[Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 1 23:36:00 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #41 from Michael Saboff <msaboff at apple.com> 2013-08-01 23:35:44 PST ---
(In reply to comment #39)
> (In reply to comment #35)
> > Please provide a stack trace for one of the failures and the disassembly of ctiVMThrowTrampolineSlowpath.
>
> Here is the disassembly:
> 00174628 <ctiVMThrowTrampolineSlowpath>:
> 174628: 4628 mov r0, r5
> 17462a: f005 fbcd bl 179dc8 <cti_vm_throw_slowpath>
> 17462e: f8dd b05c ldr.w fp, [sp, #92] ; 0x5c
> 174632: f8dd a058 ldr.w sl, [sp, #88] ; 0x58
> 174636: f8dd 9054 ldr.w r9, [sp, #84] ; 0x54
> 17463a: f8dd 8050 ldr.w r8, [sp, #80] ; 0x50
> 17463e: 9f13 ldr r7, [sp, #76] ; 0x4c
> 174640: 9e12 ldr r6, [sp, #72] ; 0x48
> 174642: 9d11 ldr r5, [sp, #68] ; 0x44
> 174644: 9c10 ldr r4, [sp, #64] ; 0x40
> 174646: f8dd e03c ldr.w lr, [sp, #60] ; 0x3c
> 17464a: b01a add sp, #104 ; 0x68
> 17464c: 4708 bx r1
> 17464e: bf00 nop
I'm not sure we need to restore from the stack, but we certainly need to move r0 into the callFrameRegister, r5. I'll have a patch to try in a few minutes.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list