[Webkit-unassigned] [Bug 102353] New: JSC's Bytecode dumping option causes segfault.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 15 01:37:38 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=102353

           Summary: JSC's Bytecode dumping option causes segfault.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: gaborb at inf.u-szeged.hu


Crash info:

114 m_instructions; 912 bytes at 0xea66f0 (GlobalCode); 1 parameter(s); 11 callee register(s); 0 variable(s)
Program received signal SIGSEGV, Segmentation fault.
0x0000000000480a12 in JSC::SharedSymbolTable::captureCount (this=0x0) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/runtime/SymbolTable.h:373
373             int captureCount() { return m_captureEnd - m_captureStart; }
(gdb) bt 5
#0  0x0000000000480a12 in JSC::SharedSymbolTable::captureCount (this=0x0) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/runtime/SymbolTable.h:373
#1  0x0000000000470a11 in JSC::CodeBlock::dump (this=0xea66f0, exec=0x7ffff7f7f388) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:495
#2  0x0000000000479b10 in JSC::CodeBlock::CodeBlock (this=0xea66f0, ownerExecutable=0x7ffff7f9ae00, unlinkedCodeBlock=0x7ffff7e5fd80, globalObject=0x7ffff7f7f180, 
    baseScopeDepth=0, sourceProvider=..., sourceOffset=0, alternative=...) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:1881
#3  0x0000000000717e86 in JSC::GlobalCodeBlock::GlobalCodeBlock (this=0xea66f0, ownerExecutable=0x7ffff7f9ae00, unlinkedCodeBlock=0x7ffff7e5fd80, globalObject=0x7ffff7f7f180, 
    baseScopeDepth=0, sourceProvider=..., sourceOffset=0, alternative=...) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/bytecode/CodeBlock.h:1414
#4  0x0000000000717f91 in JSC::ProgramCodeBlock::ProgramCodeBlock (this=0xea66f0, ownerExecutable=0x7ffff7f9ae00, unlinkedCodeBlock=0x7ffff7e5fd80, globalObject=0x7ffff7f7f180, 
    sourceProvider=..., alternative=...) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/bytecode/CodeBlock.h:1427
(More stack frames follow...)
(gdb) fr 1
#1  0x0000000000470a11 in JSC::CodeBlock::dump (this=0xea66f0, exec=0x7ffff7f7f388) at /home/ximinez/work/webkit/webkit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:495
495         if (symbolTable()->captureCount())
(gdb) p symbolTable()
$2 = (JSC::SharedSymbolTable *) 0x0

It looks like that the symbolTable() function returns a null pointer.
I have the same crash on x86_64 and on ARM too.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list