[Webkit-unassigned] [Bug 196506] New: Crash in Options::setOptions() using --configFile option and libgmalloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 2 12:09:41 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196506
Bug ID: 196506
Summary: Crash in Options::setOptions() using --configFile
option and libgmalloc
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: msaboff at apple.com
We get this crash when using a JSC configFile and libgmalloc:
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106a13fb0)
* frame #0: 0x00007fff581b0712 libsystem_platform.dylib`_platform_strlen + 18
frame #1: 0x0000000101814731 JavaScriptCore`JSC::Options::setOptions(optionsStr="") at Options.cpp:647:21
frame #2: 0x000000010163c3dc JavaScriptCore`JSC::ConfigFile::parse(this=0x00007ffeefbfec10) at ConfigFile.cpp:470:13
frame #3: 0x000000010164355b JavaScriptCore`JSC::processConfigFile(this=0x00007ffeefbff520)::$_1::operator()() const at ConfigFile.cpp:536:24
frame #4: 0x000000010164347d JavaScriptCore`decltype(__f=0x00007ffeefbff520)::$_1>(fp)()) std::__1::__invoke<JSC::processConfigFile(char const*, char const*, char const*)::$_1>(JSC::processConfigFile(char const*, char const*, char const*)::$_1&&) at type_traits:4345:1
frame #5: 0x0000000101643458 JavaScriptCore`void std::__1::__call_once_param<std::__1::tuple<JSC::processConfigFile(char const*, char const*, char const*)::$_1&&> >::__execute<>(this=0x00007ffeefbff4f0, (null)=__tuple_indices<> @ 0x00007ffeefbff458) at mutex:621:9
frame #6: 0x0000000101643425 JavaScriptCore`std::__1::__call_once_param<std::__1::tuple<JSC::processConfigFile(char const*, char const*, char const*)::$_1&&> >::operator(this=0x00007ffeefbff4f0)() at mutex:613:9
frame #7: 0x00000001016432fd JavaScriptCore`void std::__1::__call_once_proxy<std::__1::tuple<JSC::processConfigFile(char const*, char const*, char const*)::$_1&&> >(__vp=0x00007ffeefbff4f0) at mutex:649:5
frame #8: 0x00007fff5569b896 libc++.1.dylib`std::__1::__call_once(unsigned long volatile&, void*, void (*)(void*)) + 139
frame #9: 0x000000010163c9cc JavaScriptCore`void std::__1::call_once<JSC::processConfigFile(char const*, char const*, char const*)::$_1>(__flag=0x000000010220c5a0, __func=0x00007ffeefbff520)::$_1&&) at mutex:666:9
frame #10: 0x000000010163c95f JavaScriptCore`JSC::processConfigFile(configFilename="jsc.config", processName="jsc", parentProcessName=0x0000000000000000) at ConfigFile.cpp:530:5
frame #11: 0x0000000100005344 jsc`jscmain(argc=2, argv=0x00007ffeefbff690) at jsc.cpp:3002:5
frame #12: 0x00000001000052ee jsc`main(argc=2, argv=0x00007ffeefbff690) at jsc.cpp:2410:15
frame #13: 0x00007fff57fca0a5 libdyld.dylib`start + 1
It appears this i due to the implicit temporary CString getting destructed after the call to Cstring::data(), but before the call to Options::setOptions().
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190402/db765df9/attachment-0001.html>
More information about the webkit-unassigned
mailing list