WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
71227
REGRESSION (
r97118
): Reproducible crash in JSCell::toPrimitive when adding
https://bugs.webkit.org/show_bug.cgi?id=71227
Summary
REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
Alexey Proskuryakov
Reported
2011-10-31 10:47:21 PDT
Steps to reproduce: open
http://webmop.de/app/context.html
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010afc5c34 JSC::JSCell::toPrimitive(JSC::ExecState*, JSC::PreferredPrimitiveType) const + 4 1 com.apple.JavaScriptCore 0x000000010af022cd JSC::jsAddSlowCase(JSC::ExecState*, JSC::JSValue, JSC::JSValue) + 941 2 com.apple.JavaScriptCore 0x000000010ae966e9 cti_op_add + 121 3 ??? 0x00004cbbf7f54454 0 + 84370202641492 4 com.apple.JavaScriptCore 0x000000010ae37128 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1112 5 com.apple.JavaScriptCore 0x000000010ae36cbd JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 45 <
rdar://problem/10306791
>
Attachments
the patch
(2.03 KB, patch)
2011-10-31 14:00 PDT
,
Filip Pizlo
oliver
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2011-10-31 14:00:47 PDT
Created
attachment 113084
[details]
the patch
Filip Pizlo
Comment 2
2011-10-31 14:04:03 PDT
Landed in
http://trac.webkit.org/changeset/98878
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug