Bug 124683

Summary: New crashing tests following r159427
Product: WebKit Reporter: Roger Fong <roger_fong>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bfulgham, msaboff
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows 7   

Roger Fong
Reported 2013-11-20 15:15:07 PST
+jquery/offset.html +jquery/css.html +jquery/data.html +jquery/event.html +jquery/core.html +jquery/manipulation.html +jquery/traversing.html +cssom/cssvalue-comparison.html +js/mozilla/strict/B.1.2.html +js/mozilla/strict/13.1.html +js/mozilla/strict/12.14.1.html +js/mozilla/strict/15.10.7.html They crash on JUTStubsX86.h (A wonderfully description access violation). Happesn on line 225 after being called from JITCode::execute Looks like: add esp, 0x1c
Attachments
Add attachment proposed patch, testcase, etc.
Roger Fong
Comment 1 2013-11-20 15:27:40 PST
0BCB303E mov ecx,dword ptr [ebp] 0BCB3041 jmp 0BCB3048 0BCB3046 mov ecx,ebp 0BCB3048 mov dword ptr [esp],ecx 0BCB304B call lookupExceptionHandler (22F8360h) 0BCB3050 mov eax,0B080048h 0BCB3055 mov edx,dword ptr [eax+5FD4h] 0BCB305B mov eax,dword ptr [eax+5FD0h] 0BCB3061 jmp edx 0BCB3063 add byte ptr [eax],al 0BCB3065 add byte ptr [eax],al 0BCB3067 add byte ptr [eax],al 0BCB3069 add byte ptr [eax],al 0BCB306B add byte ptr [eax],al 0BCB306D add byte ptr [eax],al 0BCB306F add byte ptr [eax],al 0BCB3071 add byte ptr [eax],al 0BCB3073 add byte ptr [eax],al 0BCB3075 add byte ptr [eax],al 0BCB3077 add byte ptr [eax],al 0BCB3079 add byte ptr [eax],al 0BCB307B add byte ptr [eax],al 0BCB307D add byte ptr [eax],al 0BCB307F add byte ptr [ebx-7AF00406h],al 0BCB3085 cmp al,0 0BCB3087 add byte ptr [eax],al 0BCB3089 mov ebx,dword ptr [eax] <== CRASHING HERE, EAX contains FFFFFFFB 0BCB308B cmp dword ptr [ebx+20h],362C598h 0BCB3092 jne 0BCB30C5
Michael Saboff
Comment 2 2013-11-20 15:29:56 PST
this looks like a dup of https://bugs.webkit.org/show_bug.cgi?id=124675. Dereferencing eax which contains a tag of 0xfffffffb. *** This bug has been marked as a duplicate of bug 124675 ***
Note You need to log in before you can comment on or make changes to this bug.