[Webkit-unassigned] [Bug 149957] [Win] Null pointer crash.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 9 09:20:44 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=149957
--- Comment #4 from peavo at outlook.com ---
(In reply to comment #3)
> Comment on attachment 262776 [details]
> Patch
>
> While this might fix the crash, I think it's the wrong fix.
>
> A cell with a null structureID has been garbage collected. You're lucky if
> you find the null structureID -- that happens soon after sweeping. If you're
> unlucky, you'll just get garbage memory, or a crash.
>
> We need to investigate how cell got garbage collected in the first place.
Ok, sounds good :)
This is the state of the JSCell object when the crash occured:
m_structureID 0x00000000 JSC::Structure*
m_indexingType 0 unsigned char
m_type StringType JSC::JSType
m_flags 224 unsigned char
m_cellState NewWhite JSC::CellState
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151009/899e3727/attachment.html>
More information about the webkit-unassigned
mailing list