[Webkit-unassigned] [Bug 16909] New: Amazon.com crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 17 12:22:35 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16909
Summary: Amazon.com crash
Product: WebKit
Version: 525+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: cwzwarich at uwaterloo.ca
Navigate to http://www.amazon.com/ and click on the Amazon logo in the top left
corner. Go back and do it again. Repeating this a small number of times leads
to a crash.
I haven't tested it yet on an old nightly build, but this crash was probably
introduced by the ActivationImp tear-off patch r29425. The address it dies on
is at a small offset from 0, it can happen at a number of places in the code,
and it does not quite happen deterministically, so it looks like a missed GC
mark along the lines of bug 16868 or bug 16871. I'll post a stack trace with a
modified GC that collects after every allocation.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list