[Webkit-unassigned] [Bug 128740] New: ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) in WTF::dateToDaysFrom1970

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 13 05:38:00 PST 2014


https://bugs.webkit.org/show_bug.cgi?id=128740

           Summary: ASSERTION FAILED: (year >= 1970 && yearday >= 0) ||
                    (year < 1970 && yearday < 0) in
                    WTF::dateToDaysFrom1970
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rhodovan.u-szeged at partner.samsung.com
            Blocks: 116980


Created an attachment (id=224058)
 --> (https://bugs.webkit.org/attachment.cgi?id=224058&action=review)
Test case

The test was ran on debug efl jsc:

function function_0() {
    new Date(6501480442020679337816440, 81696082856817131586190070, 1, 1, 1, 1, 1);   
}

function_0();


The backtrace:

ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0)
/home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/DateMath.cpp(312) : double WTF::dateToDaysFrom1970(int, int, int)
1   0x7ffff740623b WTFCrash
2   0x7ffff74090e2 WTF::dateToDaysFrom1970(int, int, int)
3   0x7ffff72d98d5 JSC::gregorianDateTimeToMS(JSC::VM&, WTF::GregorianDateTime const&, double, bool)
4   0x7ffff72ab18c JSC::constructDate(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArgList const&)
5   0x7ffff72ab24d
6   0x7ffff73e88d3
7   0x7ffff73eb7fa JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
8   0x7ffff73ebcb4 JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind)
9   0x7ffff73e8a8f
10  0x7ffff73f1664

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7406240 in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff7406240 in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff74090e2 in WTF::dateToDaysFrom1970 (year=-2147483648, month=0, day=1)
    at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/DateMath.cpp:312
#2  0x00007ffff72d98d5 in JSC::gregorianDateTimeToMS (vm=..., t=..., milliSeconds=1, inputIsUTC=false)
    at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/JSDateMath.cpp:193
#3  0x00007ffff72ab18c in JSC::constructDate (exec=0x7fffffffcb90, globalObject=0x7ffff7f2f970, args=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/DateConstructor.cpp:170
#4  0x00007ffff72ab24d in JSC::constructWithDateConstructor (exec=0x7fffffffcb90)
    at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/DateConstructor.cpp:180
#5  0x00007ffff73e88d3 in JSC::LLInt::handleHostCall (execCallee=0x7fffffffcb90, pc=0x680358, callee=..., kind=JSC::CodeForConstruct)
    at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1050
#6  0x00007ffff73eb7fa in JSC::LLInt::setUpCall (execCallee=0x7fffffffcb90, pc=0x680358, kind=JSC::CodeForConstruct, calleeAsValue=..., 
    callLinkInfo=0x67fee0) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1071
#7  0x00007ffff73ebcb4 in JSC::LLInt::genericCall (exec=0x7fffffffcc10, pc=0x680358, kind=JSC::CodeForConstruct)
    at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1137
#8  0x00007ffff73e8a8f in JSC::LLInt::llint_slow_path_construct (exec=0x7fffffffcc10, pc=0x680358)
    at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1149
#9  0x00007ffff73f1664 in llint_op_construct () from /home/reni2/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#10 0x00007fffffffcc10 in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list