[Webkit-unassigned] [Bug 41454] Crash in JSC::JSValue::operator bool when loading postimees.ee
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 8 08:38:17 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=41454
--- Comment #24 from Oliver Hunt <oliver at apple.com> 2010-10-08 08:38:16 PST ---
That patch is really wrong (it essentially elides the stack overflow protection in the vm.
I believe we understand this bug, but haven't yet determined the correct fix, can you try commenting out the lines:
// Shrink the JS stack, in case stack overflow made it huge.
m_registerFile.shrink(callFrame->registers() + callFrame->codeBlock()->m_numCalleeRegisters);
in Interpreter.cpp -- it's around line 644 (i have a large patch in my tree so i can't guarantee exact line number)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list