[Webkit-unassigned] [Bug 25785] Segfault in mark when using JSObjectMakeConstructor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 14 03:06:47 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=25785
------- Comment #3 from mrowe at apple.com 2009-05-14 03:06 PDT -------
Created an attachment (id=30326)
--> (https://bugs.webkit.org/attachment.cgi?id=30326&action=view)
Further reduction
I hit the following assertion in a debug build:
0x000bb760 in JSC::JSObject::putDirect (this=0x4a1260, propertyName=@0x5047e8,
value={m_ptr = 0x0}, attributes=14, checkReadOnly=false, slot=@0xbffff6e0) at
JSObject.h:389
389 ASSERT(!Heap::heap(value) || Heap::heap(value) ==
Heap::heap(this));
This attached file is all that is necessary to reproduce the assertion failure,
which is likely to be the root cause of this crash during GC.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list