[Webkit-unassigned] [Bug 40875] segfault from invalid write in JSC::JIT::unlinkCall
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 14 03:37:46 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=40875
--- Comment #7 from xxx <webkit at dpinol.com> 2011-04-14 03:37:46 PST ---
In my case, reported at https://bugs.webkit.org/show_bug.cgi?id=48840, I cannot reproduce the crash on a webkit without jit.
I get this on my webkit 533.3, but I'm not sure if it's useful
thanks
==12385== Conditional jump or move depends on uninitialised value(s)
==12385== at 0x6AAB1CE: WebCore::jsString(JSC::ExecState*, WebCore::String const&) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x6AE93D7: WebCore::jsHTMLElementId(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x76074AE: JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x75F5015: JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag, JSC::RegisterFile*, JSC::ExecState*, JSC::JSValue*) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x76059DC: JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x7634C2C: JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x760F78D: JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x6E47AD9: WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x6E48326: WebCore::ScheduledAction::execute(WebCore::Document*) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x6E4845A: WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x7153BD9: WebCore::DOMTimer::fired() (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== by 0x7210CF8: WebCore::ThreadTimers::sharedTimerFiredInternal() (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
==12385== Uninitialised value was created by a stack allocation
==12385== at 0x7674D66: JSC::jsAddSlowCase(JSC::ExecState*, JSC::JSValue, JSC::JSValue) (in /opt/qtsdk-4.72-webkit-no-jit/lib/libQtWebKit.so.4.7.2)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list