[Webkit-unassigned] [Bug 142639] editing/selection/select-bidi-run.html crashed in bmalloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 12 13:34:14 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=142639
Simon Fraser (smfr) <simon.fraser at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ap at webkit.org,
| |cdumez at apple.com,
| |enrica at apple.com,
| |ggaren at apple.com,
| |simon.fraser at apple.com
--- Comment #1 from Simon Fraser (smfr) <simon.fraser at apple.com> ---
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x000000010d7aeff0 bmalloc::LargeObject::validateSelf() const + 128
1 com.apple.JavaScriptCore 0x000000010d7aee81 bmalloc::LargeObject::validate() const + 225
2 com.apple.JavaScriptCore 0x000000010d7b107f bmalloc::LargeObject::LargeObject(void*) + 95
3 com.apple.JavaScriptCore 0x000000010d7b0d9d bmalloc::LargeObject::LargeObject(void*) + 29
4 com.apple.JavaScriptCore 0x000000010d7b0199 bmalloc::Allocator::reallocate(void*, unsigned long) + 361
5 com.apple.JavaScriptCore 0x000000010d76fb06 bmalloc::Cache::reallocate(void*, unsigned long) + 86
6 com.apple.JavaScriptCore 0x000000010d76eecd bmalloc::api::realloc(void*, unsigned long) + 29
7 com.apple.JavaScriptCore 0x000000010d76ebbd WTF::fastRealloc(void*, unsigned long) + 29
8 com.apple.JavaScriptCore 0x000000010d79492b WTF::Ref<WTF::StringImpl> WTF::StringImpl::reallocateInternal<unsigned char>(WTF::PassRefPtr<WTF::StringImpl>, unsigned int, unsigned char*&) + 299
9 com.apple.JavaScriptCore 0x000000010d78b330 WTF::StringImpl::reallocate(WTF::PassRefPtr<WTF::StringImpl>, unsigned int, unsigned char*&) + 128
10 com.apple.JavaScriptCore 0x000000010d789346 void WTF::StringBuilder::reallocateBuffer<unsigned char>(unsigned int) + 310
11 com.apple.JavaScriptCore 0x000000010d789f42 WTF::StringBuilder::shrinkToFit() + 66
12 com.apple.WebCore 0x000000010edbf3a7 WTF::StringBuilder::toString() + 39 (StringBuilder.h:178)
13 com.apple.WebCore 0x0000000110d00c1e WebCore::plainText(WebCore::Range const*, unsigned short, bool) + 334 (TextIterator.cpp:2536)
14 com.apple.WebCore 0x000000010f4186d8 WebCore::DOMSelection::toString() + 120 (DOMSelection.cpp:492)
15 com.apple.WebCore 0x000000010fc8a0a4 WebCore::jsDOMSelectionPrototypeFunctionToString(JSC::ExecState*) + 404 (JSDOMSelection.cpp:573)
16 ??? 0x00003d2699801028 0 + 67235993358376
17 ??? 0x00003d269989462d 0 + 67235993962029
18 com.apple.JavaScriptCore 0x000000010d4f8ec6 llint_entry + 25658
19 com.apple.JavaScriptCore 0x000000010d4f2849 vmEntryToJavaScript + 361
20 com.apple.JavaScriptCore 0x000000010d3740ea JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 266
21 com.apple.JavaScriptCore 0x000000010d3576a5 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4853
22 com.apple.JavaScriptCore 0x000000010ceb4d10 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 480
23 com.apple.WebCore 0x000000010fe4c545 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 69 (JSMainThreadExecState.h:62)
24 com.apple.WebCore 0x0000000110890abd WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 317 (ScriptController.cpp:164)
...
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150312/bb6f2b18/attachment-0002.html>
More information about the webkit-unassigned
mailing list