[Webkit-unassigned] [Bug 23635] New: Consecutively reloading Slashdot causes an assertion failure
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 29 21:18:59 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23635
Summary: Consecutively reloading Slashdot causes an assertion
failure
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: cwzwarich at uwaterloo.ca
Consecutively reloading Slashdot causes an assertion failure of the following
form:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x0058e414 in JSC::asObject (value={m_ptr = 0x20896a80}) at JSObject.h:215
215 ASSERT(asCell(value)->isObject());
(gdb) bt
#0 0x0058e414 in JSC::asObject (value={m_ptr = 0x20896a80}) at JSObject.h:215
#1 0x0061a3b3 in JSC::JIT::privateCompileGetByIdChainList (this=0xbfffd69c,
stubInfo=0x1c2401c0, prototypeStructures=0x1c4eb7f0, currentIndex=1,
structure=0x1e6e9ad0, chain=0x1f60ee20, count=2, cachedOffset=4,
callFrame=0x208ed178) at
/Users/Cameron/WebKit/JavaScriptCore/jit/JITPropertyAccess.cpp:540
#2 0x00602657 in JSC::JIT::compileGetByIdChainList (globalData=0x1fd1a400,
callFrame=0x208ed178, codeBlock=0x1f680810, stubInfo=0x1c2401c0,
prototypeStructureList=0x1c4eb7f0, currentIndex=1, structure=0x1e6e9ad0,
chain=0x1f60ee20, count=2, cachedOffset=4) at JIT.h:313
#3 0x005ee107 in JSC::Interpreter::cti_op_get_by_id_proto_list (args=0x0) at
/Users/Cameron/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:4621
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list