[Webkit-unassigned] [Bug 21135] New: Trap in inspector autocomplete in debug builds

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=21135

           Summary: Trap in inspector autocomplete in debug builds
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: oliver at apple.com
                CC: mjs at apple.com, timothy at hatcher.name, ggaren at apple.com,
                    cwzwarich at uwaterloo.ca


This appears to be a js issue, but  *could* be native code passing bad data to
a jitted function

Anyhoo, to reproduce:
1. Open the inspector console
2. type 'xhr = new XMLHttpRequest; xhr.open("GET", "#foo")'<enter>
3. type 'xhr.'<tab> (note the '.')

At this point we hit a generated trap, in this code:
0x6db994a:      and    $0x34,%al
0x6db994c:      cmpl   $0x0,0x8(%ecx)
0x6db9953:      je     0x6db995a
0x6db9959:      int3   
0x6db995a:      test   %eax,%eax
0x6db995c:      je     0x6db996a
0x6db9962:      mov    %eax,0x8(%edi)
0x6db9965:      jmp    0x6db9865
0x6db996a:      mov    0x0(%edi),%eax
0x6db996d:      test   $0x3,%eax


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.