[Webkit-unassigned] [Bug 16909] New: Amazon.com crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 17 12:22:35 PST 2008


           Summary: Amazon.com crash
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: cwzwarich at uwaterloo.ca

Navigate to http://www.amazon.com/ and click on the Amazon logo in the top left
corner. Go back and do it again. Repeating this a small number of times leads
to a crash.

I haven't tested it yet on an old nightly build, but this crash was probably
introduced by the ActivationImp tear-off patch r29425. The address it dies on
is at a small offset from 0, it can happen at a number of places in the code,
and it does not quite happen deterministically, so it looks like a missed GC
mark along the lines of bug 16868 or bug 16871. I'll post a stack trace with a
modified GC that collects after every allocation.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list