[Webkit-unassigned] [Bug 207699] New: New crash when passing Swift [:] into jsvalue.invokeMethod

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 13 09:01:47 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=207699

            Bug ID: 207699
           Summary: New crash when passing Swift [:] into
                    jsvalue.invokeMethod
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Macintosh
                OS: macOS 10.15
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jesse at hogbaysoftware.com

I have for a number of years been using this pattern when calling a method on jsValue to handle optional parameters:

public func doit(_ options: [String : Any]?) {  
    jsValueOutline.invokeMethod("doit", withArguments: [options ?? [:]])  
}

In particular notice the code: `options ?? [:]`

This stated crashing for me recently with this stack:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread  
0   libobjc.A.dylib               0x00007fff6eb583c9 class_conformsToProtocol + 170  
1   com.apple.JavaScriptCore       0x00007fff3858d6bd objectToValueWithoutCopy(JSContext*, objc_object*) + 77  
2   com.apple.JavaScriptCore       0x00007fff3858cf3a objectToValue(JSContext*, objc_object*) + 74  
3   com.apple.JavaScriptCore       0x00007fff3858ed17 -[JSValue invokeMethod:withArguments:] + 151  


I "think" it's related to 10.15.4 beta, but not entirely sure. It's odd in that I couldn't reproduce it for a day (I was getting user reports of it) ... and then "all of the sudden" I could reproduce it every time. The only change that I remember making is that I enabled Safari debugger Safari > My Computer > Automatically Show Web Inspector for JSContexts .. and also Pause those contexts.

I am able to fix the problem by chaining the above code to:

publicfunc doit(_ options: [String : Any]?) {  
    jsValueOutline.invokeMethod("doit", withArguments: [options as Any])  
}

Note that the `options ?? [:]` code is now changed to `options as Any`.

I've posted a thread on this issue in the developer forums:

https://forums.developer.apple.com/thread/129058

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200213/60a40b2f/attachment.htm>

More information about the webkit-unassigned mailing list