Bug 48954

Summary:

Website consistently crashing TOT in JIT::execute() on news.com.au

Product:

WebKit

Reporter:

August Joki <august.joki>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

oliver, simon.fraser

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.6

URL:

http://www.news.com.au/technology/were-sorry-for-claiming-captain-kirk-was-in-command-of-captain-picards-starship/story-e6frfro0-1225947119042

Attachments:

Description	Flags
Patch	barraclough: review+

August Joki

Reported 2010-11-03 14:17:38 PDT

Visiting this site causes the nightly to consistently crash.

Attachments
Patch (3.65 KB, patch) 2010-11-05 12:38 PDT, Oliver Hunt	barraclough: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Simon Fraser (smfr)

Comment 1 2010-11-03 14:18:44 PDT

Crashes in JIT::execute()

Simon Fraser (smfr)

Comment 2 2010-11-03 14:19:04 PDT

<rdar://problem/8627522>

Oliver Hunt

Comment 3 2010-11-03 22:37:52 PDT

Something is assuming that |this| is an object/cell when in strict mode that is not necessarily true. Basic searches in the jit don't seem to indicate an obvious place that would be responsible for this.

Oliver Hunt

Comment 4 2010-11-05 12:38:44 PDT

Created attachment 73100 [details] Patch

Oliver Hunt

Comment 5 2010-11-05 12:43:06 PDT

Committed r71444: <http://trac.webkit.org/changeset/71444>

Note You need to log in before you can comment on or make changes to this bug.