[Webkit-unassigned] [Bug 24857] New: Crash in Heap::isNumber when running testapi on Windows
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 26 14:19:21 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=24857
Summary: Crash in Heap::isNumber when running testapi on Windows
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
CC: ggaren at apple.com, oliver at apple.com,
cwzwarich at uwaterloo.ca
OtherBugsDependingO 24856
nThis:
To reproduce:
1. cd WebKitBuild/bin
2. ./testapi.exe
You'll crash in Heap::isNumber. Here's the backtrace:
> testapi_debug.exe!JSC::Heap::isNumber(JSC::JSCell * cell=0x00e666e8) Line 261 + 0xe bytes C++
testapi_debug.exe!JSC::JSCell::isNumber() Line 129 + 0x9 bytes C++
testapi_debug.exe!JSC::isNumberCell(JSC::JSValuePtr v={...}) Line 113
+ 0x1e bytes C++
testapi_debug.exe!JSC::JSValuePtr::isDoubleNumber() Line 208 + 0x14
bytes C++
testapi_debug.exe!JSC::JSValuePtr::getNumber(double &
result=-9.2559631349317831e+061) Line 407 + 0x8 bytes C++
testapi_debug.exe!JSC::JSCallbackObject<JSC::JSObject>::toNumber(JSC::ExecState
* exec=0x01060490) Line 411 + 0x1b bytes C++
testapi_debug.exe!JSC::JSValuePtr::toNumber(JSC::ExecState *
exec=0x01060490) Line 261 + 0x58 bytes C++
testapi_debug.exe!JSC::JITStubs::cti_op_mul(void * * args=0x0012f8ac)
Line 801 + 0xc bytes C++
testapi_debug.exe!JSC::JITStubs::cti_op_convert_this() + 0xff bytes
C++
testapi_debug.exe!JSC::JITCode::execute(JSC::RegisterFile *
registerFile=0x00e10800, JSC::ExecState * callFrame=0x01060490,
JSC::JSGlobalData * globalData=0x00e0cfb0, JSC::JSValuePtr *
exception=0x0012faa4) Line 86 + 0x21 bytes C++
testapi_debug.exe!JSC::Interpreter::execute(JSC::EvalNode *
evalNode=0x00e64a00, JSC::ExecState * callFrame=0x01060408, JSC::JSObject *
thisObj=0x01460000, int globalRegisterOffset=146, JSC::ScopeChainNode *
scopeChain=0x00e657d0, JSC::JSValuePtr * exception=0x0012faa4) Line 781 + 0x36
bytes C++
testapi_debug.exe!JSC::Interpreter::callEval(JSC::ExecState *
callFrame=0x01060408, JSC::RegisterFile * registerFile=0x00e10800,
JSC::Register * argv=0x01060440, int argc=2, int registerOffset=17,
JSC::JSValuePtr & exceptionValue={...}) Line 343 + 0x5f bytes C++
testapi_debug.exe!JSC::JITStubs::cti_op_call_eval(void * *
args=0x0012fb00) Line 1806 C++
testapi_debug.exe!JSC::JITStubs::cti_op_convert_this() + 0xff bytes
C++
testapi_debug.exe!JSC::JITCode::execute(JSC::RegisterFile *
registerFile=0x00e10800, JSC::ExecState * callFrame=0x01060048,
JSC::JSGlobalData * globalData=0x00e0cfb0, JSC::JSValuePtr *
exception=0x0012fc20) Line 86 + 0x21 bytes C++
testapi_debug.exe!JSC::Interpreter::execute(JSC::ProgramNode *
programNode=0x00e3f940, JSC::ExecState * callFrame=0x00e1095c,
JSC::ScopeChainNode * scopeChain=0x00e10ae8, JSC::JSObject *
thisObj=0x01460000, JSC::JSValuePtr * exception=0x0012fc20) Line 623 + 0x2d
bytes C++
testapi_debug.exe!JSC::evaluate(JSC::ExecState * exec=0x00e1095c,
JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode & source={...},
JSC::JSValuePtr thisValue={...}) Line 69 C++
testapi_debug.exe!JSEvaluateScript(const OpaqueJSContext *
ctx=0x00e1095c, OpaqueJSString * script=0x00e31210, OpaqueJSValue *
thisObject=0x00000000, OpaqueJSString * sourceURL=0x00000000, int
startingLineNumber=1, const OpaqueJSValue * * exception=0x0012fe84) Line 54 +
0x3c bytes C++
testapi_debug.exe!main(int argc=1, char * * argv=0x00e0a9a8) Line 1122
+ 0x1f bytes C++
testapi_debug.exe!__tmainCRTStartup() Line 597 + 0x19 bytes C
testapi_debug.exe!mainCRTStartup() Line 414 C
kernel32.dll!_BaseProcessStart at 4() + 0x23 bytes
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list