[Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer

Thu Aug 1 23:36:00 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=119140

--- Comment #41 from Michael Saboff <msaboff at apple.com>  2013-08-01 23:35:44 PST ---
(In reply to comment #39)
> (In reply to comment #35)
> > Please provide a stack trace for one of the failures and the disassembly of ctiVMThrowTrampolineSlowpath.
> 
> Here is the disassembly:
> 00174628 <ctiVMThrowTrampolineSlowpath>:
>   174628:       4628            mov     r0, r5
>   17462a:       f005 fbcd       bl      179dc8 <cti_vm_throw_slowpath>
>   17462e:       f8dd b05c       ldr.w   fp, [sp, #92]   ; 0x5c
>   174632:       f8dd a058       ldr.w   sl, [sp, #88]   ; 0x58
>   174636:       f8dd 9054       ldr.w   r9, [sp, #84]   ; 0x54
>   17463a:       f8dd 8050       ldr.w   r8, [sp, #80]   ; 0x50
>   17463e:       9f13            ldr     r7, [sp, #76]   ; 0x4c
>   174640:       9e12            ldr     r6, [sp, #72]   ; 0x48
>   174642:       9d11            ldr     r5, [sp, #68]   ; 0x44
>   174644:       9c10            ldr     r4, [sp, #64]   ; 0x40
>   174646:       f8dd e03c       ldr.w   lr, [sp, #60]   ; 0x3c
>   17464a:       b01a            add     sp, #104        ; 0x68
>   17464c:       4708            bx      r1
>   17464e:       bf00            nop

I'm not sure we need to restore from the stack, but we certainly need to move r0 into the callFrameRegister, r5.  I'll have a patch to try in a few minutes.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.