[Webkit-unassigned] [Bug 124409] [Win] JavaScript crashes on 64-bit with JIT enabled.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 15 13:35:26 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=124409
--- Comment #8 from peavo at outlook.com 2013-11-15 13:34:05 PST ---
I have probably misunderstood something, but below is the disassembly which calls operationPutByIdNonStrictOptimize; I thought we had to also adjust the stack pointer before this call, not only before the call in callToJavaScript?
...
...
00000000053D3E00 mov eax,edx
00000000053D3E02 mov r9,rax
00000000053D3E05 mov rdx,60E91B0h
00000000053D3E0F mov rcx,rbp
00000000053D3E12 mov dword ptr [rbp+2Ch],1Eh
00000000053D3E19 mov r11,1C0AD80h
00000000053D3E23 mov qword ptr [r11],rbp
00000000053D3E26 mov r11,2CE1100h
00000000053D3E30 call r11 < calls operationPutByIdNonStrictOptimize
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list