[Webkit-unassigned] [Bug 275555] SIGSEGV in JSC in pas_versioned_field_try_write_watched

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 17 19:16:39 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=275555

--- Comment #3 from qbtly <qbtly201 at gmail.com> ---
Output when building with ASAN:
Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f54fd1be91f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x55fdecfa9594 in bmalloc::DebugHeap::malloc(unsigned long, bmalloc::FailureAction) /JSC/Source/bmalloc/bmalloc/DebugHeap.cpp:118
    #2 0x55fdecfa9e2b in pas_debug_heap_malloc /JSC/Source/bmalloc/bmalloc/DebugHeap.cpp:223
    #3 0x55fdecfcbd2a in pas_debug_heap_allocate /JSC/Source/bmalloc/libpas/src/libpas/pas_debug_heap.h:106
    #4 0x55fdecfcc67f in pas_try_allocate_intrinsic_impl_casual_case /JSC/Source/bmalloc/libpas/src/libpas/pas_try_allocate_intrinsic.h:105
    #5 0x55fdecfcce63 in bmalloc_allocate_impl_casual_case /JSC/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:69
    #6 0x55fdecfcd34e in bmalloc_allocate_casual /JSC/Source/bmalloc/libpas/src/libpas/bmalloc_heap.c:64
    #7 0x55fdece3cef5 in bmalloc_allocate_inline /JSC/asan/JSCOnly/Debug/bmalloc/Headers/bmalloc/bmalloc_heap_inlines.h:120
    #8 0x55fdece401e3 in bmalloc::api::malloc(unsigned long, bmalloc::CompactAllocationMode, bmalloc::HeapKind) /JSC/asan/JSCOnly/Debug/bmalloc/Headers/bmalloc/bmalloc.h:75
    #9 0x55fdece401e3 in WTF::fastCompactMalloc(unsigned long) /JSC/Source/WTF/wtf/FastMalloc.cpp:709
    #10 0x55fdecf38eea in WTF::StringImpl::operator new(unsigned long) /JSC/Source/WTF/wtf/text/StringImpl.h:186
    #11 0x55fdecf4c33b in WTF::StringImpl::createWithoutCopyingNonEmpty(std::span<unsigned char const, 18446744073709551615ul>) /JSC/Source/WTF/wtf/text/StringImpl.cpp:169
    #12 0x55fde7e4524d in WTF::StringImpl::createWithoutCopying(std::span<unsigned char const, 18446744073709551615ul>) /JSC/asan/JSCOnly/Debug/WTF/Headers/wtf/text/StringImpl.h:270
    #13 0x55fdecf36cda in WTF::BufferFromStaticDataTranslator<unsigned char>::translate(WTF::Packed<WTF::StringImpl*>&, WTF::HashTranslatorCharBuffer<unsigned char> const&, unsigned int) /JSC/Source/WTF/wtf/text/AtomStringImpl.cpp:280
    #14 0x55fdecf35231 in void WTF::HashSetTranslatorAdapter<WTF::BufferFromStaticDataTranslator<unsigned char> >::translate<WTF::Packed<WTF::StringImpl*>, WTF::HashTranslatorCharBuffer<unsigned char> >(WTF::Packed<WTF::StringImpl*>&, WTF::HashTranslatorCharBuffer<unsigned char> const&, WTF::HashTranslatorCharBuffer<unsigned char> const&, unsigned int) /JSC/Source/WTF/wtf/HashSet.h:216
    #15 0x55fdecf32472 in WTF::HashTableAddResult<WTF::HashTableIterator<WTF::HashTable<WTF::Packed<WTF::StringImpl*>, WTF::Packed<WTF::StringImpl*>, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> > >, WTF::Packed<WTF::StringImpl*>, WTF::Packed<WTF::StringImpl*>, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> > > > WTF::HashTable<WTF::Packed<WTF::StringImpl*>, WTF::Packed<WTF::StringImpl*>, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> > >::addPassingHashCode<WTF::HashSetTranslatorAdapter<WTF::BufferFromStaticDataTranslator<unsigned char> >, WTF::HashTranslatorCharBuffer<unsigned char> const&, WTF::HashTranslatorCharBuffer<unsigned char> const&>(WTF::HashTranslatorCharBuffer<unsigned char> const&, WTF::HashTranslatorCharBuffer<unsigned char> const&) /JSC/Source/WTF/wtf/HashTable.h:979
    #16 0x55fdecf2f6df in WTF::HashTableAddResult<WTF::HashTableIterator<WTF::HashTable<WTF::Packed<WTF::StringImpl*>, WTF::Packed<WTF::StringImpl*>, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> > >, WTF::Packed<WTF::StringImpl*>, WTF::Packed<WTF::StringImpl*>, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> > > > WTF::HashSet<WTF::Packed<WTF::StringImpl*>, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTableTraits>::add<WTF::BufferFromStaticDataTranslator<unsigned char>, WTF::HashTranslatorCharBuffer<unsigned char> >(WTF::HashTranslatorCharBuffer<unsigned char> const&) /JSC/Source/WTF/wtf/HashSet.h:333
    #17 0x55fdecf2dd9c in addToStringTable<WTF::HashTranslatorCharBuffer<unsigned char>, WTF::BufferFromStaticDataTranslator<unsigned char> > /JSC/Source/WTF/wtf/text/AtomStringImpl.cpp:75
    #18 0x55fdecf2d746 in addToStringTable<WTF::HashTranslatorCharBuffer<unsigned char>, WTF::BufferFromStaticDataTranslator<unsigned char> > /JSC/Source/WTF/wtf/text/AtomStringImpl.cpp:88
    #19 0x55fdecf2ab86 in WTF::AtomStringImpl::addLiteral(std::span<unsigned char const, 18446744073709551615ul>) /JSC/Source/WTF/wtf/text/AtomStringImpl.cpp:316
    #20 0x55fde7e47508 in WTF::AtomStringImpl::add(WTF::ASCIILiteral) /JSC/asan/JSCOnly/Debug/WTF/Headers/wtf/text/AtomStringImpl.h:111
    #21 0x55fde7e7ba43 in JSC::Identifier::add(JSC::VM&, WTF::ASCIILiteral) /JSC/Source/JavaScriptCore/runtime/Identifier.h:222
    #22 0x55fde7e7b4f1 in JSC::Identifier::Identifier(JSC::VM&, WTF::ASCIILiteral) /JSC/Source/JavaScriptCore/runtime/Identifier.h:162
    #23 0x55fde7e90ae6 in JSC::Identifier::fromString(JSC::VM&, WTF::ASCIILiteral) /JSC/Source/JavaScriptCore/runtime/IdentifierInlines.h:85
    #24 0x55fdebd51128 in JSC::StringPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*) /JSC/Source/JavaScriptCore/runtime/StringPrototype.cpp:144
    #25 0x55fdebd537d0 in JSC::StringPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) /JSC/Source/JavaScriptCore/runtime/StringPrototype.cpp:182
    #26 0x55fdeb7aba40 in JSC::JSGlobalObject::init(JSC::VM&) /JSC/Source/JavaScriptCore/runtime/JSGlobalObject.cpp:1132
    #27 0x55fdeb7c80d7 in JSC::JSGlobalObject::finishCreation(JSC::VM&) /JSC/Source/JavaScriptCore/runtime/JSGlobalObject.cpp:3268
    #28 0x55fde7ea3432 in GlobalObject::finishCreation(JSC::VM&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) /JSC/Source/JavaScriptCore/jsc.cpp:624
    #29 0x55fde7ea171f in GlobalObject::create(JSC::VM&, JSC::Structure*, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) /JSC/Source/JavaScriptCore/jsc.cpp:550
    #30 0x55fde7f264e3 in runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> > /JSC/Source/JavaScriptCore/jsc.cpp:4204

SUMMARY: AddressSanitizer: 771 byte(s) leaked in 31 allocation(s).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240618/5f1be869/attachment-0001.htm>

More information about the webkit-unassigned mailing list