[Webkit-unassigned] [Bug 190033] New: [BigInt] BigInt.proptotype.toString is broken when radix is power of 2

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 27 04:16:15 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=190033

            Bug ID: 190033
           Summary: [BigInt] BigInt.proptotype.toString is broken when
                    radix is power of 2
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ticaiolima at gmail.com

When we have a BigInt with length >= 2, the call to BigInt.prototype.toString with a radix that is power of 2 causes the following crash:

ASSERTION FAILED: chunkDivisor
Source/JavaScriptCore/runtime/JSBigInt.cpp(1254) : static WTF::String JSC::JSBigInt::toStringGeneric(JSC::ExecState *, JSC::JSBigInt *, unsigned int)
1   0x1018a83e9 WTFCrash
2   0x100005b5b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x10140c670 JSC::JSBigInt::toStringGeneric(JSC::ExecState*, JSC::JSBigInt*, unsigned int)
4   0x10140c33c JSC::JSBigInt::toString(JSC::ExecState*, unsigned int)
5   0x10133acf9 JSC::bigIntProtoFuncToString(JSC::ExecState*)
6   0x3576d0ed177
7   0x10118c9d4 llint_entry
8   0x101184300 vmEntryToJavaScript
9   0x101099f4a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
10  0x101099519 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
11  0x101371c2f JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
12  0x10002238d runInteractive(GlobalObject*)
13  0x100007a77 int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&)
14  0x10000650f jscmain(int, char**)
15  0x10000646e main
16  0x7fff70624015 start
17  0x2
Process 91544 stopped

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180927/e821c048/attachment.html>


More information about the webkit-unassigned mailing list