[Webkit-unassigned] [Bug 190033] New: [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 27 04:16:15 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=190033
Bug ID: 190033
Summary: [BigInt] BigInt.proptotype.toString is broken when
radix is power of 2
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ticaiolima at gmail.com
When we have a BigInt with length >= 2, the call to BigInt.prototype.toString with a radix that is power of 2 causes the following crash:
ASSERTION FAILED: chunkDivisor
Source/JavaScriptCore/runtime/JSBigInt.cpp(1254) : static WTF::String JSC::JSBigInt::toStringGeneric(JSC::ExecState *, JSC::JSBigInt *, unsigned int)
1 0x1018a83e9 WTFCrash
2 0x100005b5b WTFCrashWithInfo(int, char const*, char const*, int)
3 0x10140c670 JSC::JSBigInt::toStringGeneric(JSC::ExecState*, JSC::JSBigInt*, unsigned int)
4 0x10140c33c JSC::JSBigInt::toString(JSC::ExecState*, unsigned int)
5 0x10133acf9 JSC::bigIntProtoFuncToString(JSC::ExecState*)
6 0x3576d0ed177
7 0x10118c9d4 llint_entry
8 0x101184300 vmEntryToJavaScript
9 0x101099f4a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
10 0x101099519 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
11 0x101371c2f JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
12 0x10002238d runInteractive(GlobalObject*)
13 0x100007a77 int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&)
14 0x10000650f jscmain(int, char**)
15 0x10000646e main
16 0x7fff70624015 start
17 0x2
Process 91544 stopped
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180927/e821c048/attachment.html>
More information about the webkit-unassigned
mailing list