[Webkit-unassigned] [Bug 26390] New: WebKitGtk+/JavaScriptCore segfault on a specific page when built with gcc 4.4

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jun 14 14:28:39 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=26390

           Summary: WebKitGtk+/JavaScriptCore segfault on a specific page
                    when built with gcc 4.4
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: bunk at stusta.de
                CC: gns at gnome.org


- Liferea 1.6 or Midori 0.1.7
- WebKitGtk+ 1.1.9 built with the gcc/g++ 4.4.0-6 from Debian unstable (works
when built with gcc 4.3)
- go to
http://freakonomics.blogs.nytimes.com/2008/08/19/are-the-fbis-probabilities-about-dna-matches-crazy/

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ff936e747f0 (LWP 4418)]
JSC::RegExp::match (this=0x7ff924d3dd80, s=@0x7fff7ed16ff0, startOffset=0, 
    ovector=0x4) at ../JavaScriptCore/wtf/OwnArrayPtr.h:55
55              void safeDelete() { typedef char known[sizeof(T) ? 1 : -1]; if
(sizeof(known)) delete [] m_ptr; }
Current language:  auto; currently c++
(gdb) bt
#0  JSC::RegExp::match (this=0x7ff924d3dd80, s=@0x7fff7ed16ff0, startOffset=0, 
    ovector=0x4) at ../JavaScriptCore/wtf/OwnArrayPtr.h:55
#1  0x00007ff932d0de0e in JSC::RegExpConstructor::performMatch (
    this=0x7ff926be1b00, r=0x7ff924d3dd80, s=@0x7fff7ed16ff0, startOffset=22, 
    position=@0x7ff926905660, length=@0x6, ovector=0x0)
    at ../JavaScriptCore/runtime/RegExpConstructor.cpp:125
#2  0x00007ff932d5b225 in JSC::RegExpObject::match (this=0x7ff924a090c0, 
    exec=<value optimized out>, args=<value optimized out>)
    at ../JavaScriptCore/runtime/RegExpObject.cpp:147
#3  0x00007ff932d5b409 in JSC::RegExpObject::test (this=0x7ff924a9bc90, 
    exec=0x17, args=@0x16) at ../JavaScriptCore/runtime/RegExpObject.cpp:112
#4  0x00007ff932d5b48c in regExpProtoFuncTest (exec=0x7ff924f65718, thisValue=
      {m_ptr = 0x7ff924a090c0}, args=@0x7ff926905660)
    at ../JavaScriptCore/runtime/RegExpPrototype.cpp:63
#5  0x00007ff936db42f4 in ?? ()
#6  0x00007ff924f656d0 in ?? ()
#7  0x0000000000000001 in ?? ()
#8  0x0000000000000000 in ?? ()


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list