[Webkit-unassigned] [Bug 98593] New: Crash in WTF::Float32Array::set(unsigned int, double)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 6 02:15:00 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=98593
Summary: Crash in WTF::Float32Array::set(unsigned int, double)
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: https://maps.google.com/maps?vector=1
OS/Version: Mac OS X 10.8
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rex_4539 at yahoo.com
Created an attachment (id=167450)
--> (https://bugs.webkit.org/attachment.cgi?id=167450&action=review)
Crash log.
r130578
Reproducibility: once
Steps:
1. https://maps.google.com/maps?vector=1
2. Moved the map around with the mouse.
What happened:
2. Crash.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000107b66753 WTF::Float32Array::set(unsigned int, double) + 83 (Float32Array.h:52)
1 com.apple.WebCore 0x0000000107b649b6 WebCore::JSFloat32Array::indexSetter(JSC::ExecState*, unsigned int, JSC::JSValue) + 70 (JSFloat32Array.cpp:100)
2 com.apple.WebCore 0x0000000107b64d73 WebCore::JSFloat32Array::putByIndex(JSC::JSCell*, JSC::ExecState*, unsigned int, JSC::JSValue, bool) + 275 (JSFloat32Array.cpp:240)
3 com.apple.JavaScriptCore 0x00000001062fa374 cti_op_put_by_val + 420 (JITStubs.cpp:2524)
4 com.apple.JavaScriptCore 0x00000001062ff880 0x1060f8000 + 2128000
5 com.apple.JavaScriptCore 0x00000001062c5da4 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134)
6 com.apple.JavaScriptCore 0x00000001062c2b32 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1746 (Interpreter.cpp:961)
7 com.apple.JavaScriptCore 0x000000010616db42 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39)
8 com.apple.JavaScriptCore 0x00000001063157c7 JSC::boundFunctionCall(JSC::ExecState*) + 647 (JSBoundFunction.cpp:56)
9 com.apple.JavaScriptCore 0x00000001062c2dea JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 2442 (Interpreter.cpp:988)
10 com.apple.JavaScriptCore 0x000000010616db42 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39)
11 com.apple.WebCore 0x0000000107a0ca02 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56)
12 com.apple.WebCore 0x0000000107a0c6c5 WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 741 (JSCallbackData.cpp:78)
13 com.apple.WebCore 0x0000000107a0c3ca WebCore::JSCallbackData::invokeCallback(JSC::MarkedArgumentBuffer&, bool*) + 154 (JSCallbackData.cpp:48)
14 com.apple.WebCore 0x0000000107ce1dfd WebCore::JSRequestAnimationFrameCallback::handleEvent(unsigned long long) + 189 (JSRequestAnimationFrameCallbackCustom.cpp:49)
15 com.apple.WebCore 0x000000010844cb6e WebCore::ScriptedAnimationController::serviceScriptedAnimations(unsigned long long) + 302 (ScriptedAnimationController.cpp:129)
16 com.apple.WebCore 0x000000010844d1bf WebCore::ScriptedAnimationController::displayRefreshFired(double) + 47 (ScriptedAnimationController.h:90)
17 com.apple.WebCore 0x0000000107309dfc WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded(double) + 60 (DisplayRefreshMonitor.cpp:53)
18 com.apple.WebCore 0x0000000107309fd2 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 226 (DisplayRefreshMonitor.cpp:112)
19 com.apple.WebCore 0x0000000107309edd WebCore::DisplayRefreshMonitor::handleDisplayRefreshedNotificationOnMainThread(void*) + 29 (DisplayRefreshMonitor.cpp:75)
20 com.apple.JavaScriptCore 0x000000010653612a WTF::dispatchFunctionsFromMainThread() + 298 (MainThread.cpp:157)
21 com.apple.JavaScriptCore 0x0000000106538bf5 -[JSWTFMainThreadCaller call] + 21 (MainThreadMac.mm:49)
22 com.apple.Foundation 0x00007fff88921677 __NSThreadPerformPerform + 225
23 com.apple.CoreFoundation 0x00007fff8b12b101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
24 com.apple.CoreFoundation 0x00007fff8b12aaed __CFRunLoopDoSources0 + 445
25 com.apple.CoreFoundation 0x00007fff8b14ddc5 __CFRunLoopRun + 789
26 com.apple.CoreFoundation 0x00007fff8b14d6b2 CFRunLoopRunSpecific + 290
27 com.apple.HIToolbox 0x00007fff934420a4 RunCurrentEventLoopInMode + 209
28 com.apple.HIToolbox 0x00007fff93441e42 ReceiveNextEventCommon + 356
29 com.apple.HIToolbox 0x00007fff93441cd3 BlockUntilNextEventMatchingListInMode + 62
30 com.apple.AppKit 0x00007fff91908613 _DPSNextEvent + 685
31 com.apple.AppKit 0x00007fff91907ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
32 com.apple.AppKit 0x00007fff918ff283 -[NSApplication run] + 517
33 com.apple.WebCore 0x000000010841baac WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37)
34 com.apple.WebKit2 0x00000001053ba88a WebKit::WebProcessMain(WebKit::CommandLine const&) + 4458 (WebProcessMainMac.mm:190)
35 com.apple.WebKit2 0x00000001052c6d78 WebKitMain(WebKit::CommandLine const&) + 200 (WebKitMain.cpp:50)
36 com.apple.WebKit2 0x00000001052c6c89 WebKitMain + 153 (WebKitMain.cpp:74)
37 com.apple.WebProcess 0x000000010506fda2 main + 274 (MainMacProcess.cpp:68)
38 libdyld.dylib 0x00007fff881c47e1 start + 1
Expected result:
2. WebKit does not crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list