[Webkit-unassigned] [Bug 99356] New: ASSERTION FAILED: offset == invalidOffset || offset < inlineCapacity || isOutOfLineOffset(offset) : void JSC::checkOffset(PropertyOffset, PropertyOffset)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 15 13:08:25 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=99356
Summary: ASSERTION FAILED: offset == invalidOffset || offset <
inlineCapacity || isOutOfLineOffset(offset) : void
JSC::checkOffset(PropertyOffset, PropertyOffset)
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: http://www.tmz.com
OS/Version: Mac OS X 10.8
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rex_4539 at yahoo.com
Created an attachment (id=168766)
--> (https://bugs.webkit.org/attachment.cgi?id=168766&action=review)
Crash log.
r131324
Reproducibility: once
Steps:
http://www.tmz.com
What happened:
Assert failure.
ASSERTION FAILED: offset == invalidOffset || offset < inlineCapacity || isOutOfLineOffset(offset)
/Users/rex/WebKit/Source/JavaScriptCore/runtime/PropertyOffset.h(73) : void JSC::checkOffset(PropertyOffset, PropertyOffset)
1 0x1078319e8 JSC::checkOffset(int, int)
2 0x1078ad599 JSC::validateOffset(int, int)
3 0x1078ad2fe JSC::JSObject::offsetForLocation(JSC::WriteBarrierBase<JSC::Unknown>*) const
4 0x1078aaddb JSC::JSFunction::getOwnPropertySlot(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
5 0x1078aa6e9 JSC::JSFunction::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
6 0x10778dda9 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
7 0x107a26590 llint_slow_path_put_by_id
8 0x107a2f652 llint_op_put_by_id
9 0x10783a9b4 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*)
10 0x107836e0f JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
11 0x10770ef33 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
12 0x1091fbc52 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
13 0x109a07933 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*)
14 0x108bbc2a5 WebCore::Frame::injectUserScriptsForWorld(WebCore::DOMWrapperWorld*, WTF::Vector<WTF::OwnPtr<WebCore::UserScript>, 0ul> const&, WebCore::UserScriptInjectionTime)
15 0x108bbc0a0 WebCore::Frame::injectUserScripts(WebCore::UserScriptInjectionTime)
16 0x108bc8004 WebCore::FrameLoader::finishedParsing()
17 0x1088becf8 WebCore::Document::finishedParsing()
18 0x108db0101 WebCore::HTMLTreeBuilder::finished()
19 0x108ce5adc WebCore::HTMLDocumentParser::end()
20 0x108ce4c1f WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
21 0x108ce4a10 WebCore::HTMLDocumentParser::prepareToStopParsing()
22 0x108ce5b33 WebCore::HTMLDocumentParser::attemptToEnd()
23 0x108ce5b88 WebCore::HTMLDocumentParser::finish()
24 0x10892e078 WebCore::DocumentWriter::end()
25 0x10890a06f WebCore::DocumentLoader::finishedLoading()
26 0x10955851d WebCore::MainResourceLoader::didFinishLoading(double)
27 0x1095576b1 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction, WebCore::ResourceResponse const&)
28 0x109557850 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction)
29 0x10955777b WebCore::MainResourceLoader::callContinueAfterContentPolicy(void*, WebCore::PolicyAction)
30 0x1096ab989 WebCore::PolicyCallback::call(WebCore::PolicyAction)
31 0x1096ac7ad WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction)
Expected result:
No assert failure.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list