[Webkit-unassigned] [Bug 71227] New: REGRESION (r97118): Reproducible crash in JSCell::toPrimitive when adding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 31 10:47:21 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=71227
Summary: REGRESION (r97118): Reproducible crash in
JSCell::toPrimitive when adding
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://webmop.de/app/context.html
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ap at webkit.org
CC: barraclough at apple.com, fpizlo at apple.com
Steps to reproduce: open http://webmop.de/app/context.html
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x000000010afc5c34 JSC::JSCell::toPrimitive(JSC::ExecState*, JSC::PreferredPrimitiveType) const + 4
1 com.apple.JavaScriptCore 0x000000010af022cd JSC::jsAddSlowCase(JSC::ExecState*, JSC::JSValue, JSC::JSValue) + 941
2 com.apple.JavaScriptCore 0x000000010ae966e9 cti_op_add + 121
3 ??? 0x00004cbbf7f54454 0 + 84370202641492
4 com.apple.JavaScriptCore 0x000000010ae37128 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1112
5 com.apple.JavaScriptCore 0x000000010ae36cbd JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 45
<rdar://problem/10306791>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list