[Webkit-unassigned] [Bug 174323] New: Accessing localDescription, remoteDescription, etc. after setTimeout raises EXC_BAD_ACCESS

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 10 15:16:04 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=174323

            Bug ID: 174323
           Summary: Accessing localDescription, remoteDescription, etc.
                    after setTimeout raises EXC_BAD_ACCESS
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mroberts at twilio.com

The following code raises an EXC_BAD_ACCESS error and crashes the tab in Safari 11 Tech Preview.

    (async () => {
      const pc = new RTCPeerConnection()
      pc.close()
      await new Promise(resolve => setTimeout(resolve))
      console.log(pc.localDescription)
    })()

Even simpler:

    const pc = new RTCPeerConnection()
    pc.close()
    setTimeout(() => {
      console.log(pc.localDescription)
    })

You can replace the access to `localDescription` with any of

    * localDescription
    * currentLocalDescription
    * pendingLocalDescription
    * remoteDescription
    * currentRemoteDescription
    * pendingRemoteDescription

Expected output:

    null

Actual output:

    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0   com.apple.WebCore               0x000000010b59e8dd WebCore::LibWebRTCMediaEndpoint::pendingRemoteDescription() const + 13
    1   com.apple.WebCore               0x000000010b5aa872 WebCore::LibWebRTCPeerConnectionBackend::pendingRemoteDescription() const + 18
    2   com.apple.WebCore               0x000000010b89a1a6 WebCore::RTCPeerConnection::pendingRemoteDescription() const + 22
    3   com.apple.WebCore               0x000000010b3d4b77 WebCore::jsRTCPeerConnectionPendingRemoteDescription(JSC::ExecState*, long long, JSC::PropertyName) + 231
    ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170710/59b67270/attachment-0001.html>


More information about the webkit-unassigned mailing list