I use GTK 2.4.3 version webkit engine in armV7 Android platform, when access http://www.tmall.com/go/market/promotion-act/nsxy9-h5.php this webpage it always cause a assertion, it seems a JSCell pointer is NULL. And this value is from DFG register, do you know how to fix this bug? Thanks. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 3022] 0xb5402f9e in WTFCrash () at TGL/thirdparty/webkit-2.4/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0xb5402f9e in WTFCrash () at TGL/thirdparty/webkit-2.4/Source/WTF/wtf/Assertions.cpp:333 #1 0xb515e7ac in methodTable (this=<optimized out>) at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/runtime/JSCellInlines.h:160 #2 JSC::JSValue::put (this=0xb302e6e8, exec=0xb0944958, propertyName=<optimized out>, value=..., slot=...) at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:703 #3 0xb5220a0a in JSC::putByVal (callFrame=0xfffffffb, baseValue=..., subscript=..., value=...) at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/jit/JITOperations.cpp:478 #4 0xb52226b8 in JSC::operationPutByVal (exec=0xb0944958, encodedBaseValue=<optimized out>, encodedSubscript=-18516814096, encodedValue=-18617586880) at TGL/thirdparty/webkit-2.4/Source/JavaScriptCore/jit/JITOperations.cpp:542 #5 0xaf0d8b30 in ?? () #6 0xaf0d8b30 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) disas WTFCrash Dump of assembler code for function WTFCrash(): 0xb5402f88 <+0>: push {r3, lr} 0xb5402f8a <+2>: ldr r3, [pc, #24] ; (0xb5402fa4 <WTFCrash()+28>) 0xb5402f8c <+4>: add r3, pc 0xb5402f8e <+6>: ldr r0, [r3, #0] 0xb5402f90 <+8>: cbz r0, 0xb5402f94 <WTFCrash()+12> 0xb5402f92 <+10>: blx r0 0xb5402f94 <+12>: movw r2, #48879 ; 0xbeef 0xb5402f98 <+16>: movt r2, #48045 ; 0xbbad 0xb5402f9c <+20>: movs r1, #0 => 0xb5402f9e <+22>: str r1, [r2, #0] 0xb5402fa0 <+24>: blx r1 0xb5402fa2 <+26>: pop {r3, pc} 0xb5402fa4 <+28>: andeq r8, r3, r8, lsr #1 End of assembler dump. (gdb) i r r0 0x0 0 r1 0x0 0 r2 0xbbadbeef 3148725999 r3 0xb543b038 3041112120 r4 0xaa4e2b40 2857249600 r5 0xfffffffb 4294967291 r6 0xb302e6e8 3003311848 r7 0xb302e6a8 3003311784 r8 0xb302e6f8 3003311864 r9 0xac3d14b0 2889684144 r10 0xb0944958 2962508120 r11 0xfffffffb 4294967291 r12 0xb53e3b48 3040754504 sp 0xb302e690 0xb302e690 lr 0xb515e7ad -1256855635 pc 0xb5402f9e 0xb5402f9e <WTFCrash()+22> cpsr 0x60030030 1610809392 (gdb) l 328 { 329 if (globalHook) 330 globalHook(); 331 332 WTFReportBacktrace(); 333 *(int *)(uintptr_t)0xbbadbeef = 0; 334 // More reliable, but doesn't say BBADBEEF. 335 #if COMPILER(CLANG) 336 __builtin_trap(); 337 #else
This is a [GTK][Stable] 2.4.3 version bug.