[Webkit-unassigned] [Bug 134912] [GTK] [Stable] [Debug] Asserts in cnn.com, nytimes.com, sfgate.com and others
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 15 01:07:44 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=134912
--- Comment #3 from ChangSeok Oh <changseok.oh at collabora.com> 2014-10-15 01:07:37 PST ---
(In reply to comment #2)
> Same here. The crash on cnn.com happens on webkitgtk-2.4.5 as well
Program received signal SIGSEGV, Segmentation fault.
0x00007f3044532c8b in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:333
333 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007f3044532c8b in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:333
#1 0x00007f304421364d in JSC::DFG::SpeculativeJIT::speculationCheck (this=0x1845890,
kind=JSC::Uncountable, jsValueSource=..., node=0x0, jumpToFail=...)
at ../../Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:113
#2 0x00007f304421f8ef in JSC::DFG::SpeculativeJIT::compileMakeRope (this=0x1845890,
node=0x7f2fd8231f00) at ../../Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2753
#3 0x00007f30441e9b72 in JSC::DFG::SpeculativeJIT::compile (this=0x1845890,
node=0x7f2fd8231f00)
at ../../Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2427
#4 0x00007f3044219222 in JSC::DFG::SpeculativeJIT::compileCurrentBlock (
this=0x1845890) at ../../Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1431
#5 0x00007f30442197d2 in JSC::DFG::SpeculativeJIT::compile (this=0x1845890)
at ../../Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1543
#6 0x00007f3044188250 in JSC::DFG::JITCompiler::compileBody (this=0x7fff7894b060)
at ../../Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:111
#7 0x00007f3044189a9b in JSC::DFG::JITCompiler::compileFunction (this=0x7fff7894b060)
at ../../Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:336
#8 0x00007f30441da5f4 in JSC::DFG::Plan::compileInThreadImpl (this=0x18413a0,
longLivedState=...) at ../../Source/JavaScriptCore/dfg/DFGPlan.cpp:251
#9 0x00007f30441d9ec0 in JSC::DFG::Plan::compileInThread (this=0x18413a0,
longLivedState=...) at ../../Source/JavaScriptCore/dfg/DFGPlan.cpp:125
#10 0x00007f304415f398 in JSC::DFG::compileImpl (vm=..., codeBlock=0x18337a0,
mode=JSC::DFG::DFGMode, osrEntryBytecodeIndex=0, mustHandleValues=...,
callback=..., worklist=0x0) at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:108
#11 0x00007f304415f430 in JSC::DFG::compile (vm=..., codeBlock=0x18337a0,
mode=JSC::DFG::DFGMode, osrEntryBytecodeIndex=0, mustHandleValues=...,
passedCallback=..., worklist=0x0)
at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:127
#12 0x00007f3044303f84 in JSC::operationOptimize (exec=0x7f2fda7fcc90,
bytecodeIndex=0) at ../../Source/JavaScriptCore/jit/JITOperations.cpp:1148
#13 0x00007f2ff4239700 in ?? ()
#14 0x00007f2ff41f8920 in ?? ()
#15 0x0000000000d99b70 in ?? ()
#16 0x0000000001376f10 in ?? ()
#17 0x00000000017aeb30 in ?? ()
#18 0x00000000007d00b0 in ?? ()
#19 0x0000000000000000 in ?? ()
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list