[Webkit-unassigned] [Bug 186989] New: ASSERTION FAILED: !getDirect(offset) || !JSValue::encode(getDirect(offset)) on nytimes.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jun 24 22:23:33 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=186989
Bug ID: 186989
Summary: ASSERTION FAILED: !getDirect(offset) ||
!JSValue::encode(getDirect(offset)) on nytimes.com
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: simon.fraser at apple.com
Had nytimes.com loaded in debug MiniBrowser, WebKit1, and hit this assertion:
offset was 114, this was a FinalObjectType
ASSERTION FAILED: !getDirect(offset) || !JSValue::encode(getDirect(offset))
/Volumes/Data/Development/apple/webkit/OpenSource/Source/JavaScriptCore/runtime/JSObjectInlines.h(335) : bool JSC::JSObject::putDirectInternal(JSC::VM &, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot &)
1 0x11517bac9 WTFCrash
2 0x115b7b99d bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)0>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&)
3 0x115b7af6b JSC::JSObject::putInlineForJSObject(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
4 0x1164e6835 JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
5 0x115b7a89e JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
6 0x115b04b3f void JSC::DFG::putByValInternal<false, false>(JSC::ExecState*, JSC::VM&, long long, long long, long long)
7 0x115b0480f operationPutByValNonStrict
8 0x2bbff2887cb
9 0x2bbff57fa17
10 0x2bbff3c3663
11 0x2bbff22dcc2
12 0x115280bf2 llint_entry
13 0x115280bf2 llint_entry
14 0x2bbff35f082
15 0x115280bf2 llint_entry
16 0x2bbff58ffc1
17 0x2bbff592122
18 0x2bbff3d206f
19 0x115278652 vmEntryToJavaScript
20 0x116113afa JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
21 0x1161140d3 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
22 0x1163aa7ea JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
23 0x1163aa8cc JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
24 0x1163aab6d JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
25 0x10719377b WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
26 0x107215036 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&)
27 0x107214ae0 WebCore::ScheduledAction::execute(WebCore::Document&)
28 0x1072149a3 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&)
29 0x108009899 WebCore::DOMTimer::fired()
30 0x108250b54 WebCore::ThreadTimers::sharedTimerFiredInternal()
31 0x1082668c1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
(lldb)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180625/795bbd4e/attachment.html>
More information about the webkit-unassigned
mailing list