[Webkit-unassigned] [Bug 124409] [Win] JavaScript crashes on 64-bit with JIT enabled.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 15 15:36:48 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=124409
--- Comment #13 from Michael Saboff <msaboff at apple.com> 2013-11-15 15:35:26 PST ---
(In reply to comment #12)
> (In reply to comment #10)
> > Actually, the value for rbx is the same as the PC for the caller of getCallLinkInfoReturnLocation() in the stack trace.
>
> I found the 5. parameter (StringImpl *) on the stack, it's located 20h off from where we actually read.
Makes sense. Doesn't appear that we accounted for the first 4 args before poking arg5. The poke for arg5 is:
0000000005463DFA mov qword ptr [rsp],r11
That should be 0000000005463DFA mov qword ptr [rsp + 0x20],r11
I think the C call helper for 5 args for X86 win needs to account for the first 4 args.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list