[Webkit-unassigned] [Bug 200388] a null pointer deref in DFGCFGSimplificationPhase.cpp

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 2 13:26:43 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=200388

Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fpizlo at apple.com,
                   |                            |keith_miller at apple.com,
                   |                            |mark.lam at apple.com,
                   |                            |webkit-bug-importer at group.a
                   |                            |pple.com, ysuzuki at apple.com
           Hardware|PC                          |All
                 OS|Linux                       |All

--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
REproduces in shipping Safari.

Thread 9 Crashed:: DFG Worklist Worker Thread
0   com.apple.JavaScriptCore            0x00007fff30522a78 JSC::DFG::LazyJSValue::strictEqual(JSC::DFG::LazyJSValue const&) const + 408
1   com.apple.JavaScriptCore            0x00007fff2febf028 JSC::DFG::CFGSimplificationPhase::run() + 2504
2   com.apple.JavaScriptCore            0x00007fff30471ca8 bool JSC::DFG::runPhase<JSC::DFG::CFGSimplificationPhase>(JSC::DFG::Graph&) + 72
3   com.apple.JavaScriptCore            0x00007fff305c2aa9 JSC::DFG::Plan::compileInThreadImpl() + 2633
4   com.apple.JavaScriptCore            0x00007fff305c17fe JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*) + 382
5   com.apple.JavaScriptCore            0x00007fff3060fa8c JSC::DFG::Worklist::ThreadBody::work() + 300
6   com.apple.JavaScriptCore            0x00007fff2ffa2a00 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 304
7   com.apple.JavaScriptCore            0x00007fff2ffd57f2 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 194
8   com.apple.JavaScriptCore            0x00007fff2fdf4c39 WTF::wtfThreadEntryPoint(void*) + 9
9   libsystem_pthread.dylib             0x00007fff58cb62eb _pthread_body + 126
10  libsystem_pthread.dylib             0x00007fff58cb9249 _pthread_start + 66
11  libsystem_pthread.dylib             0x00007fff58cb540d thread_start + 13

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190802/ca89c12e/attachment-0001.html>

More information about the webkit-unassigned mailing list