[Webkit-unassigned] [Bug 189830] New: Crash under JSC::JSRopeString::resolveRope(JSC::ExecState*)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 21 07:15:22 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=189830

            Bug ID: 189830
           Summary: Crash under
                    JSC::JSRopeString::resolveRope(JSC::ExecState*)
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: graouts at apple.com

On a ToT Release build, going to this URL yields a WebContent crash:

http://loanpride.com/ces-enfants-de-stars-sont-devenus-grands-ils-peuvent-maintenant-construire-leur-vie-future-grace-a-leur-conseillers-financiers/

0   com.apple.JavaScriptCore            0x00000004bcde023e JSC::JSRopeString::resolveRope(JSC::ExecState*) const + 318 (MarkedBlock.h:447)
1   com.apple.JavaScriptCore            0x00000004bcd755b8 JSC::getCalculatedDisplayName(JSC::VM&, JSC::JSObject*) + 424 (RefPtr.h:59)
2   com.apple.JavaScriptCore            0x00000004bce7b51b JSC::StackFrame::functionName(JSC::VM&) const + 107 (DumbPtrTraits.h:41)
3   com.apple.JavaScriptCore            0x00000004bce7b684 JSC::StackFrame::toString(JSC::VM&) const + 52 (StackFrame.cpp:63)
4   com.apple.JavaScriptCore            0x00000004bcac8dc7 JSC::Interpreter::stackTraceAsString(JSC::VM&, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul> const&) + 135 (Interpreter.cpp:460)
5   com.apple.JavaScriptCore            0x00000004bcd185f4 JSC::addErrorInfo(JSC::VM&, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>*, JSC::JSObject*) + 612 (RefPtr.h:88)
6   com.apple.JavaScriptCore            0x00000004bcd187b2 JSC::addErrorInfo(JSC::ExecState*, JSC::JSObject*, bool) + 162 (Error.cpp:236)
7   com.apple.WebCore                   0x00000004b8a020f5 WebCore::createDOMException(JSC::ExecState*, WebCore::ExceptionCode, WTF::String const&) + 421 (JSDOMExceptionHandling.cpp:153)
8   com.apple.WebCore                   0x00000004b8a02267 WebCore::throwSecurityError(JSC::ExecState&, JSC::ThrowScope&, WTF::String const&) + 23 (ThrowScope.h:81)
9   com.apple.WebCore                   0x00000004b8a08f39 bool WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess<(WebCore::DOMWindowType)0>(WebCore::JSDOMGlobalObject*, WebCore::AbstractDOMWindow&, JSC::ExecState&, JSC::PropertyName, JSC::PropertySlot&, WTF::String const&) + 201 (PropertySlot.h:355)
10  com.apple.WebCore                   0x00000004b8a09e50 WebCore::JSDOMWindow::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 512 (JSDOMWindowCustom.cpp:204)
11  com.apple.JavaScriptCore            0x00000004bcb9289a llint_slow_path_get_by_id + 3018 (JSObjectInlines.h:151)
12  com.apple.JavaScriptCore            0x00000004bc4ec714 llint_entry + 11553 (LowLevelInterpreter64.asm:307)
13  com.apple.JavaScriptCore            0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831)
14  ???                                 0x00003dd69a06ed77 0 + 67991916440951
15  ???                                 0x00003dd69a086ee3 0 + 67991916539619
16  ???                                 0x00003dd69a0b3b26 0 + 67991916722982
17  ???                                 0x00003dd69a052254 0 + 67991916323412
18  ???                                 0x00003dd69a088ec3 0 + 67991916547779
19  ???                                 0x00003dd69a0b3b26 0 + 67991916722982
20  com.apple.JavaScriptCore            0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831)
21  ???                                 0x00003dd69a086ee3 0 + 67991916539619
22  ???                                 0x00003dd69a0b3b26 0 + 67991916722982
23  com.apple.JavaScriptCore            0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831)
24  com.apple.JavaScriptCore            0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831)
25  com.apple.JavaScriptCore            0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831)
26  com.apple.JavaScriptCore            0x00000004bc4f0647 llint_entry + 27732 (LowLevelInterpreter.asm:831)
27  ???                                 0x00003dd699e4b73c 0 + 67991914198844
28  ???                                 0x00003dd69a057f31 0 + 67991916347185
29  ???                                 0x00003dd69a086ee3 0 + 67991916539619
30  ???                                 0x00003dd69a054835 0 + 67991916333109
31  ???                                 0x00003dd69a052254 0 + 67991916323412
32  ???                                 0x00003dd69a03d455 0 + 67991916237909
33  ???                                 0x00003dd69a057f31 0 + 67991916347185
34  ???                                 0x00003dd69a06c56a 0 + 67991916430698
35  ???                                 0x00003dd69a02c4c2 0 + 67991916168386
36  com.apple.JavaScriptCore            0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831)
37  com.apple.JavaScriptCore            0x00000004bc4e9839 vmEntryToJavaScript + 200 (LowLevelInterpreter64.asm:258)
38  com.apple.JavaScriptCore            0x00000004bcacbc5c JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 11020 (JITCodeInlines.h:39)
39  com.apple.JavaScriptCore            0x00000004bcd0696f JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 287 (Completion.cpp:103)
40  com.apple.WebCore                   0x00000004b8a27274 WebCore::JSExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 84 (JSExecState.h:80)
41  com.apple.WebCore                   0x00000004b8a270df WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 207 (ScriptController.cpp:131)
42  com.apple.WebCore                   0x00000004b8cae4e3 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 563 (CurrentScriptIncrementer.h:54)
43  com.apple.WebCore                   0x00000004b8c7ca1d WebCore::LoadableClassicScript::execute(WebCore::ScriptElement&) + 141 (utility:896)
44  com.apple.WebCore                   0x00000004b8cae741 WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript&) + 177 (ScriptElement.cpp:427)
45  com.apple.WebCore                   0x00000004b8cb492d WebCore::ScriptRunner::timerFired() + 605 (ScriptRunner.cpp:132)
46  com.apple.WebCore                   0x00000004b91488c9 WebCore::ThreadTimers::sharedTimerFiredInternal() + 185 (ThreadTimers.cpp:120)
47  com.apple.WebCore                   0x00000004b918fcaf WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 (MainThreadSharedTimerCF.cpp:75)
48  com.apple.CoreFoundation            0x00007fff371bae6d __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
49  com.apple.CoreFoundation            0x00007fff371baa20 __CFRunLoopDoTimer + 859
50  com.apple.CoreFoundation            0x00007fff371ba560 __CFRunLoopDoTimers + 333
51  com.apple.CoreFoundation            0x00007fff3719b7b7 __CFRunLoopRun + 2176
52  com.apple.CoreFoundation            0x00007fff3719ace4 CFRunLoopRunSpecific + 463
53  com.apple.Foundation                0x00007fff394fb5da -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
54  com.apple.Foundation                0x00007fff394fb4af -[NSRunLoop(NSRunLoop) run] + 76
55  libxpc.dylib                        0x00007fff645eaee6 _xpc_objc_main + 555
56  libxpc.dylib                        0x00007fff645ea9e5 xpc_main + 433
57  com.apple.WebKit.WebContent         0x00000001040e7636 WebKit::XPCServiceMain(int, char const**) + 547
58  com.apple.WebKit.WebContent         0x00000001040e77bb main + 9 (XPCServiceMain.mm:46)
59  libdyld.dylib                       0x00007fff643b4085 start + 1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180921/7937a34e/attachment.html>

More information about the webkit-unassigned mailing list