[Webkit-unassigned] [Bug 230241] Fix crash in 32 bits due to not enough scratch registers available
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 13 18:14:22 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=230241
--- Comment #2 from Mikhail R. Gadelha <mikhail at igalia.com> ---
The bt:
#0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1 0xf5e76ea0 in __libc_signal_restore_set (set=0xfffecc7c) at ../sysdeps/unix/sysv/linux/internal-signals.h:86
#2 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xf5e677a2 in __GI_abort () at abort.c:79
#4 0xf6cc52ca in JSC::ScratchRegisterAllocator::allocateScratch<JSC::GPRInfo> (this=0xfffecfa0) at ../../Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp:98
#5 0xf6cbc120 in JSC::ScratchRegisterAllocator::allocateScratchGPR (this=0xfffecfa0) at ../../Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp:103
#6 0xf62dd070 in JSC::AccessCase::generateImpl (this=0xf36b1cc0, state=...) at ../../Source/JavaScriptCore/bytecode/AccessCase.cpp:2277
#7 0xf62dafda in JSC::AccessCase::generateWithGuard (this=0xf36b1cc0, state=..., fallThrough=...) at ../../Source/JavaScriptCore/bytecode/AccessCase.cpp:1755
#8 0xf63bb07a in JSC::PolymorphicAccess::regenerate (this=0xf36b1ca0, locker=..., vm=..., globalObject=0xf20f9038, codeBlock=0xf1e98000, ecmaMode=..., stubInfo=...)
at ../../Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:672
#9 0xf63e30c4 in operator() (__closure=0xfffee5f4) at ../../Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:221
#10 0xf63e321e in JSC::StructureStubInfo::addAccessCase (this=0xf36f6840, locker=..., globalObject=0xf20f9038, codeBlock=0xf1e98000, ecmaMode=..., ident=..., accessCase=...)
at ../../Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:245
#11 0xf6cb775e in JSC::tryCachePutBy (globalObject=0xf20f9038, codeBlock=0xf1e98000, baseValue=..., oldStructure=0xf1eb4be0, propertyName=..., slot=..., stubInfo=..., putByKind=JSC::PutByKind::ByVal,
putKind=JSC::PutKind::NotDirect) at ../../Source/JavaScriptCore/jit/Repatch.cpp:877
#12 0xf6cb791e in JSC::repatchPutBy (globalObject=0xf20f9038, codeBlock=0xf1e98000, baseValue=..., oldStructure=0xf1eb4be0, propertyName=..., slot=..., stubInfo=..., putByKind=JSC::PutByKind::ByVal,
putKind=JSC::PutKind::NotDirect) at ../../Source/JavaScriptCore/jit/Repatch.cpp:897
#13 0xf6c5b364 in JSC::putByValOptimize (globalObject=0xf20f9038, codeBlock=0xf1e98000, baseValue=..., subscript=..., value=..., stubInfo=0xf36f6840, profile=0xf36d30d0, ecmaMode=...)
at ../../Source/JavaScriptCore/jit/JITOperations.cpp:1055
#14 0xf6c5b516 in JSC::operationPutByValNonStrictOptimize (globalObject=0xf20f9038, encodedBaseValue=-17390867880, encodedSubscript=-17415805264, encodedValue=-4294967295, stubInfo=0xf36f6840,
profile=0xf36d30d0) at ../../Source/JavaScriptCore/jit/JITOperations.cpp:1087
#15 0xf2600e68 in ?? ()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210914/f03e6a71/attachment-0001.htm>
More information about the webkit-unassigned
mailing list