124683 – New crashing tests following r159427

Bug 124683 - New crashing tests following r159427

Summary: New crashing tests following r159427

Status:	RESOLVED DUPLICATE of bug 124675

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows 7

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-11-20 15:15 PST by Roger Fong
Modified:	2013-11-20 15:29 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Roger Fong 2013-11-20 15:15:07 PST

+jquery/offset.html
+jquery/css.html
+jquery/data.html
+jquery/event.html
+jquery/core.html
+jquery/manipulation.html
+jquery/traversing.html
+cssom/cssvalue-comparison.html
+js/mozilla/strict/B.1.2.html
+js/mozilla/strict/13.1.html
+js/mozilla/strict/12.14.1.html
+js/mozilla/strict/15.10.7.html

They crash on JUTStubsX86.h (A wonderfully description access violation).
Happesn on line 225 after being called from JITCode::execute

Looks like:
add esp, 0x1c

Comment 1 Roger Fong 2013-11-20 15:27:40 PST

0BCB303E  mov         ecx,dword ptr [ebp]  
0BCB3041  jmp         0BCB3048  
0BCB3046  mov         ecx,ebp  
0BCB3048  mov         dword ptr [esp],ecx  
0BCB304B  call        lookupExceptionHandler (22F8360h)  
0BCB3050  mov         eax,0B080048h  
0BCB3055  mov         edx,dword ptr [eax+5FD4h]  
0BCB305B  mov         eax,dword ptr [eax+5FD0h]  
0BCB3061  jmp         edx  
0BCB3063  add         byte ptr [eax],al  
0BCB3065  add         byte ptr [eax],al  
0BCB3067  add         byte ptr [eax],al  
0BCB3069  add         byte ptr [eax],al  
0BCB306B  add         byte ptr [eax],al  
0BCB306D  add         byte ptr [eax],al  
0BCB306F  add         byte ptr [eax],al  
0BCB3071  add         byte ptr [eax],al  
0BCB3073  add         byte ptr [eax],al  
0BCB3075  add         byte ptr [eax],al  
0BCB3077  add         byte ptr [eax],al  
0BCB3079  add         byte ptr [eax],al  
0BCB307B  add         byte ptr [eax],al  
0BCB307D  add         byte ptr [eax],al  
0BCB307F  add         byte ptr [ebx-7AF00406h],al  
0BCB3085  cmp         al,0  
0BCB3087  add         byte ptr [eax],al  
0BCB3089  mov         ebx,dword ptr [eax]  <== CRASHING HERE, EAX contains FFFFFFFB 
0BCB308B  cmp         dword ptr [ebx+20h],362C598h  
0BCB3092  jne         0BCB30C5

Comment 2 Michael Saboff 2013-11-20 15:29:56 PST

this looks like a dup of https://bugs.webkit.org/show_bug.cgi?id=124675.  Dereferencing eax which contains a tag of 0xfffffffb.

*** This bug has been marked as a duplicate of bug 124675 ***