1. The scenario is while loading pages like pinkbike.com it crashes always. 2. The callstack for the crash is as follows JSC::JSObject::inlineGetOwnPropertySlot(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) JSC::ExecState::operator=(JSC::Register const&) JSC::ExecState::setCalleeArguments(JSC::Arguments*) JSC::ExecState::init(JSC::CodeBlock*, JSC::Instruction*, JSC::ScopeChainNode*, JSC::ExecState*, int, int, JSC::JSFunction*) JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag, JSC::RegisterFile*, JSC::ExecState*, JSC::JSValue**) JSC::Interpreter::execute(JSC::ProgramNode*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue**) JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue*) WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) WebCore::FrameLoader::executeScript(WebCore::ScriptSourceCode const&) WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) WTF::Vector<wchar_t, 0u>::~Vector() WebCore::HTMLParser::popBlock(WebCore::AtomicString const&, bool) WebCore::HTMLParser::processCloseTag(WebCore::Token*) WebCore::HTMLParser::parseToken(WebCore::Token*) JSC::UString::Rep::create(wchar_t*, int) WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) WebCore::CSSStyleSelector::styleForElement(WebCore::Element*, WebCore::RenderStyle*, bool, bool) WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) WebCore::StringImpl::StringImpl(char const*, unsigned int) WebCore::StringImpl::create(char const*) WebCore::String::String(char const*) WebCore::FrameLoader::encoding() const WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State)
This crashes found on RVCT 3.0 on ARM processor.