[Webkit-unassigned] [Bug 18108] Various KJS functions segfault on GTK build
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 26 15:54:19 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18108
------- Comment #3 from jasper at unix.geek.nz 2008-03-26 15:54 PDT -------
I think the compiler is inlining something into the offending functions, so we
probably only have a problem in one place.
Valgrind reports:
==13224== Conditional jump or move depends on uninitialised value(s)
==13224== at 0x618C7BC:
KJS::Collector::markStackObjectsConservatively(void*, void*)
(collector.cpp:501)
==13224== by 0x618D219: KJS::Collector::markCurrentThreadConservatively()
(collector.cpp:548)
==13224== by 0x6196888: KJS::Collector::collect() (collector.cpp:936)
==13224== by 0x61EC824: void*
KJS::Collector::heapAllocate<(KJS::Collector::HeapType)0>(unsigned long)
(collector.cpp:245)
==13224== by 0x5E81ABA: WebCore::createAnchorWrapper(KJS::ExecState*,
WTF::PassRefPtr<WebCore::HTMLElement>) (JSHTMLElementWrapperFactory.cpp:236)
==13224== by 0x5E82712: WebCore::createJSHTMLWrapper(KJS::ExecState*,
WTF::PassRefPtr<WebCore::HTMLElement>) (JSHTMLElementWrapperFactory.cpp:269)
==13224== by 0x5E86B95: WebCore::toJS(KJS::ExecState*, WebCore::Node*)
(JSNodeCustom.cpp:177)
==13224== by 0x5E0FF66:
WebCore::jsDocumentPrototypeFunctionCreateElement(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (JSNode.h:72)
==13224== by 0x61B4378: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:96)
==13224== by 0x61C9A48: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*)
(nodes.cpp:1500)
==13224== by 0x61C98C3: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*)
(nodes.cpp:1475)
==13224== by 0x61BE2FD: KJS::ExprStatementNode::execute(KJS::ExecState*)
(nodes.cpp:3999)
I don't even pretend to understand the JSCore code fully, but
Collector::markCurrentThreadConservatively seems to call
Collector::markStackObjectsConservatively with a
pointer-to-an-uninitialized-pointer as the first argument...
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list