Bug 90344

Summary: Reproducible crash in CFGSimplificationPhase::mergeBlocks
Product: WebKit Reporter: Fabian Mailinator <fabian>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: barraclough, fpizlo, rmorisset, saam
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.7   
URL: http://www.ebbc.org/
Attachments:
Description Flags
crash reporter backtrace of crash none

Fabian Mailinator
Reported 2012-06-30 19:01:37 PDT
To do: Visit this page: http://www.ebbc.org/ To Notice: Safari crashes. Crash notifier pops up and offers to send crash to apple Expected Bahaviour: Safari would not crash. Crash reporter crash report attached.
Attachments
crash reporter backtrace of crash (47.09 KB, text/plain)
2012-06-30 19:04 PDT, Fabian Mailinator 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Fabian Mailinator
Comment 1 2012-06-30 19:04:05 PDT
Created attachment 150325 [details] crash reporter backtrace of crash
Alexey Proskuryakov
Comment 2 2012-07-01 01:10:23 PDT
*** Bug 90343 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 3 2012-07-01 01:11:57 PDT
I did not attempt to reproduce.
Robin Morisset
Comment 4 2017-11-06 07:21:05 PST
I tried reproducing this, and http://www.ebbc.org/ worked without problems. Since CFGSimplificationPhase::mergeBlocks was fixed a dozen times since this bug was reported, I suspect the bug was fixed.
Saam Barati
Comment 5 2017-11-08 10:47:10 PST
(In reply to Robin Morisset from comment #4) > I tried reproducing this, and http://www.ebbc.org/ worked without problems. > Since CFGSimplificationPhase::mergeBlocks was fixed a dozen times since this > bug was reported, I suspect the bug was fixed. I believe I fixed this. I think the bug was we were merging a block with itself, hence, infinite loop until we ran out of memory.
Note You need to log in before you can comment on or make changes to this bug.