[Webkit-unassigned] [Bug 124409] [Win] JavaScript crashes on 64-bit with JIT enabled.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 15 14:48:50 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=124409





--- Comment #11 from peavo at outlook.com  2013-11-15 14:47:28 PST ---
(In reply to comment #9)

> We shouldn't have to because the stack pointer shouldn't be changed by LLInt or JIT code.  From the register dump, rbx is garbage.  Could you provide more disassembly for the caller?  I'm looking for where arg 5 is put on the stack.

0000000005463CE8  add         byte ptr [rax-75h],cl  
0000000005463CEB  xor         byte ptr [r8-75h],r9b  
0000000005463CEF  push        rbp  
0000000005463CF0  or          byte ptr [rax-75h],cl  
0000000005463CF3  ins         dword ptr [rdi],dx  
0000000005463CF4  add         byte ptr [rdx-3Dh],dl  
0000000005463CF7  mov         dword ptr [rbp+2Ch],0Ah  
0000000005463CFE  mov         r11,1CCAD80h  
0000000005463D08  mov         qword ptr [r11],rbp  
0000000005463D0B  add         rsp,0FFFFFFFFFFFFFFF0h  
0000000005463D0F  mov         rcx,rsp  
0000000005463D12  mov         rdx,rbp  
0000000005463D15  mov         r8,606C520h  
0000000005463D1F  mov         r11,2E55200h  
0000000005463D29  call        r11  
0000000005463D2C  pop         rax  
0000000005463D2D  pop         rdx  
0000000005463D2E  mov         r11,1CCC830h  
0000000005463D38  mov         r11,qword ptr [r11]  
0000000005463D3B  test        r11,r11  
0000000005463D3E  jne         0000000005463FD2  
0000000005463D44  mov         rax,qword ptr [rbp-28h]  
0000000005463D48  jmp         0000000005463AA1  
0000000005463D4D  mov         dword ptr [rbp+2Ch],0Dh  
0000000005463D54  mov         r11,1CCAD80h  
0000000005463D5E  mov         qword ptr [r11],rbp  
0000000005463D61  add         rsp,0FFFFFFFFFFFFFFF0h  
0000000005463D65  mov         rcx,rsp  
0000000005463D68  mov         rdx,rbp  
0000000005463D6B  mov         r8,606C538h  
0000000005463D75  mov         r11,2E58C70h  
0000000005463D7F  call        r11  
0000000005463D82  pop         rax  
0000000005463D83  pop         rdx  
0000000005463D84  mov         r11,1CCC830h  
0000000005463D8E  mov         r11,qword ptr [r11]  
0000000005463D91  test        r11,r11  
0000000005463D94  jne         0000000005463FD2  
0000000005463D9A  mov         rax,qword ptr [rbp+30h]  
0000000005463D9E  jmp         0000000005463ADD  
0000000005463DA3  mov         rdx,5F68120h  
0000000005463DAD  mov         rcx,rbp  
0000000005463DB0  mov         dword ptr [rbp+2Ch],11h  
0000000005463DB7  mov         r11,1CCAD80h  
0000000005463DC1  mov         qword ptr [r11],rbp  
0000000005463DC4  mov         r11,2D95510h  
0000000005463DCE  call        r11  
0000000005463DD1  mov         r11,1CCC830h  
0000000005463DDB  mov         r11,qword ptr [r11]  
0000000005463DDE  test        r11,r11  
0000000005463DE1  jne         0000000005463FD2  
0000000005463DE7  mov         qword ptr [rbp-18h],rax  
0000000005463DEB  jmp         0000000005463B18  
0000000005463DF0  mov         r11,6065810h  
0000000005463DFA  mov         qword ptr [rsp],r11  
0000000005463DFE  mov         r8,rdx  
0000000005463E01  mov         r9,rax  
0000000005463E04  mov         rdx,6065540h  
0000000005463E0E  mov         rcx,rbp  
0000000005463E11  mov         dword ptr [rbp+2Ch],1Eh  
0000000005463E18  mov         r11,1CCAD80h  
0000000005463E22  mov         qword ptr [r11],rbp  
0000000005463E25  mov         r11,2D91100h  
0000000005463E2F  call        r11

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list