[Webkit-unassigned] [Bug 23078] New: [jsfunfuzz] crash in exceptions thrown in exceptions in eval in with

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 2 08:56:59 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=23078

           Summary: [jsfunfuzz] crash in exceptions thrown in exceptions in
                    eval in with
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: NeedsRadar
          Severity: Normal
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: oliver at apple.com
OtherBugsDependingO 13638
             nThis:


Reduced case
(function(){with({}) eval("try { unknown; } catch(x) { unknown; }")})()

#0  0x004af39d in JSC::ScopeChainNode::globalObject (this=0x911f90) at
JSGlobalObject.h:331
#1  0x004af3e3 in JSC::ExecState::lexicalGlobalObject (this=0xa100b0) at
interpreter/CallFrame.h:53
#2  0x004b6160 in JSC::ExecState::dynamicGlobalObject (this=0xa100b0) at
JSGlobalObject.h:350
#3  0x0050c2a8 in JSC::Interpreter::throwException (this=0x1009e00,
callFrame=@0xbffff46c, exceptionValue=@0xbffff468, bytecodeOffset=13,
explicitThrow=false) at
/Volumes/Data/WebKit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:826
#4  0x0050c5b4 in JSC::Interpreter::cti_vm_throw (args=0x0) at
/Volumes/Data/WebKit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:6056
#5  0x004ff8e2 in JSC::Interpreter::retrieveCaller () at
/Volumes/Data/WebKit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:4007
#6  0x00520158 in JSC::JIT::execute (code=0x481a0, registerFile=0x1009e34,
callFrame=0xa10048, globalData=0x1009800, exception=0xbffff5c0) at JIT.h:350
#7  0x00507115 in JSC::Interpreter::execute (this=0x1009e00,
programNode=0x911f20, callFrame=0x90d3e4, scopeChain=0x90d540, thisObj=0x50000,
exception=0xbffff5c0) at
/Volumes/Data/WebKit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:910
#8  0x0048f7b4 in JSC::evaluate (exec=0x90d3e4, scopeChain=@0x90d3a0,
source=@0xbffff64c, thisValue=0x0) at Completion.cpp:67
#9  0x00002a10 in runWithScripts (globalObject=0x50000, fileNames=@0xbffff6bc,
dump=false) at /Volumes/Data/WebKit/OpenSource/JavaScriptCore/jsc.cpp:336
#10 0x00003a8b in jscmain (argc=2, argv=0xbffff744, globalData=0x1009800) at
/Volumes/Data/WebKit/OpenSource/JavaScriptCore/jsc.cpp:459
#11 0x00003b2b in main (argc=2, argv=0xbffff744) at
/Volumes/Data/WebKit/OpenSource/JavaScriptCore/jsc.cpp:300


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list