[Webkit-unassigned] [Bug 70689] Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 24 13:24:45 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=70689
Oliver Hunt <oliver at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
--- Comment #2 from Oliver Hunt <oliver at apple.com> 2011-10-24 13:24:45 PST ---
I believe I've found a lifetime issue, essentially there's a window between codeblock being created and it being bound to its owner executable. Unfortunately during that window we perform codegen which can trigger GC.
With this knowledge it should be trivial to create a repro case, however thus far my attempts have failed :-/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list