[Webkit-unassigned] [Bug 128840] New: ASSERT(isValidAllocation(bytes)) when ObjC API creates custom errors

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 14 13:49:41 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=128840

           Summary: ASSERT(isValidAllocation(bytes)) when ObjC API creates
                    custom errors
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: joepeck at webkit.org
                CC: ggaren at apple.com, mhahnenberg at apple.com


* TEST:
JSContext *context = [[[JSContext alloc] init] autorelease];
[[JSValue valueWithInt32:42 inContext:context] toDictionary];

* ASSERT
ASSERTION FAILED: isValidAllocation(bytes)
/Volumes/Data/Code/safari/OpenSource/Source/JavaScriptCore/heap/Heap.h(467) : void *JSC::Heap::allocateWithoutDestructor(size_t)
1   0x10a94ce50 WTFCrash
2   0x10a1ce54b JSC::Heap::allocateWithoutDestructor(unsigned long)
3   0x10a4ea107 void* JSC::allocateCell<JSC::ErrorInstance>(JSC::Heap&, unsigned long)
4   0x10a4e986f void* JSC::allocateCell<JSC::ErrorInstance>(JSC::Heap&)
5   0x10a4e8ffb JSC::ErrorInstance::create(JSC::VM&, JSC::Structure*, WTF::String const&, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>)
6   0x10a4e88f7 JSC::createTypeError(JSC::JSGlobalObject*, WTF::String const&)
7   0x10a4e8b35 JSC::createTypeError(JSC::ExecState*, WTF::String const&)
8   0x10a6d5af5 valueToDictionary(OpaqueJSContext*, OpaqueJSValue const*, OpaqueJSValue const**)
9   0x10a6d5921 -[JSValue toDictionary]
10  0x10a1b5f04 main
11  0x7fff8cbbf5f1 start

Specifically, vm->identifierTable != wtfThreadData().currentIdentifierTable.

My guess is that the ObjC API has to grab the APIEntryShim before it calls into JSC (via JSC::createTypeError). Most of the ObjC API uses the C API which already does this implicitly.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list