[Webkit-unassigned] [Bug 18264] New: Crash in array instance
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 1 16:57:20 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18264
Summary: Crash in array instance
Product: WebKit
Version: 526+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: eric at webkit.org
Crash in array instance
I ran into this while trying to make Safari run out of GDI objects. :) See
test case.
Process: Safari [18170]
Path: /Applications/Safari.app/Contents/MacOS/Safari
Identifier: com.apple.Safari
Version: 3.1 (5525.13)
Build Info: WebBrowser-55251300~1
Code Type: X86 (Native)
Parent Process: launchd [341]
Date/Time: 2008-04-01 16:54:35.691 -0700
OS Version: Mac OS X 10.5.2 (9C31)
Report Version: 6
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000bf7ffffc
Crashed Thread: 0
Thread 0 Crashed:
0 com.apple.JavaScriptCore 0x00340cb2 KJS::ArrayInstance::mark() +
114
1 com.apple.JavaScriptCore 0x0033fd6d KJS::PropertyMap::mark()
const + 221
2 com.apple.JavaScriptCore 0x0033fd6d KJS::PropertyMap::mark()
const + 221
3 com.apple.JavaScriptCore 0x0033fd6d KJS::PropertyMap::mark()
const + 221
4 com.apple.JavaScriptCore 0x0033fd6d KJS::PropertyMap::mark()
const + 221
5 com.apple.JavaScriptCore 0x0033fd6d KJS::PropertyMap::mark()
const + 221
6 com.apple.JavaScriptCore 0x0033fd6d KJS::PropertyMap::mark()
const + 221
.
.
.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list