[Webkit-unassigned] [Bug 202624] Aborted (core dumped)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 21 12:43:42 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=202624

--- Comment #3 from Gary Kwong <nth10sd at gmail.com> ---
Backtrace with git commit 043245b0ed35b36e177dc7f96df8deb6cdbb5465:

#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6469801 in __GI_abort () at abort.c:79
#2  0x000055555788bc1b in JSC::JSObject::putInlineSlow (this=0x7fffb35c8280, exec=0x7fffffffcc80, propertyName=..., value=..., slot=...)
    at ../../Source/JavaScriptCore/runtime/JSObject.cpp:769
#3  0x000055555707e39a in JSC::JSObject::putInlineForJSObject (cell=0x7fffb35c8280, exec=0x7fffffffcc80, propertyName=..., value=..., slot=...)
    at ../../Source/JavaScriptCore/runtime/JSObjectInlines.h:245
#4  0x000055555707a16e in JSC::JSCell::putInline (this=0x7fffb35c8280, exec=0x7fffffffcc80, propertyName=..., value=..., slot=...)
    at ../../Source/JavaScriptCore/runtime/JSCellInlines.h:403
#5  0x000055555707d597 in JSC::JSValue::putInline (this=0x7fffffffca60, exec=0x7fffffffcc80, propertyName=..., value=..., slot=...)
    at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:951
#6  0x00005555575f2ac9 in JSC::LLInt::llint_slow_path_put_by_id (exec=0x7fffffffcc80, pc=0x7ffff3f8508b) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:851
#7  0x00005555575e151a in llint_entry () at DerivedSources/ForwardingHeaders/wtf/CagedPtr.h:50
#8  0x00005555575ebab6 in llint_entry () at DerivedSources/ForwardingHeaders/wtf/CagedPtr.h:50
#9  0x00005555575da4e2 in vmEntryToJavaScript () at DerivedSources/ForwardingHeaders/wtf/CagedPtr.h:50
#10 0x0000555557509bc0 in JSC::JITCode::execute (this=0x7ffff3f8a000, vm=0x7fffb3d00000, protoCallFrame=0x7fffffffcf30) at ../../Source/JavaScriptCore/jit/JITCodeInlines.h:38
#11 0x000055555750075d in JSC::Interpreter::executeProgram (this=0x7ffff3ffd270, source=..., callFrame=0x7fffb35e0048, thisObj=0x7fffb35a8080)
    at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:832
#12 0x0000555557796661 in JSC::evaluate (exec=0x7fffb35e0048, source=..., thisValue=..., returnedException=...) at ../../Source/JavaScriptCore/runtime/Completion.cpp:106
#13 0x0000555556bcf037 in runWithOptions (globalObject=0x7fffb35e0000, options=..., success=@0x7fffffffdaaa: true) at ../../Source/JavaScriptCore/jsc.cpp:2460
#14 0x0000555556bd017e in <lambda(JSC::VM&, GlobalObject*, bool&)>::operator()(JSC::VM &, GlobalObject *, bool &) const (__closure=0x7fffffffdc18, globalObject=0x7fffb35e0000, 
    success=@0x7fffffffdaaa: true) at ../../Source/JavaScriptCore/jsc.cpp:2864
#15 0x0000555556bd184d in runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(CommandLine, bool, const <lambda(JSC::VM&, GlobalObject*, bool&)> &) (options=..., 
    isWorker=false, func=...) at ../../Source/JavaScriptCore/jsc.cpp:2765
#16 0x0000555556bd0242 in jscmain (argc=2, argv=0x7fffffffdde8) at ../../Source/JavaScriptCore/jsc.cpp:2865
#17 0x0000555556bcdb26 in main (argc=2, argv=0x7fffffffdde8) at ../../Source/JavaScriptCore/jsc.cpp:2286

=====

On a recent git commit eb42a8967d53ebb95bd59b6d89662ac7fdf95a8b, the testcase only shows:

Exception: SyntaxError: Invalid character '\u007f'

instead of showing the assertion failure.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200421/a687eaf3/attachment.htm>

More information about the webkit-unassigned mailing list