<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Crash in JSC::speculationFromCell"

   href="https://bugs.webkit.org/show_bug.cgi?id=160027">160027</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Crash in JSC::speculationFromCell

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>Other

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>iOS

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>iOS 9.3

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Critical

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>JavaScriptCore

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>aleReimondo&#64;smalltalking.net

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=284222" name="attach_284222" title="Crash report when running iPhone 6s, iOS 9.3.3">attachment 284222</a> <a href="attachment.cgi?id=284222&amp;action=edit" title="Crash report when running iPhone 6s, iOS 9.3.3">[details]</a></span>

Crash report when running iPhone 6s, iOS 9.3.3

Summary: Reading a file (~3Mb) in a loop, can result in an EXC_BAD_ACCESS or memory full.

Expected Results:

The test should evaluate an arbitrary number of times without issue.

Actual Results:

Memory appears to be corrupted causing EXC_BAD_ACCESS or silent crash and memory full.

A crash report file is attached.

Steps to reproduce:

Download the coco8 Xcode project (from <a href="http://u8.smalltalking.net/profile/aleReimondo/coco8/coco8.zip">http://u8.smalltalking.net/profile/aleReimondo/coco8/coco8.zip</a> )

Open coco8/coco8.xcodeproj with Xcode 7.3 or 8(Beta).

Run the application on an iPhone 6s, iPad Pro or iPad 4.

Tap the link (&quot;Read Sample.txt file&quot;) in the welcome page.

This will cause the application to crash.

Notes:

The test script generate a Sample.txt file of aprox. 3mb and read the file contents 100 times.

Configuration: Xcode 8.0 beta (8S128d), iPhone 6s iOS 9.3.2 (13F69)

It can also be reproduced with iPhone 5s, iPad 4, iPad Pro with iOS 8.x, 9.x and 10.0 (Beta)</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>