[Webkit-unassigned] [Bug 138722] New: JavaScriptCore assertion crash when access http://www.tmall.com/go/market/promotion-act/nsxy9-h5.php

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 13 18:11:36 PST 2014


            Bug ID: 138722
           Summary: JavaScriptCore assertion crash when access
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Android
                OS: Android
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: grainsan at 126.com

I use GTK 2.4.3 version webkit engine in armV7 Android platform, when access  http://www.tmall.com/go/market/promotion-act/nsxy9-h5.php this webpage it always cause a assertion, it seems a JSCell pointer is NULL. And this value is from DFG register, do you know how to fix this bug? Thanks.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 3022]
0xb5402f9e in WTFCrash () at TGL/thirdparty/webkit-2.4/Source/WTF/wtf/Assertions.cpp:333
333         *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0xb5402f9e in WTFCrash () at TGL/thirdparty/webkit-2.4/Source/WTF/wtf/Assertions.cpp:333
#1  0xb515e7ac in methodTable (this=<optimized out>) at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/runtime/JSCellInlines.h:160
#2  JSC::JSValue::put (this=0xb302e6e8, exec=0xb0944958, propertyName=<optimized out>, value=..., slot=...)
    at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:703
#3  0xb5220a0a in JSC::putByVal (callFrame=0xfffffffb, baseValue=..., subscript=..., value=...) at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/jit/JITOperations.cpp:478
#4  0xb52226b8 in JSC::operationPutByVal (exec=0xb0944958, encodedBaseValue=<optimized out>, encodedSubscript=-18516814096, encodedValue=-18617586880)
    at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/jit/JITOperations.cpp:542
#5  0xaf0d8b30 in ?? ()
#6  0xaf0d8b30 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) disas WTFCrash
Dump of assembler code for function WTFCrash():
   0xb5402f88 <+0>:     push    {r3, lr}
   0xb5402f8a <+2>:     ldr     r3, [pc, #24]   ; (0xb5402fa4 <WTFCrash()+28>)
   0xb5402f8c <+4>:     add     r3, pc
   0xb5402f8e <+6>:     ldr     r0, [r3, #0]
   0xb5402f90 <+8>:     cbz     r0, 0xb5402f94 <WTFCrash()+12>
   0xb5402f92 <+10>:    blx     r0
   0xb5402f94 <+12>:    movw    r2, #48879      ; 0xbeef
   0xb5402f98 <+16>:    movt    r2, #48045      ; 0xbbad
   0xb5402f9c <+20>:    movs    r1, #0
=> 0xb5402f9e <+22>:    str     r1, [r2, #0]
   0xb5402fa0 <+24>:    blx     r1
   0xb5402fa2 <+26>:    pop     {r3, pc}
   0xb5402fa4 <+28>:    andeq   r8, r3, r8, lsr #1
End of assembler dump.
(gdb) i r
r0             0x0      0
r1             0x0      0
r2             0xbbadbeef       3148725999
r3             0xb543b038       3041112120
r4             0xaa4e2b40       2857249600
r5             0xfffffffb       4294967291
r6             0xb302e6e8       3003311848
r7             0xb302e6a8       3003311784
r8             0xb302e6f8       3003311864
r9             0xac3d14b0       2889684144
r10            0xb0944958       2962508120
r11            0xfffffffb       4294967291
r12            0xb53e3b48       3040754504
sp             0xb302e690       0xb302e690
lr             0xb515e7ad       -1256855635
pc             0xb5402f9e       0xb5402f9e <WTFCrash()+22>
cpsr           0x60030030       1610809392
(gdb) l
328     {
329         if (globalHook)
330             globalHook();
332         WTFReportBacktrace();
333         *(int *)(uintptr_t)0xbbadbeef = 0;
334         // More reliable, but doesn't say BBADBEEF.
335     #if COMPILER(CLANG)
336         __builtin_trap();
337     #else

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141114/8963b712/attachment-0002.html>

More information about the webkit-unassigned mailing list