[Webkit-unassigned] [Bug 160027] New: Crash in JSC::speculationFromCell

Thu Jul 21 09:52:10 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=160027

            Bug ID: 160027
           Summary: Crash in JSC::speculationFromCell
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: iOS
                OS: iOS 9.3
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aleReimondo at smalltalking.net

Created attachment 284222
  --> https://bugs.webkit.org/attachment.cgi?id=284222&action=review
Crash report when running iPhone 6s, iOS 9.3.3

Summary: Reading a file (~3Mb) in a loop, can result in an EXC_BAD_ACCESS or memory full.

Expected Results:
The test should evaluate an arbitrary number of times without issue.

Actual Results:
Memory appears to be corrupted causing EXC_BAD_ACCESS or silent crash and memory full.
A crash report file is attached.

Steps to reproduce:
Download the coco8 Xcode project (from http://u8.smalltalking.net/profile/aleReimondo/coco8/coco8.zip )
Open coco8/coco8.xcodeproj with Xcode 7.3 or 8(Beta).
Run the application on an iPhone 6s, iPad Pro or iPad 4.
Tap the link ("Read Sample.txt file") in the welcome page.
This will cause the application to crash.

Notes:
The test script generate a Sample.txt file of aprox. 3mb and read the file contents 100 times.

Configuration: Xcode 8.0 beta (8S128d), iPhone 6s iOS 9.3.2 (13F69)
It can also be reproduced with iPhone 5s, iPad 4, iPad Pro with iOS 8.x, 9.x and 10.0 (Beta)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160721/283180ca/attachment.html>