??? 0x0000000119cef000 0 + 4727959552
41 com.apple.JavaScriptCore 0x0000000110b868b3 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 35
42 com.apple.JavaScriptCore 0x0000000110b629f7 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 439
43 com.apple.JavaScriptCore 0x0000000110a035be JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
44 com.apple.JavaScriptCore 0x0000000110bdb5d1 JSC::boundFunctionCall(JSC::ExecState*) + 577
45 com.apple.JavaScriptCore 0x0000000110c70a84 callToNativeFunction + 327
46 ??? 000000000000000000 0 + 0
47 com.apple.JavaScriptCore 0x0000000110b62a34 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 500
48 com.apple.JavaScriptCore 0x0000000110a035be JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
49 com.apple.WebCore 0x0000000111a58f92 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 466
50 com.apple.WebCore 0x0000000111a58c42 WebCore::ScheduledAction::execute(WebCore::Document*) + 146
51 com.apple.WebCore 0x0000000111207e10 WebCore::DOMTimer::fired() + 304
52 com.apple.WebCore 0x0000000111bf51bf WebCore::ThreadTimers::sharedTimerFiredInternal() + 175
53 com.apple.WebCore 0x0000000111aa961a WebCore::timerFired(__CFRunLoopTimer*, void*) + 58
54 com.apple.CoreFoundation 0x00007fff8fa69564 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
55 com.apple.CoreFoundation 0x00007fff8fa6909f __CFRunLoopDoTimer + 1151
56 com.apple.CoreFoundation 0x00007fff8fada5aa __CFRunLoopDoTimers + 298
57 com.apple.CoreFoundation 0x00007fff8fa248e5 __CFRunLoopRun + 1525
58 com.apple.CoreFoundation 0x00007fff8fa240b5 CFRunLoopRunSpecific + 309
59 com.apple.HIToolbox 0x00007fff91ef1a0d RunCurrentEventLoopInMode + 226
60 com.apple.HIToolbox 0x00007fff91ef17b7 ReceiveNextEventCommon + 479
61 com.apple.HIToolbox 0x00007fff91ef15bc _BlockUntilNextEventMatchingListInModeWithFilter + 65
62 com.apple.AppKit 0x00007fff8ce7a3de _DPSNextEvent + 1434
63 com.apple.AppKit 0x00007fff8ce79a2b -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
64 com.apple.AppKit 0x00007fff8ce6db2c -[NSApplication run] + 553
65 com.apple.AppKit 0x00007fff8ce58913 NSApplicationMain + 940
66 com.apple.XPCService 0x00007fff95a26c0f _xpc_main + 385
67 libxpc.dylib 0x00007fff8b8f7bde xpc_main + 399
68 com.apple.WebKit.WebContent.Development 0x000000010d3b26a0 main + 16
69 libdyld.dylib 0x00007fff91cd95fd start + 1
Expected result:
3. Webkit does not crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list