Bug 41763

Summary:

REGRESSION: Crash at JSC::JIT::privateCompile(JSC::MacroAssemblerCodePtr*)

Product:

WebKit

Reporter:

Ismail Donmez <ismail>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

oliver

Priority:

Keywords:

InRadar, Regression

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.6

Attachments:

Description	Flags
Crash backtrace	none
Patch	barraclough: review+

Description Ismail Donmez 2010-07-07 05:51:15 PDT

Using revision r62632. 

How to reproduce;

- Visit http://cnnturk.com
- Wait 2-3 seconds
- Crash

Comment 1 Ismail Donmez 2010-07-07 05:52:32 PDT

Created attachment 60724 [details]
Crash backtrace

Comment 2 Ismail Donmez 2010-07-08 12:18:52 PDT

Still reproducable on trunk.

Comment 3 Alexey Proskuryakov 2010-07-08 12:30:15 PDT

m_codeBlock is null:

#0	0x101ac471a in JSC::CodeBlock::codeType at CodeBlock.h:410
#1	0x101acacd4 in JSC::JIT::privateCompile at JIT.cpp:473
#2	0x101ab5f1e in JSC::JIT::compile at JIT.h:183
#3	0x101aaf89c in JSC::FunctionExecutable::generateJITCodeForCall at Executable.cpp:212
#4	0x101a565be in JSC::FunctionExecutable::jitCodeForCall at Executable.h:407
#5	0x101aee92f in cti_op_call_jitCompile at JITStubs.cpp:1820
#6	0x101ae6981 in WTF::doubleHash at HashTable.h:447
#7	0x101ac6aba in JSC::JITCode::execute at JITCode.h:77
#8	0x101ac2805 in JSC::Interpreter::executeCall at Interpreter.cpp:784
#9	0x101a7e229 in JSC::call at CallData.cpp:38
#10	0x102c9469d in WebCore::JSMainThreadExecState::call at JSMainThreadExecState.h:48
#11	0x102d25202 in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:124

Comment 4 Alexey Proskuryakov 2010-07-08 12:30:41 PDT

<rdar://problem/8171867>

Comment 5 Oliver Hunt 2010-07-12 18:04:36 PDT

Created attachment 61305 [details]
Patch

Comment 6 Oliver Hunt 2010-07-13 12:57:28 PDT

Committed r63237: <http://trac.webkit.org/changeset/63237>