[Webkit-unassigned] [Bug 137955] Crashes in WinCairo 64-bit

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 3 11:17:51 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=137955

Michael Saboff <msaboff at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |139229

--- Comment #4 from Michael Saboff <msaboff at apple.com> ---
(In reply to comment #3)
> This is a long shot, but I've noticed that there is missing a stack
> allocation for parameters in CallEdgeProfile.cpp:
> 
> 
> Index: bytecode/CallEdgeProfile.cpp
> ===================================================================
> --- bytecode/CallEdgeProfile.cpp        (revisjon 176518)
> +++ bytecode/CallEdgeProfile.cpp        (arbeidskopi)
> @@ -310,9 +310,15 @@
>      jit.subPtr(CCallHelpers::TrustedImm32(stackAlignmentBytes()),
> CCallHelpers::stackPointerRegister);
> 
>      jit.storeValue(calleeRegs,
> CCallHelpers::Address(CCallHelpers::stackPointerRegister, sizeof(JSValue)));
> +#if OS(WINDOWS) && CPU(X86_64)
> +    jit.sub64(CCallHelpers::TrustedImm32(4 * sizeof(int64_t)),
> X86Registers::esp);
> +#endif
>      jit.setupArguments(CCallHelpers::TrustedImmPtr(this));
>     
> jit.move(CCallHelpers::
> TrustedImmPtr(bitwise_cast<void*>(operationProcessCallEdgeLog)),
> GPRInfo::nonArgGPR0);
>      jit.call(GPRInfo::nonArgGPR0);
> +#if OS(WINDOWS) && CPU(X86_64)
> +    jit.add64(CCallHelpers::TrustedImm32(4 * sizeof(int64_t)),
> X86Registers::esp);
> +#endif
>      jit.loadValue(CCallHelpers::Address(CCallHelpers::stackPointerRegister,
> sizeof(JSValue)), calleeRegs);
> 
>      jit.addPtr(CCallHelpers::TrustedImm32(stackAlignmentBytes()),
> CCallHelpers::stackPointerRegister);

That could be a problem, but likely not the problem.  We are crashing before we get to the call because what we intend to call is null.  I happen to be working on another issue that could be this issue.  Basically we try calling a custom getter, but there isn't one, it is null.

I just filed https://bugs.webkit.org/show_bug.cgi?id=139229 to track that issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141203/7c498c87/attachment-0002.html>

More information about the webkit-unassigned mailing list