[Webkit-unassigned] [Bug 98596] [GTK] Crash in JSC::checkOffset, originating from LLInt

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 8 01:05:53 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=98596


Christophe Dumez <christophe.dumez at intel.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |christophe.dumez at intel.com




--- Comment #2 from Christophe Dumez <christophe.dumez at intel.com>  2012-10-08 01:06:25 PST ---
We have the same intermittent crashes on EFL port for:
fast/workers/worker-replace-global-constructor.html
fast/scrolling/scrollable-area-frame.html
fast/scrolling/scrollable-area-frame-inherited-visibility-hidden.html
fast/table/padding-height-and-override-height.html
(And probably others)

Backtrace:
crash log for WebProcess (pid <unknown>):
STDOUT: <empty>
STDERR: ASSERTION FAILED: offset == invalidOffset || offset < inlineCapacity || isOutOfLineOffset(offset)
STDERR: /home/buildslave-1/webkit-buildslave/efl-linux-64-debug-wk2/build/Source/JavaScriptCore/runtime/PropertyOffset.h(73) : void JSC::checkOffset(JSC::PropertyOffset, JSC::PropertyOffset)
STDERR: 1   0x7fea6a4bed92 JSC::checkOffset(int, int)
STDERR: 2   0x7fea64aff92e JSC::validateOffset(int, int)
STDERR: 3   0x7fea64affae2 JSC::JSObject::offsetForLocation(JSC::WriteBarrierBase<JSC::Unknown>*) const
STDERR: 4   0x7fea64b4460d JSC::setUpStaticFunctionSlot(JSC::ExecState*, JSC::HashEntry const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)
STDERR: 5   0x7fea64b6b23c bool JSC::getStaticFunctionSlot<JSC::StringObject>(JSC::ExecState*, JSC::HashTable const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)
STDERR: 6   0x7fea64b63460 JSC::StringPrototype::getOwnPropertySlot(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
STDERR: 7   0x7fea64b30ad2 JSC::JSString::getOwnPropertySlot(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
STDERR: 8   0x7fea6da069db JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
STDERR: 9   0x7fea6a4d0742 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const
STDERR: 10  0x7fea64bb8fcd
STDERR: 11  0x7fea64bc2a00
STDERR: LEAK: 1 WebPageProxy
STDERR: LEAK: 1 WebContext

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list