[Webkit-unassigned] [Bug 220458] New: Crash in JavaScriptCore after using reassigned JSContext variable

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 8 01:00:17 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=220458

            Bug ID: 220458
           Summary: Crash in JavaScriptCore after using reassigned
                    JSContext variable
           Product: WebKit
           Version: Other
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: maartene at mac.com

Created attachment 417255

  --> https://bugs.webkit.org/attachment.cgi?id=417255&action=review

Xcode example program to show bug

I'm using a simple wrapper around JavaScriptCore: SwiftJS (https://github.com/SusanDoggie/SwiftJS) 

The wrapper uses:
* libjavascriptcoregtk-4.0-18 on Linux (tested on Ubuntu 20.04.1 LTS on ARM64)
* "Built in" JavaScriptCore on macOS (tested on macOS 11.1 Intel)
Both environments exhibit the same behaviour.

Actual behaviour
This wrapper crashes when trying to use an existing variable that has a new JSContext assigned. This looks like the bug described in https://bugs.webkit.org/show_bug.cgi?id=129070 but that one should already be fixed.

Expected behaviour
After assigning a new JSContext the old JSContext should be freed (this happens), the new one should be initialized (this also happens) and should after that be accessible just like the earlier one. (this does not happen) 

Steps to reproduce
See attached project for an example. Just build and run the project.

Now, this could be the due to a bug in the wrapper. However, the wrapper code seems simple enough, so perhaps there is a bug in JavaScriptCore?

See also issue: https://github.com/SusanDoggie/SwiftJS/issues/1 

Kind regards,

Maarten

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210108/a94a8124/attachment-0001.htm>

More information about the webkit-unassigned mailing list