[Webkit-unassigned] [Bug 16920] New: Crash inside garbage collector with simple code
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 17 22:36:47 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16920
Summary: Crash inside garbage collector with simple code
Product: WebKit
Version: 525+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: cam at mcc.id.au
With some simple use of the JSCore API, I get a crash when calling
JSGarbageCollect().
Reduced test case by bdash:
// Put me in test.c
// gcc -o test test.c -framework JavaScriptCore
// Run me against a debug build of JavaScriptCore like so:
// DYLD_FRAMEWORK_PATH=WebKitBuild/Debug
DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib ./test
#include <JavaScriptCore/JavaScriptCore.h>
#include <stdio.h>
void doIt()
{
JSClassDefinition definition = kJSClassDefinitionEmpty;
JSClassRef a, b;
JSGlobalContextRef global;
definition.className = "A";
a = JSClassCreate(&definition);
definition = kJSClassDefinitionEmpty;
definition.className = "B";
definition.parentClass = a;
b = JSClassCreate(&definition);
global = JSGlobalContextCreate(b);
JSGlobalContextRelease(global);
JSClassRelease(b);
JSClassRelease(a);
JSGarbageCollect(NULL);
printf("Done\n");
}
int main(int argc, char **argv)
{
int i;
for (i = 0; i < 1000; i++)
doIt();
return 0;
}
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list