[Webkit-unassigned] [Bug 228982] New: WTFCrash in JSC::Lexer<char16_t>::append8

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 10 20:27:14 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=228982

            Bug ID: 228982
           Summary: WTFCrash in JSC::Lexer<char16_t>::append8
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cathiechen at igalia.com

Open https://www.drupal.org/project/eu_cookie_compliance/issues/3195373 in Debug build.

Crash info:

ASSERTION FAILED: isLatin1(c)
./parser/Lexer.cpp(873) : void JSC::Lexer<char16_t>::append8(const T *, size_t) [T = char16_t]
1   0x7d55a70b9 WTFCrash
2   0x7d6fa779b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x7d6dfd096 JSC::Lexer<char16_t>::append8(char16_t const*, unsigned long)
4   0x7d6dfe122 JSC::Lexer<char16_t>::parseCommentDirectiveValue()
5   0x7d6dfae4c JSC::Lexer<char16_t>::parseCommentDirective()
6   0x7d6df7bea JSC::Lexer<char16_t>::lexWithoutClearingLineTerminator(JSC::JSToken*, WTF::OptionSet<JSC::LexerFlags>, bool)
7   0x7d6df5500 JSC::Lexer<char16_t>::lex(JSC::JSToken*, WTF::OptionSet<JSC::LexerFlags>, bool)
8   0x7d6e196c8 JSC::Parser<JSC::Lexer<char16_t> >::next(WTF::OptionSet<JSC::LexerFlags>)
9   0x7d6e193a8 JSC::Parser<JSC::Lexer<char16_t> >::Parser(JSC::VM&, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ConstructorKind, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::DebuggerParseData*, bool)
10  0x7d6e197ef JSC::Parser<JSC::Lexer<char16_t> >::Parser(JSC::VM&, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ConstructorKind, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::DebuggerParseData*, bool)
11  0x7d5db9a44 std::__1::unique_ptr<JSC::ProgramNode, std::__1::default_delete<JSC::ProgramNode> > JSC::parse<JSC::ProgramNode>(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ParserError&, JSC::JSTextPosition*, JSC::ConstructorKind, JSC::DerivedContextType, JSC::EvalContextType, JSC::DebuggerParseData*, WTF::HashMap<WTF::RefPtr<WTF::UniquedStringImpl, WTF::PackedPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> >, JSC::PrivateNameEntry, JSC::IdentifierRepHash, WTF::HashTraits<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> > >, JSC::PrivateNameEntryHashTraits, WTF::HashTableTraits> const*, WTF::FixedVector<JSC::JSTextPosition> const*, bool)
12  0x7d706c72e JSC::UnlinkedProgramCodeBlock* JSC::generateUnlinkedCodeBlockImpl<JSC::UnlinkedProgramCodeBlock, JSC::ProgramExecutable>(JSC::VM&, JSC::SourceCode const&, JSC::JSParserStrictMode, JSC::JSParserScriptMode, WTF::OptionSet<JSC::CodeGenerationMode>, JSC::ParserError&, JSC::EvalContextType, JSC::DerivedContextType, bool, WTF::HashSet<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> >, JSC::IdentifierRepHash, WTF::HashTraits<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> > >, WTF::HashTableTraits> const*, WTF::HashMap<WTF::RefPtr<WTF::UniquedStringImpl, WTF::PackedPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> >, JSC::PrivateNameEntry, JSC::IdentifierRepHash, WTF::HashTraits<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> > >, JSC::PrivateNameEntryHashTraits, WTF::HashTableTraits> const*, JSC::ProgramExecutable*)
13  0x7d706be11 JSC::UnlinkedProgramCodeBlock* JSC::generateUnlinkedCodeBlock<JSC::UnlinkedProgramCodeBlock, JSC::ProgramExecutable>(JSC::VM&, JSC::ProgramExecutable*, JSC::SourceCode const&, JSC::JSParserStrictMode, JSC::JSParserScriptMode, WTF::OptionSet<JSC::CodeGenerationMode>, JSC::ParserError&, JSC::EvalContextType, WTF::HashSet<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> >, JSC::IdentifierRepHash, WTF::HashTraits<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> > >, WTF::HashTableTraits> const*, WTF::HashMap<WTF::RefPtr<WTF::UniquedStringImpl, WTF::PackedPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> >, JSC::PrivateNameEntry, JSC::IdentifierRepHash, WTF::HashTraits<WTF::RefPtr<WTF::UniquedStringImpl, WTF::RawPtrTraits<WTF::UniquedStringImpl>, WTF::DefaultRefDerefTraits<WTF::UniquedStringImpl> > >, JSC::PrivateNameEntryHashTraits, WTF::HashTableTraits> const*)
14  0x7d7015ce9 JSC::UnlinkedProgramCodeBlock* JSC::CodeCache::getUnlinkedGlobalCodeBlock<JSC::UnlinkedProgramCodeBlock, JSC::ProgramExecutable>(JSC::VM&, JSC::ProgramExecutable*, JSC::SourceCode const&, JSC::JSParserStrictMode, JSC::JSParserScriptMode, WTF::OptionSet<JSC::CodeGenerationMode>, JSC::ParserError&, JSC::EvalContextType)
15  0x7d7015869 JSC::CodeCache::getUnlinkedProgramCodeBlock(JSC::VM&, JSC::ProgramExecutable*, JSC::SourceCode const&, JSC::JSParserStrictMode, WTF::OptionSet<JSC::CodeGenerationMode>, JSC::ParserError&)
16  0x7d73dc8bf JSC::ProgramExecutable::initializeGlobalProperties(JSC::VM&, JSC::JSGlobalObject*, JSC::JSScope*)
17  0x7d6c0efba JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
18  0x7d7088a07 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
19  0x7d7088b5a JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
20  0x7b5d631fc WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
21  0x7b5d62dde WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
22  0x7b5d62c09 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
23  0x7b5d634e5 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
24  0x7b65c122a WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
25  0x7b65bf3db WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)
26  0x7b65be93e WebCore::ScriptElement::didFinishInsertingNode()
27  0x7b6a1206e WebCore::HTMLScriptElement::didFinishInsertingNode()
28  0x7b6334a40 void WebCore::executeNodeInsertionWithScriptAssertion<WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&)::$_4>(WebCore::ContainerNode&, WebCore::Node&, WebCore::ContainerNode::ChildChange::Source, WebCore::ReplacedAllChildren, WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&)::$_4)
29  0x7b63317d5 WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&)
30  0x7b63346eb WebCore::ContainerNode::appendChild(WebCore::Node&)
31  0x7b6549c9c WebCore::Node::appendChild(WebCore::Node&)
2021-08-11 11:20:57.622 MiniBrowser[14413:3527807] WebContent process crashed; reloading

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210811/83a55f6d/attachment.htm>

More information about the webkit-unassigned mailing list