[Webkit-unassigned] [Bug 19834] New: Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 30 21:03:10 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=19834

           Summary: Failed assertion in
                    JavaScriptCore/VM/SegmentedVector.h:82
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: david.hansen at gmx.net


Just run this little test program:

#include <stdlib.h>
#include <JavaScriptCore/JavaScript.h>

static JSValueRef
jsGet_prop (JSContextRef jsCtx, JSObjectRef jsObj,
            JSStringRef jsName, JSValueRef* jsExn)
{
  return JSValueMakeNumber (jsCtx, 42.0);
}

static bool
jsSet_prop (JSContextRef jsCtx, JSObjectRef jsObj,
            JSStringRef jsName, JSValueRef jsVal, JSValueRef* jsExn)
{
  return true;
}

static JSClassRef
create_class (void)
{
  static const JSStaticValue vals[] =
    {
      { "a", jsGet_prop, jsSet_prop, kJSPropertyAttributeDontDelete },
      { NULL, NULL, NULL, 0 }
    };

  JSClassDefinition cdef = kJSClassDefinitionEmpty;

  cdef.className    = "FooObject";
  cdef.staticValues = vals;

  return JSClassCreate (&cdef);
}

int
main (void)
{
  JSClassRef         jsClass;
  JSGlobalContextRef jsCtx;
  JSStringRef        jsScript;

  jsScript = JSStringCreateWithUTF8CString ("// blah blub!");

  jsClass = create_class ();
  jsCtx   = JSGlobalContextCreate (jsClass);

  /* Boom! */
  JSEvaluateScript (jsCtx, jsScript, NULL, NULL, 0, NULL);

  return EXIT_SUCCESS;
}

/*
  Local Variables:
  compile-command: "gcc -g -ggdb -O0 -W -Wall \
    `pkg-config --cflags --libs webkit-1.0`   \
    jseval.c -o jseval"
  End:
*/


$ ./jseval 
ASSERTION FAILED: index < m_size
(JavaScriptCore/VM/SegmentedVector.h:82 T& KJS::SegmentedVector<T,
SegmentSize>::operator[](size_t) [with T = KJS::RegisterID, unsigned int
SegmentSize = 512u])
segmentation fault


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list