[Webkit-unassigned] [Bug 20911] REGRESSION: Reproducible assertion failure below derefStructureIDs 64-bit JavaScriptCore
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 18 01:27:29 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20911
mrowe at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oliver at apple.com
------- Comment #1 from mrowe at apple.com 2008-09-18 01:27 PDT -------
Code inside CodeGenerator::emitResolve is doing:
instructions().append(0);
This appends an Instruction with "operand" set to zero, which leaves the high
bits of the Instruction unset. This causes a comparison with 0 to fail when we
access the value via the "structureID" member of the union, as the high bits of
the value contain non-zero data.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list