[Webkit-unassigned] [Bug 119860] New: Crash during exception unwinding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 15 13:37:15 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119860
Summary: Crash during exception unwinding
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: oliver at apple.com
Friendly test case:
function g() {
(eval("-7") = 0);
}
for (;;) try { g() } catch(e) {}
1 0x10b9c4680 WTFCrash
2 0x10b74402f JSC::JSActivation* JSC::jsCast<JSC::JSActivation*>(JSC::JSValue)
3 0x10b73f190 JSC::Interpreter::unwindCallFrame(JSC::StackIterator&, JSC::JSValue)
4 0x10b740362 JSC::Interpreter::throwException(JSC::ExecState*&, JSC::JSValue&, unsigned int)
5 0x10b76124f JSC::genericThrow(JSC::VM*, JSC::ExecState*, JSC::JSValue, unsigned int)
6 0x10b7614a6 JSC::jitThrow(JSC::VM*, JSC::ExecState*, JSC::JSValue, JSC::ReturnAddressPtr)
7 0x10b782146 cti_vm_throw
8 0x10b7830c0 jscGeneratedNativeCode
9 0x10b75eb07 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*)
10 0x10b741cc9 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
11 0x10b5486f1 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
12 0x10b40b167 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow> const&, bool)
13 0x10b40a85c jscmain(int, char**)
14 0x10b40a6be main
15 0x7fff8def75fd start
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list