[Webkit-unassigned] [Bug 236037] Wasm crash on https://copy.sh/v86/?profile=dsl
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 6 20:42:50 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=236037
Saam Barati <sbarati at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|webkit-unassigned at lists.web |sbarati at apple.com
|kit.org |
--- Comment #11 from Saam Barati <sbarati at apple.com> ---
Created attachment 451062
--> https://bugs.webkit.org/attachment.cgi?id=451062&action=review
asm.txt
Attaching asm of a function we're crashing in. Noted which instruction we're crashing in with "CRASH".
We have this code sequence:
0x120b52850: ldr x0, [sp, #17096]
0x120b52854: add x0, x22, x0
0x120b52858: movz x16, #0xc640
0x120b5285c: add x16, sp, x16, uxtx
0x120b52860: ldur x1, [x16]
0x120b52864: ldr w20, [x0, x1] <--- CRASH
The interesting thing here is I can't find where we store to [sp, #17096], which makes me wonder if it's uninitialized. But there's a chance we're storing it somehow that I haven't been able to figure out by statically looking at the asm.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220207/9cc5795c/attachment.htm>
More information about the webkit-unassigned
mailing list