[Webkit-unassigned] [Bug 200863] Crash in JSC::SlotVisitor::visitChildren
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 14 01:33:19 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=200863
--- Comment #5 from Krzysztof Konopko <kris at youview.com> ---
Created attachment 463515
--> https://bugs.webkit.org/attachment.cgi?id=463515&action=review
HTML/JS test which reproduces the crash on a AArch64 platform (WPE)
This is a reduced test case which is a result of cutting down a web application bundled with WebPack. Therefore a lot of code does not make sense (as it's mostly WebPack's polyfill) but it still reproduces a crash in GC on a custom AArch64 platform with additional logging enabled in GC (separate attachement). It simulates events that the application was originally responding to.
Having the `window` object used as a global "storage" for extensions seems to be essential here. The crash does not reproduce when run with `jsc` (where `window` is simply replaced with an empty object `{}`).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221114/47051064/attachment-0001.htm>
More information about the webkit-unassigned
mailing list