[Webkit-unassigned] [Bug 128740] New: ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) in WTF::dateToDaysFrom1970
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 13 05:38:00 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=128740
Summary: ASSERTION FAILED: (year >= 1970 && yearday >= 0) ||
(year < 1970 && yearday < 0) in
WTF::dateToDaysFrom1970
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rhodovan.u-szeged at partner.samsung.com
Blocks: 116980
Created an attachment (id=224058)
--> (https://bugs.webkit.org/attachment.cgi?id=224058&action=review)
Test case
The test was ran on debug efl jsc:
function function_0() {
new Date(6501480442020679337816440, 81696082856817131586190070, 1, 1, 1, 1, 1);
}
function_0();
The backtrace:
ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0)
/home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/DateMath.cpp(312) : double WTF::dateToDaysFrom1970(int, int, int)
1 0x7ffff740623b WTFCrash
2 0x7ffff74090e2 WTF::dateToDaysFrom1970(int, int, int)
3 0x7ffff72d98d5 JSC::gregorianDateTimeToMS(JSC::VM&, WTF::GregorianDateTime const&, double, bool)
4 0x7ffff72ab18c JSC::constructDate(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArgList const&)
5 0x7ffff72ab24d
6 0x7ffff73e88d3
7 0x7ffff73eb7fa JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
8 0x7ffff73ebcb4 JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind)
9 0x7ffff73e8a8f
10 0x7ffff73f1664
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7406240 in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff7406240 in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1 0x00007ffff74090e2 in WTF::dateToDaysFrom1970 (year=-2147483648, month=0, day=1)
at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/DateMath.cpp:312
#2 0x00007ffff72d98d5 in JSC::gregorianDateTimeToMS (vm=..., t=..., milliSeconds=1, inputIsUTC=false)
at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/JSDateMath.cpp:193
#3 0x00007ffff72ab18c in JSC::constructDate (exec=0x7fffffffcb90, globalObject=0x7ffff7f2f970, args=...)
at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/DateConstructor.cpp:170
#4 0x00007ffff72ab24d in JSC::constructWithDateConstructor (exec=0x7fffffffcb90)
at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/DateConstructor.cpp:180
#5 0x00007ffff73e88d3 in JSC::LLInt::handleHostCall (execCallee=0x7fffffffcb90, pc=0x680358, callee=..., kind=JSC::CodeForConstruct)
at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1050
#6 0x00007ffff73eb7fa in JSC::LLInt::setUpCall (execCallee=0x7fffffffcb90, pc=0x680358, kind=JSC::CodeForConstruct, calleeAsValue=...,
callLinkInfo=0x67fee0) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1071
#7 0x00007ffff73ebcb4 in JSC::LLInt::genericCall (exec=0x7fffffffcc10, pc=0x680358, kind=JSC::CodeForConstruct)
at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1137
#8 0x00007ffff73e8a8f in JSC::LLInt::llint_slow_path_construct (exec=0x7fffffffcc10, pc=0x680358)
at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1149
#9 0x00007ffff73f1664 in llint_op_construct () from /home/reni2/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#10 0x00007fffffffcc10 in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list