[Webkit-unassigned] [Bug 124409] [Win] JavaScript crashes on 64-bit with JIT enabled.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 15 15:49:25 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=124409
--- Comment #14 from peavo at outlook.com 2013-11-15 15:48:03 PST ---
(In reply to comment #13)
> (In reply to comment #12)
> > (In reply to comment #10)
> > > Actually, the value for rbx is the same as the PC for the caller of getCallLinkInfoReturnLocation() in the stack trace.
> >
> > I found the 5. parameter (StringImpl *) on the stack, it's located 20h off from where we actually read.
>
> Makes sense. Doesn't appear that we accounted for the first 4 args before poking arg5. The poke for arg5 is:
> 0000000005463DFA mov qword ptr [rsp],r11
> That should be 0000000005463DFA mov qword ptr [rsp + 0x20],r11
>
> I think the C call helper for 5 args for X86 win needs to account for the first 4 args.
Ah, I see... Thanks, will update the patch :)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list