[Webkit-unassigned] [Bug 210685] REGRESSION(r251875): Crash in JSC::StructureIDTable::get on ppc64le

Thu May 7 08:22:18 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=210685

--- Comment #21 from Daniel Kolesa <daniel at octaforge.org> ---
I built WebKit master, which crashes in the same way. I then went on to modify GCMemoryOperations.h and replaced its functions with simply the following:

```
template <typename T>
ALWAYS_INLINE void gcSafeMemcpy(T* dst, T* src, size_t bytes)
{
    static_assert(sizeof(T) == sizeof(JSValue));
    RELEASE_ASSERT(bytes % 8 == 0);

    memcpy(dst, src, bytes);
}

template <typename T>
ALWAYS_INLINE void gcSafeMemmove(T* dst, T* src, size_t bytes)
{
    static_assert(sizeof(T) == sizeof(JSValue));
    RELEASE_ASSERT(bytes % 8 == 0);

    memmove(dst, src, bytes);
}

template <typename T>
ALWAYS_INLINE void gcSafeZeroMemory(T* dst, size_t bytes)
{
    static_assert(sizeof(T) == sizeof(JSValue));
    RELEASE_ASSERT(bytes % 8 == 0);

    memset(reinterpret_cast<char*>(dst), 0, bytes);
}
```

It no longer crashes when I do that (it effectively reverts the SVN revision, except it makes sure the problem is not in the way these functions are called).

So it's definitely that specific rev that's the problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200507/0a7a41f3/attachment.htm>