Issue 4526: Crash on expedia.com
http://code.google.com/p/chromium/issues/detail?id=4526
New issue report by [EMAIL PROTECTED]:
How to replicate:
With the latest official build, it can be replicated in a lot of different
ways on expedia.com, but this is the steps I use to replicate it most of
the time.
1. Go to expedia.com
2. Click on "Vacation Packages" at the top
3. in the middle of the page click on "All-inclusive"
4. On the left side, click on "Destinations"
5. click on "Riviera Maya" on the Mexico map.
6. sort the results by "Star Rating"
7. click on "More lodging info" on the first hit.
Stack:
00000000 037aeb28 01fcad01 chrome_10b0000!v8::internal::OS::Abort+0x3
030a5730 0000007f 030a571c chrome_10b0000!V8_Fatal+0x77
037aeb61 116698c8 00000000 chrome_10b0000!v8::internal::Builtin_Illegal
[...]
037aece8 00000000 03a33768 chrome_10b0000!v8::internal::Invoke+0xff
037aece8 03a33768 03a33774 chrome_10b0000!v8::internal::Execution::Call
037aed1c 037aeea0 cccccccc chrome_10b0000!v8::Script::Run+0xd1
037aee7c 03a33768 037aef00 chrome_10b0000!WebCore::V8Proxy::RunScript+0x14c
037aeed8 037aeff0 00000000 chrome_10b0000!WebCore::V8Proxy::Evaluate+0x1a3
037aef8c 037aeff0 00000000 chrome_10b0000!WebCore::V8Bridge::evaluate+0xcf
chrome_10b0000!WebCore::FrameLoader::executeScript
chrome_10b0000!WebCore::FrameLoader::executeScript
chrome_10b0000!WebCore::HTMLTokenizer::scriptExecution+0x18a037af194
chrome_10b0000!WebCore::HTMLTokenizer::notifyFinished
Chrome_10b0000!WebCore::CachedScript::checkNotify
chrome_10b0000!WebCore::CachedScript::data+0x100
chrome_10b0000!WebCore::Loader::didFinishLoading+0xf2
DBG information:
#
# Fatal error in Z:\dev\src-official\src\v8\src\builtins.cc, line 127
# unreachable code
#
==== Stack trace ============================================
1: arguments adaptor frame: 1->0
Security context: 04203961 <String[22]: http:www.expedia.com:0>
3: baynote_getUrlParamValue(this=0400C76D <JS Global
Object>#0#,paramName=04206AC9 <String[4]: qscr>)
4: baynote_getQscrValue(this=0400C76D <JS Global Object>#0#)
5: /* anonymous */(this=0400C76D <JS Global Object>#0#)
==== Details ================================================
[1]: arguments adaptor frame: 1->0 {
// actual arguments
[00] : 03C87C29 <String[20]: [\?&/]qscr=([^&#/]*)> // not passed to
callee
}
[3]: baynote_getUrlParamValue(this=0400C76D <JS Global
Object>#0#,paramName=04206AC9 <String[4]: qscr>) {
// stack-allocated locals
var match = 041F0135 <undefined>
var regex = 041F0135 <undefined>
var url = 03C87BB5 <String[88]: http://www.expedia.com/pub/agent.dll?
qscr=cmhi&itid=&itdx=&itty=&ecid=&tpst=&thar=&thid=>
// expression stack (top to bottom)
[05] : 03C87C29 <String[20]: [\?&/]qscr=([^&#/]*)>
[04] : 0400C76D <JS Global Object>#0#
[03] : 0411748D <JS Function RegExp>#1#
--------- s o u r c e c o d e ---------
function baynote_getUrlParamValue(paramName) {?? var url =
window.location.href;?? var regex = new RegExp("[\\?
&\/]"+paramName+"=([^&#\/]*)");?? var match = regex.exec(url);???? if
(!match) return "";?? else return match[1];?? }
-----------------------------------------
}
[4]: baynote_getQscrValue(this=0400C76D <JS Global Object>#0#) {
// stack-allocated locals
var qscrValue = 041F0135 <undefined>
var qsfrValue = 041F0135 <undefined>
// expression stack (top to bottom)
[02] : 0420F98D <String[24]: baynote_getUrlParamValue>
--------- s o u r c e c o d e ---------
function baynote_getQscrValue() {???var qscrValue =
baynote_getUrlParamValue("qscr");???if (qscrValue) return qscrValue;?????
var qsfrValue = baynote_getUrlParamValue("qsfr");???if (qsfrValue) return
qsfrValue; ?????return "";??}
-----------------------------------------
}
[5]: /* anonymous */(this=0400C76D <JS Global Object>#0#) {
// stack-allocated locals
var .result = 063D58B9 <JS Function toString>#2#
// expression stack (top to bottom)
[02] : 0420F899 <String[20]: baynote_getQscrValue>
[01] : 0420F87D <String[17]: baynote_qscrValue>
--------- s o u r c e c o d e ---------
// Baynote Observer for Expedia??// 4:12 PM 10/30/2007??// Version 1.7.1???
?var BN_BASE_URL = "http://www.expedia.com/pub/agent.dll";????// JS
StringBuffer??function baynote_StringBuffer() {???this.buffer=[];??}????//
Append a string to the current buffer??
baynote_StringBuffer.prototype.append = fun...
-----------------------------------------
}
==== Key ============================================
#0# 0400C76D: 0400C76D <JS Global Object>
#1# 0411748D: 0411748D <JS Function RegExp>
#2# 063D58B9: 063D58B9 <JS Function toString>
=====================
(2aac.718): Break instruction exception - code 80000003 (first chance)
eax=00000001 ebx=01fcace0 ecx=037aeafc edx=0347c501 esi=116698c8
edi=037aeb61
eip=01f9ae43 esp=037aeb04 ebp=037aeb04 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
*** WARNING: Unable to verify checksum for Z:\dev\src-
official\src\chrome\Debug\chrome.dll
chrome_10b0000!v8::internal::OS::Abort+0x3:
01f9ae43 cc int 3
Issue attributes:
Status: Untriaged
Owner: [EMAIL PROTECTED]
Labels: Type-Bug Pri-2 OS-All Area-Misc Mstone-1.0
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to chromium-bugs@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
