Bug 21135
| Summary: | Trap in Inspector autocomplete in debug builds | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Oliver Hunt <oliver> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | ap, ggaren, mjs, zwarich |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.5 | ||
Oliver Hunt
This appears to be a js issue, but *could* be native code passing bad data to a jitted function
Anyhoo, to reproduce:
1. Open the inspector console
2. type 'xhr = new XMLHttpRequest; xhr.open("GET", "#foo")'<enter>
3. type 'xhr.'<tab> (note the '.')
At this point we hit a generated trap, in this code:
0x6db994a: and $0x34,%al
0x6db994c: cmpl $0x0,0x8(%ecx)
0x6db9953: je 0x6db995a
0x6db9959: int3
0x6db995a: test %eax,%eax
0x6db995c: je 0x6db996a
0x6db9962: mov %eax,0x8(%edi)
0x6db9965: jmp 0x6db9865
0x6db996a: mov 0x0(%edi),%eax
0x6db996d: test $0x3,%eax
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Timothy Hatcher
Might this be related to bug 19890?
Alexey Proskuryakov
Cannot reproduce in Safari 6.0.1.