[Webkit-unassigned] [Bug 150513] New: REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584

Fri Oct 23 14:26:53 PDT 2015

https://bugs.webkit.org/show_bug.cgi?id=150513

            Bug ID: 150513
           Summary: REGRESSION (r179357-r179359): WebContent Crash using
                    AOL Mail @ com.apple.JavascriptCore
                    JSC::linkPolymorphicCall(JSC::ExecState*,
                    JSC::CallLinkInfo&, JSC::CallVariant,
                    JSC::RegisterPreservationMode) + 1584
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

It appears that the website is running out of stack space while making a virtual call to a Javascript function for the first time.  The call to the function properly fails due to out of stack space, but we try to add the function to a polymorphic cache and it doesn't have a CodeBlock.  linkPolymorphicCall crashes without a CodeBlock.

We need to make linkPolymorphicCall() properly handle a function without a CodeBlock.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151023/60e0f5c9/attachment-0001.html>