[Webkit-unassigned] [Bug 276187] New: Error.stack is missing the second frame in some cases

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 3 12:10:35 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=276187

            Bug ID: 276187
           Summary: Error.stack is missing the second frame in some cases
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: macOS 13
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: krinklemail at gmail.com

When creating `new Error` and reading `e.stack` there is consistently (in certain situations) a second or third frame missing.

Test case:
https://codepen.io/Krinkle/pen/jOoggZw

In Firefox, Chrome, the raw stack is:

```
[0] sourceFromStacktrace
[1] QUnit.stack
[2] exampleBar
[3] exampleFoo
[4] exampleMain
[5] makeFakeFailure
```

In Safari, one of the intermediary frame has excluded.

```
[0] sourceFromStacktrace
[1] exampleBar
[2] exampleFoo
[3] exampleMain
[4] makeFakeFailure
```

This is problematic because in diagnostic tools and test frameworks like QUnit, a function like QUnit.stack() will often omit the first few frames for developer convenience, hiding its known internal offset. In the case of the above, QUnit would strip the first 2 frames when QUnit.stack is directly directly, or possibly more when passed an offset for additional wrapper functions.

The practical impact is that slice(2) ends up removing part of the user's own stack. Thus misleading them into thinking there is an error thrown by exampleFoo, when actually it caused deeper down in exampleBar.

I suspect this may be some kind of JIT operation combined with a failure to retain/restore the stack trace. Or perhaps a privacy hueristic misfiring. However, I've been unable to reproduce with an inline script tag, only with an external script. The above CodePen copies the two functions from qunit.js ("live") and embeds them directly ("reduced"). The issue does not happen in that case.

Safari Version 17.5 (18618.2.12.111.5, 18618)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240703/9b3cee8f/attachment.htm>

More information about the webkit-unassigned mailing list