[Webkit-unassigned] [Bug 149957] [Win] Null pointer crash.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 16 13:01:10 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=149957
Dan Zimmerman <daniel.zimmerman at me.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |daniel.zimmerman at me.com
--- Comment #5 from Dan Zimmerman <daniel.zimmerman at me.com> ---
I've found a similar crash on iOS 10.2's version of JavascriptCore.
I have the following backtrace:
#0 0x0000000104d6d2ef in JSC::speculationFromCell(JSC::JSCell*) ()
#1 0x00000001047d2ec3 in JSC::CodeBlock::updateAllPredictionsAndCountLiveness(unsigned int&, unsigned int&) ()
#2 0x00000001047cebc7 in JSC::CodeBlock::stronglyVisitStrongReferences(JSC::SlotVisitor&) ()
#3 0x00000001047ce969 in JSC::CodeBlock::visitChildren(JSC::SlotVisitor&) ()
#4 0x0000000104d699ac in JSC::SlotVisitor::drain() ()
#5 0x0000000104a0869c in JSC::Heap::markRoots(double, void*, void*, int (&) [37]) ()
#6 0x0000000104a0b065 in JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [37]) ()
#7 0x0000000104a0ada1 in JSC::Heap::collect(JSC::HeapOperation) ()
#8 0x0000000104c3c957 in JSC::MarkedAllocator::allocateSlowCase(unsigned long) ()
#9 0x0000000104b72ee0 in JSObjectMake ()
and the state of the JSCell is:
m_structureID: 0
m_indexingType: 0
m_type: UnspecifiedType (0)
m_flags: 0
m_cellState: AnthraciteOrBlack (0)
Is there anyway I can help to find the source of the issue? I have a setup where the bug is pretty reproducible.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170116/3ec8fca5/attachment.html>
More information about the webkit-unassigned
mailing list