[Webkit-unassigned] [Bug 127508] REGRESSION: crash when evaluating JavaScript expression in breakpoint action
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 24 19:01:42 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127508
--- Comment #5 from Mark Lam <mark.lam at apple.com> 2014-01-24 18:59:10 PST ---
I've reproduced the issue. There 2 issues at play here:
1. When I enter the expression "e" into the "Evaluate Script" text box, I see auto completion which suggested that "else" as the text that I might want to enter. I click outside the text box, and this rejects the auto complete suggestion as far as what is shown to me.
However, later on, when I press a key and trigger the breakpoint, the expression gets passed to DebuggerCallFrame::evaluateWithCallFrame() to be evaluated. There, I see that the script string passed in is "else", not "e". That means the inspector UI lied when it told me that the script to eval is "e".
Given this bad script, …
2. DebuggerCallFrame::evaluateWithCallFrame() fails to create an executable for it. An exception is thrown. However, DebuggerCallFrame::evaluateWithCallFrame() clears the exception in the VM, and proceeds to attempt to execute the null executable. This results in a crash.
I've filed <https://webkit.org/b/127600> to track the second issue. I'll leave this bug to track the Inspector UI issue.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list