[Webkit-unassigned] [Bug 127902] Fix the remaining regression caused by the jsCStack branch merge on Linux platforms
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 25 09:19:24 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127902
--- Comment #5 from Geoffrey Garen <ggaren at apple.com> 2014-02-25 09:16:31 PST ---
It's clear that something has gone wrong in the part of call_varargs that's responsible for copying a variable list of arguments onto the stack.
Given that this test uses "many args", it's possible that we've overflowed the stack, but our stack check has somehow failed:
stack check:
0x7fffb2b0faa8: add %rbp, %rdx
0x7fffb2b0faab: mov $0x44e828, %r11
0x7fffb2b0fab5: cmp %rdx, (%r11)
0x7fffb2b0fab8: ja 0x7fffb2b0faf3
crash:
0x7fffb2b0fabe: mov %eax, 0x28(%rdx)
%rdx is near %rbp and %rsp, but substantially higher:
rdx 0x7fffffef9fe0 140737487282144
rbp 0x7ffffff7a050 0x7ffffff7a050
rsp 0x7ffffff79fe0 0x7ffffff79fe0
It does seem like we're checking the wrong thing here.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list