[Webkit-unassigned] [Bug 124675] New: [Win] JavaScript JIT crash (with DFG enabled).
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 20 13:28:04 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=124675
Summary: [Win] JavaScript JIT crash (with DFG enabled).
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: peavo at outlook.com
I'm currently getting a reproducible crash in JIT code with DFG enabled.
The crash is an access reading violation.
The offending instruction is shown in the disassembly below:
058F204B jmp 05501EA3
058F2050 mov esi,eax
058F2052 mov eax,0FFFFFFFBh < The value assigned to eax causing the access violation is set here, I think.
058F2057 mov ebx,5501EA3h
058F205C push ebx
058F205D jmp 058F2080
058F2062 add byte ptr [eax],al
058F2064 add byte ptr [eax],al
058F2066 add byte ptr [eax],al
058F2068 add byte ptr [eax],al
058F206A add byte ptr [eax],al
058F206C add byte ptr [eax],al
058F206E add byte ptr [eax],al
058F2070 add byte ptr [eax],al
058F2072 add byte ptr [eax],al
058F2074 add byte ptr [eax],al
058F2076 add byte ptr [eax],al
058F2078 add byte ptr [eax],al
058F207A add byte ptr [eax],al
058F207C add byte ptr [eax],al
058F207E add byte ptr [eax],al
058F2080 cmp edx,0FFFFFFFBh
058F2083 jne 058F20B7
058F2089 mov ebx,dword ptr [eax] < Crash, access reading violation 0FFFFFFFBh
Register values:
EAX = FFFFFFFB EBX = 03B62732 ECX = 007F046E EDX = FFFFFFFB ESI = 07EDF658 EDI = 00DB8F48 EIP = 058F2089 ESP = 002BEEA8 EBP = 0624FBD0 EFL = 00210246
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list