Bug 108991

Summary:

Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

arnaud.lb

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

106665

Attachments:

Description	Flags
Patch	none

Michael Saboff

Reported 2013-02-05 16:53:25 PST

Crashing on 32 bit build of JavaScriptCore in www.gap.com. Also tracked in <rdar://problem/13144376>. It appears that we are reusing a temporary register in dfgLinkClosureCall().

Attachments
Patch (1.82 KB, patch) 2013-02-05 17:04 PST, Michael Saboff	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2013-02-05 17:04:42 PST

Created attachment 186726 [details] Patch Already reviewed by Oliver Hunt.

Michael Saboff

Comment 2 2013-02-05 17:08:30 PST

Committed r141951: <http://trac.webkit.org/changeset/141951>

Allan Sandfeld Jensen

Comment 3 2013-03-27 02:27:46 PDT

*** Bug 106665 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.