[Webkit-unassigned] [Bug 149957] New: [Win] Null pointer crash.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 9 09:08:17 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=149957

            Bug ID: 149957
           Summary: [Win] Null pointer crash.
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: peavo at outlook.com

I just got a null pointer crash in JSC::speculationFromCell(). The JSCell object looks more or less ok, but the m_structureID member is 0, causing the null pointer crash. 


JavaScriptCore.dll!JSC::speculationFromCell(JSC::JSCell * cell)  Line 363 + 0x20 bytes    C++
JavaScriptCore.dll!JSC::speculationFromValue(JSC::JSValue value)  Line 391 + 0x8 bytes    C++
JavaScriptCore.dll!JSC::ValueProfileBase<1>::computeUpdatedPrediction(const JSC::ConcurrentJITLocker & __formal)  Line 145 + 0x7 bytes    C++
JavaScriptCore.dll!JSC::CodeBlock::updateAllPredictionsAndCountLiveness(unsigned int & numberOfLiveNonArgumentValueProfiles, unsigned int & numberOfSamplesInProfiles)  Line 3770    C++
JavaScriptCore.dll!JSC::CodeBlock::updateAllPredictions()  Line 3815    C++
JavaScriptCore.dll!operationOptimize(JSC::ExecState * exec, int bytecodeIndex)  Line 1142    C++

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151009/6b9e5eb9/attachment-0001.html>

More information about the webkit-unassigned mailing list