[Webkit-unassigned] [Bug 119395] JavaScript crash.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 1 08:45:52 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119395
Geoffrey Garen <ggaren at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207921|review? |review-
Flag| |
--- Comment #2 from Geoffrey Garen <ggaren at apple.com> 2013-08-01 08:45:37 PST ---
(From update of attachment 207921)
Can you provide a test case for this?
I don't think checking isEmpty() here is right. Generally, JSValue() is not a valid value to use in the JIT or to pass to a runtime function. It's like a null pointer.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list