[Webkit-unassigned] [Bug 68220] New: REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences using Domino's online ordering
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 15 22:18:22 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68220
Summary: REGRESSION: Reproducible crash below
SlotVisitor::harvestWeakReferences using Domino's
online ordering
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: http://express.dominos.com/order/olo.jsp
OS/Version: Mac OS X 10.7
Status: NEW
Keywords: Regression
Severity: Normal
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mrowe at apple.com
CC: fpizlo at apple.com
When using Domino's online ordering system it's relatively easy to hit the following crash:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x00007fff91b0d4aa in JSC::SlotVisitor::harvestWeakReferences (this=0x1029e7c28) at JavaScriptCore/heap/MarkStack.cpp:146
146 current->visitWeakReferences(*this);
(gdb) bt
#0 0x00007fff91b0d4aa in JSC::SlotVisitor::harvestWeakReferences (this=0x1029e7c28) at JavaScriptCore/heap/MarkStack.cpp:146
#1 0x00007fff9199d0cc in JSC::Heap::markRoots (this=0x1029e78b0) at JavaScriptCore/heap/Heap.cpp:589
Previous frame inner to this frame (gdb could not unwind past this frame)
I can hit it relatively reliably in a production build of tip of tree by doing:
1) Visit <http://express.dominos.com/order/olo.jsp> and enter my address.
2) Click on Sides & Desserts.
3) Click on Build Your Order below New Boneless Chicken.
4) Picking any size, then click Next.
5) Wait for a few moments.
If you don't crash at this point, try editing the various text fields that are offered to you for a few moments.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list