Bug 132465

Summary: [GTK] [Stable] JSC crashes in 2.4.x
Product: WebKit Reporter: Alberto Garcia <berto>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cgarcia, zan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Alberto Garcia 2014-05-02 00:28:51 PDT 
I've been experiencing random JSC crashes in the 2.4 branch for quite some time.

I don't have a detailed list of steps to reproduce this, but it happens relatively often (several times per day) with e.g Facebook.

The backtraces are not really meaningful:

Program received signal SIGSEGV, Segmentation fault.
0x00007f7d1ea1a939 in llint_function_for_call_arity_check () from .libs/libjavascriptcoregtk-3.0.so.0
(gdb) bt
#0  0x00007f7d1ea1a939 in llint_function_for_call_arity_check () from .libs/libjavascriptcoregtk-3.0.so.0
#1  0x0000000000000000 in ?? ()

After some testing it seems that reverting r159826 solves the problem:

http://trac.webkit.org/changeset/159826

I tested this with WebKitGTK+ 2.4.1 and I haven't been able to crash the browser since then.

I haven't checked whether this affects master or if it has been fixed there, otherwise I propose that we revert that change in the stable branch.
Comment 1 Carlos Garcia Campos 2014-05-05 00:46:42 PDT 
Reverted in 2.4 branch in r168261. Thanks!