[v8-dev] Issue 131 in v8: Crash at bluefly.com in api.cc, ThrowException

codesite-noreply Mon, 27 Oct 2008 22:19:47 -0700

Issue 131: Crash at bluefly.com in api.cc, ThrowException
http://code.google.com/p/v8/issues/detail?id=131


New issue report by [EMAIL PROTECTED]:
[Hey, sent to me by my sister. I am not a fahionista. :)]

Found in Google Chrome 154.8, V8 0.3.5.2.

To repro:
1. http://www.bluefly.com/Kashmere-royal-blue-cashmere-fingerless-
gloves/cat510064/300373203/detail.fly
2. Click zoom below the lower right corner of the image.

Ooooov, surt.

WinDbg sez:
PRIMARY_PROBLEM_CLASS:  NULL_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_NULL_POINTER_READ

LAST_CONTROL_TRANSFER:  from 011a1def to 015b975a

STACK_TEXT:
00c9fa00 011a1def 00c9fa34 00000000 023c8cf8
chrome_1000000!v8::ThrowException+0x3a [c:\b\slave\chrome-official-
2\build\src\v8\src\api.cc @ 233]
00c9fa4c 011ce3e8 011ce36f 00c9fb8c 00c9faa0
chrome_1000000!WebCore::V8Proxy::SetDOMException+0x256 [c:\b\slave\chrome-
official-2\build\src\webkit\port\bindings\v8\v8_proxy.cpp @ 1768]
00c9fa64 015ec7b8 00c9fa88 00000008 00000002
chrome_1000000!WebCore::NodeInternal::removeChildCallback+0x79
[c:\b\slave\chrome-official-
2\build\src\chrome\release\obj\v8bindings\derivedsources\v8node.cpp @ 254]
00c9fb60 00d1f7e0 017fe384 018e016c 00000002
chrome_1000000!v8::internal::Builtin_HandleApiCall+0x1d8
[c:\b\slave\chrome-official-2\build\src\v8\src\builtins.cc @ 381]
WARNING: Frame IP not in any known module. Following frames may be wrong.
00c9fb6c 00000000 00c9fb8c 00000000 00c9fb70 0xd1f7e0


FOLLOWUP_IP:
chrome_1000000!v8::ThrowException+3a [c:\b\slave\chrome-official-
2\build\src\v8\src\api.cc @ 233]
015b975a 8b08            mov     ecx,dword ptr [eax]

FAULTING_SOURCE_CODE:
No source found for 'c:\b\slave\chrome-official-2\build\src\v8\src\api.cc'

Manually lifted:
231 v8::Handle<Value> ThrowException(v8::Handle<v8::Value> value) {
232   if (IsDeadCheck("v8::ThrowException()")) return v8::Handle<Value>();
233   i::Top::ScheduleThrow(*Utils::OpenHandle(*value));  <-- crash
234   return v8::Undefined();
235 }

Not sure if this is in the engine or the bindings. The crash is
reproducible by zooming any product image on the site.


Issue attributes:
        Status: Accepted
        Owner: [EMAIL PROTECTED]
        CC: [EMAIL PROTECTED],  [EMAIL PROTECTED],  [EMAIL PROTECTED]
        Labels: Type-Bug Priority-High

-- 
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---

[v8-dev] Issue 131 in v8: Crash at bluefly.com in api.cc, ThrowException

Reply via email to