Bug 176050 - [DFG] JSC::DFG::SpeculativeJIT::fillSpeculateInt52 crashes when logging into protonmail
Summary: [DFG] JSC::DFG::SpeculativeJIT::fillSpeculateInt52 crashes when logging into ...
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-29 03:52 PDT by Sergio Villar Senin
Modified: 2017-08-29 03:54 PDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergio Villar Senin 2017-08-29 03:52:11 PDT
I get the following WebProcess crash when logging into https://mail.protonmail.com

(I'm using WebKitGtk+ 2.16.6 stable branch)

#0  0x00007fe61a55553c in WTFCrash () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#1  0x00007fe61a555559 in WTFCrashWithSecurityImplication () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#2  0x00007fe619eacd81 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#3  0x00007fe619ead0e4 in JSC::DFG::Graph::handleAssertionFailure(JSC::DFG::Node*, char const*, int, char const*, char const*) ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00007fe619fc0db9 in JSC::DFG::SpeculativeJIT::fillSpeculateInt52(JSC::DFG::Edge, JSC::DataFormat) ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#5  0x00007fe619fa9cfa in JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand(JSC::DFG::SpeculativeJIT*, JSC::DFG::Edge) ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#6  0x00007fe619f92b37 in JSC::DFG::SpeculativeJIT::compileValueToInt32(JSC::DFG::Node*) ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#7  0x00007fe619fd3e98 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#8  0x00007fe619fa5e62 in JSC::DFG::SpeculativeJIT::compileCurrentBlock() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#9  0x00007fe619fa62a6 in JSC::DFG::SpeculativeJIT::compile() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#10 0x00007fe619ed33b0 in JSC::DFG::JITCompiler::compileFunction() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#11 0x00007fe619f597d9 in JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#12 0x00007fe619f59e67 in JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) ()
   from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#13 0x00007fe61a014c9f in JSC::DFG::Worklist::ThreadBody::work() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#14 0x00007fe61a5566bf in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#15 0x00007fe61a5683f5 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#16 0x00007fe61a58cb9a in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#17 0x00007fe618b6f494 in start_thread (arg=0x7fe58a3fc700) at pthread_create.c:333
#18 0x00007fe61cb3caff in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Comment 1 Sergio Villar Senin 2017-08-29 03:54:24 PDT
Seems to have been already fixed as I cannot reproduce it with trunk