[Webkit-unassigned] [Bug 139457] New: SIGSEGV from JIT'd Code in WebGL Game

Tue Dec 9 12:13:20 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=139457

            Bug ID: 139457
           Summary: SIGSEGV from JIT'd Code in WebGL Game
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: iOS
                OS: iOS 8.1
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: konistehrad at gmail.com

Created attachment 242957
  --> https://bugs.webkit.org/attachment.cgi?id=242957&action=review
Crash log showing SIGSEGV coming from JIT code.

On iPhone 6  or 6 Plus, and only on iPhone 6 or 6 Plus, (iOS 8.1.1, Safari/600.1.4) attempting to play the games found at http://target.com/play will result in a crash due to a SIGSEGV coming from JIT code. The easiest way to reproduce this is to visit http://target.com/play and play the games in the following order:

- Arctic Catch
- Snowball Fight
- Hot Cocoa

After playing several rounds of each, in that order, return to the world map via the menu, and wait several seconds. The game will crash, resulting in a stack trace similar to the one attached. I know that this is not related to the audio subsystem, as removing it entirely did not result in a fix (it uses several new Function() calls, leading me initially to believe I could "fix" the problem in that way), but other than that I'm sadly at a loss. Let me know if you have any other questions.

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141209/cdb4d0eb/attachment-0002.html>