[Webkit-unassigned] [Bug 223690] [iOS] Reproducible crash in Interpreter::executeCall

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 24 09:30:18 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=223690

Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fpizlo at apple.com,
                   |                            |mark.lam at apple.com,
                   |                            |webkit-bug-importer at group.a
                   |                            |pple.com, ysuzuki at apple.com
          Component|New Bugs                    |JavaScriptCore
            Summary|[iOS] JavaScriptCore        |[iOS] Reproducible crash in
                   |segmentation fault          |Interpreter::executeCall

--- Comment #2 from Alexey Proskuryakov <ap at webkit.org> ---
I can reproduce this crash with iOS 14.5 beta.

Thread 24 Crashed:
0   JavaScriptCore                      0x00000001af95a2c0 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 508
1   JavaScriptCore                      0x00000001af95a2ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
2   JavaScriptCore                      0x00000001afbcc378 JSC::callGetter(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue) + 212
3   JavaScriptCore                      0x00000001afa3051c JSC::LLInt::performLLIntGetByID(JSC::Instruction const*, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&) + 1988
4   JavaScriptCore                      0x00000001afa2fc6c llint_slow_path_get_by_id + 296
5   JavaScriptCore                      0x00000001af323e70 llint_entry + 45104
6   JavaScriptCore                      0x00000001af33d1a4 llint_entry + 148324
7   JavaScriptCore                      0x00000001af318b94 vmEntryToJavaScript + 276
8   JavaScriptCore                      0x00000001af95a2ac JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 488
9   JavaScriptCore                      0x00000001afb671e0 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 176
10  WebCore                             0x00000001b3b2ccc0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1528

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210324/383cc918/attachment-0001.htm>

More information about the webkit-unassigned mailing list