[Webkit-unassigned] [Bug 229235] REGRESSION(r??????): Crash in JSC::FTL::saveAllRegisters
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 24 00:32:42 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=229235
Zan Dobersek <zan at falconsigh.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zan at falconsigh.net
--- Comment #9 from Zan Dobersek <zan at falconsigh.net> ---
> constexpr const value_type& std::array<_Tp, _Nm>::operator[](std::array<_Tp, _Nm>::size_type) const [with _Tp = unsigned int; long unsigned int _Nm = 1; std::array<_Tp, _Nm>::const_reference = const unsigned int&; std::array<_Tp, _Nm>::size_type = long unsigned int]: Assertion '__n < this->size()' failed
This is an access into a std::array<unsigned int, 1>, as determined in WTF::Bitmap. Per backtrace, __n should be 0, but for whatever reason the assertion still pops off.
The assertion in std::array's operator[] is new for libstdc++ 11.1.0, it's not used in previous versions.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210824/30208210/attachment.htm>
More information about the webkit-unassigned
mailing list