[Webkit-unassigned] [Bug 196477] New: REGRESSION (r243642): com.apple.JavaScriptCore crash in JSC::RegExpObject::execInline
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 1 19:46:02 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196477
Bug ID: 196477
Summary: REGRESSION (r243642): com.apple.JavaScriptCore crash
in JSC::RegExpObject::execInline
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: msaboff at apple.com
The following crash is seen with layout test js/regexp-unicode.html when using GuardMalloc:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 ??? 0x000000010b33e7f5 0 + 4482918389
1 com.apple.JavaScriptCore 0x0000000463c56d71 JSC::RegExpObject::execInline(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*) + 881
2 ??? 0x000000010b2fb16b 0 + 4482642283
3 com.apple.JavaScriptCore 0x00000004638ab8e7 llint_entry + 62084
4 com.apple.JavaScriptCore 0x000000046389c4b9 vmEntryToJavaScript + 200
5 com.apple.JavaScriptCore 0x00000004635fb3a7 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) + 2279
6 com.apple.JavaScriptCore 0x00000004635f741c JSC::eval(JSC::ExecState*) + 764
7 com.apple.JavaScriptCore 0x0000000463ea2fc6 operationCallEval + 102
8 ??? 0x000000010b33a236 0 + 4482900534
9 com.apple.JavaScriptCore 0x00000004638ab8e7 llint_entry + 62084
10 com.apple.JavaScriptCore 0x000000046389c4b9 vmEntryToJavaScript + 200
11 com.apple.JavaScriptCore 0x0000000463e0de10 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 11280
...
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190402/d633b0fc/attachment.html>
More information about the webkit-unassigned
mailing list