[Webkit-unassigned] [Bug 119141] REGRESSION(FTL?): Crashes in plugin tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 26 12:32:44 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=119141





--- Comment #6 from Zan Dobersek <zandobersek at gmail.com>  2013-07-26 12:32:33 PST ---
Was actually just debugging this.

In WebCore::createScriptCallStack(JSC::ExecState*s, size_t), the call frame stack consists only of the console.log frame (i.e. 'log@[native code]'). However, this frame is stepped over in the for loop initialization[1], causing the returned call frame vector to be empty.


[1] http://trac.webkit.org/browser/trunk/Source/WebCore/bindings/js/ScriptCallStackFactory.cpp#L83

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list