[Webkit-unassigned] [Bug 229235] REGRESSION(r??????): Crash in JSC::FTL::saveAllRegisters

Mon Aug 23 08:56:01 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=229235

Fabian Bornschein <fabiscafe at mailbox.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fabiscafe at mailbox.org

--- Comment #5 from Fabian Bornschein <fabiscafe at mailbox.org> ---
I experience the same thing and get the same error

Webkit version 2.33.3 (from https://webkitgtk.org/releases/webkitgtk-2.33.3.tar.xz)
+ https://bugs.webkit.org/show_bug.cgi?id=229152#c18 patch applied

Build options:
    -DPORT=GTK \
    -DCMAKE_BUILD_TYPE=Release \
    -DCMAKE_INSTALL_PREFIX=/usr \
    -DCMAKE_INSTALL_LIBDIR=lib \
    -DCMAKE_INSTALL_LIBEXECDIR=lib \
    -DCMAKE_SKIP_RPATH=ON \
    -DENABLE_GTKDOC=ON \
    -DENABLE_MINIBROWSER=ON \
    -DUSE_SOUP2=ON

Happen to me on any mastodon timeline, as well as the given sites https://arstechnica.com/, https://gnome.element.io/

The line 

/usr/include/c++/11.1.0/array:196: constexpr const value_type& std::array<_Tp, _Nm>::operator[](std::array<_Tp, _Nm>::size_type) const [with _Tp = unsigned int; long unsigned int _Nm = 1; std::array<_Tp, _Nm>::const_reference = const unsigned int&; std::array<_Tp, _Nm>::size_type = long unsigned int]: Assertion '__n < this->size()' failed.

also appears.

2.33.2 (also from the tar.xz) works just fine

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210823/b63f4bbe/attachment.htm>