Issue 4526: Crash on expedia.com http://code.google.com/p/chromium/issues/detail?id=4526
New issue report by [EMAIL PROTECTED]: How to replicate: With the latest official build, it can be replicated in a lot of different ways on expedia.com, but this is the steps I use to replicate it most of the time. 1. Go to expedia.com 2. Click on "Vacation Packages" at the top 3. in the middle of the page click on "All-inclusive" 4. On the left side, click on "Destinations" 5. click on "Riviera Maya" on the Mexico map. 6. sort the results by "Star Rating" 7. click on "More lodging info" on the first hit. Stack: 00000000 037aeb28 01fcad01 chrome_10b0000!v8::internal::OS::Abort+0x3 030a5730 0000007f 030a571c chrome_10b0000!V8_Fatal+0x77 037aeb61 116698c8 00000000 chrome_10b0000!v8::internal::Builtin_Illegal [...] 037aece8 00000000 03a33768 chrome_10b0000!v8::internal::Invoke+0xff 037aece8 03a33768 03a33774 chrome_10b0000!v8::internal::Execution::Call 037aed1c 037aeea0 cccccccc chrome_10b0000!v8::Script::Run+0xd1 037aee7c 03a33768 037aef00 chrome_10b0000!WebCore::V8Proxy::RunScript+0x14c 037aeed8 037aeff0 00000000 chrome_10b0000!WebCore::V8Proxy::Evaluate+0x1a3 037aef8c 037aeff0 00000000 chrome_10b0000!WebCore::V8Bridge::evaluate+0xcf chrome_10b0000!WebCore::FrameLoader::executeScript chrome_10b0000!WebCore::FrameLoader::executeScript chrome_10b0000!WebCore::HTMLTokenizer::scriptExecution+0x18a037af194 chrome_10b0000!WebCore::HTMLTokenizer::notifyFinished Chrome_10b0000!WebCore::CachedScript::checkNotify chrome_10b0000!WebCore::CachedScript::data+0x100 chrome_10b0000!WebCore::Loader::didFinishLoading+0xf2 DBG information: # # Fatal error in Z:\dev\src-official\src\v8\src\builtins.cc, line 127 # unreachable code # ==== Stack trace ============================================ 1: arguments adaptor frame: 1->0 Security context: 04203961 <String[22]: http:www.expedia.com:0> 3: baynote_getUrlParamValue(this=0400C76D <JS Global Object>#0#,paramName=04206AC9 <String[4]: qscr>) 4: baynote_getQscrValue(this=0400C76D <JS Global Object>#0#) 5: /* anonymous */(this=0400C76D <JS Global Object>#0#) ==== Details ================================================ [1]: arguments adaptor frame: 1->0 { // actual arguments [00] : 03C87C29 <String[20]: [\?&/]qscr=([^&#/]*)> // not passed to callee } [3]: baynote_getUrlParamValue(this=0400C76D <JS Global Object>#0#,paramName=04206AC9 <String[4]: qscr>) { // stack-allocated locals var match = 041F0135 <undefined> var regex = 041F0135 <undefined> var url = 03C87BB5 <String[88]: http://www.expedia.com/pub/agent.dll? qscr=cmhi&itid=&itdx=&itty=&ecid=&tpst=&thar=&thid=> // expression stack (top to bottom) [05] : 03C87C29 <String[20]: [\?&/]qscr=([^&#/]*)> [04] : 0400C76D <JS Global Object>#0# [03] : 0411748D <JS Function RegExp>#1# --------- s o u r c e c o d e --------- function baynote_getUrlParamValue(paramName) {?? var url = window.location.href;?? var regex = new RegExp("[\\? &\/]"+paramName+"=([^&#\/]*)");?? var match = regex.exec(url);???? if (!match) return "";?? else return match[1];?? } ----------------------------------------- } [4]: baynote_getQscrValue(this=0400C76D <JS Global Object>#0#) { // stack-allocated locals var qscrValue = 041F0135 <undefined> var qsfrValue = 041F0135 <undefined> // expression stack (top to bottom) [02] : 0420F98D <String[24]: baynote_getUrlParamValue> --------- s o u r c e c o d e --------- function baynote_getQscrValue() {???var qscrValue = baynote_getUrlParamValue("qscr");???if (qscrValue) return qscrValue;????? var qsfrValue = baynote_getUrlParamValue("qsfr");???if (qsfrValue) return qsfrValue; ?????return "";??} ----------------------------------------- } [5]: /* anonymous */(this=0400C76D <JS Global Object>#0#) { // stack-allocated locals var .result = 063D58B9 <JS Function toString>#2# // expression stack (top to bottom) [02] : 0420F899 <String[20]: baynote_getQscrValue> [01] : 0420F87D <String[17]: baynote_qscrValue> --------- s o u r c e c o d e --------- // Baynote Observer for Expedia??// 4:12 PM 10/30/2007??// Version 1.7.1??? ?var BN_BASE_URL = "http://www.expedia.com/pub/agent.dll";????// JS StringBuffer??function baynote_StringBuffer() {???this.buffer=[];??}????// Append a string to the current buffer?? baynote_StringBuffer.prototype.append = fun... ----------------------------------------- } ==== Key ============================================ #0# 0400C76D: 0400C76D <JS Global Object> #1# 0411748D: 0411748D <JS Function RegExp> #2# 063D58B9: 063D58B9 <JS Function toString> ===================== (2aac.718): Break instruction exception - code 80000003 (first chance) eax=00000001 ebx=01fcace0 ecx=037aeafc edx=0347c501 esi=116698c8 edi=037aeb61 eip=01f9ae43 esp=037aeb04 ebp=037aeb04 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 *** WARNING: Unable to verify checksum for Z:\dev\src- official\src\chrome\Debug\chrome.dll chrome_10b0000!v8::internal::OS::Abort+0x3: 01f9ae43 cc int 3 Issue attributes: Status: Untriaged Owner: [EMAIL PROTECTED] Labels: Type-Bug Pri-2 OS-All Area-Misc Mstone-1.0 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---