189830 2018-09-21 07:15:22 -0700 REGRESSION: crash under JSC::JSRopeString::resolveRope(JSC::ExecState*) 2018-09-22 15:17:19 -0700 1 1 1 Unclassified WebKit JavaScriptCore Safari Technology Preview Unspecified Unspecified RESOLVED DUPLICATE 189855 InRadar P2 Normal --- 1 graouts webkit-unassigned webkit-bug-importer oldest_to_newest 1461828 0 graouts 2018-09-21 07:15:22 -0700 On a ToT Release build, going to this URL yields a WebContent crash: http://loanpride.com/ces-enfants-de-stars-sont-devenus-grands-ils-peuvent-maintenant-construire-leur-vie-future-grace-a-leur-conseillers-financiers/ 0 com.apple.JavaScriptCore 0x00000004bcde023e JSC::JSRopeString::resolveRope(JSC::ExecState*) const + 318 (MarkedBlock.h:447) 1 com.apple.JavaScriptCore 0x00000004bcd755b8 JSC::getCalculatedDisplayName(JSC::VM&, JSC::JSObject*) + 424 (RefPtr.h:59) 2 com.apple.JavaScriptCore 0x00000004bce7b51b JSC::StackFrame::functionName(JSC::VM&) const + 107 (DumbPtrTraits.h:41) 3 com.apple.JavaScriptCore 0x00000004bce7b684 JSC::StackFrame::toString(JSC::VM&) const + 52 (StackFrame.cpp:63) 4 com.apple.JavaScriptCore 0x00000004bcac8dc7 JSC::Interpreter::stackTraceAsString(JSC::VM&, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul> const&) + 135 (Interpreter.cpp:460) 5 com.apple.JavaScriptCore 0x00000004bcd185f4 JSC::addErrorInfo(JSC::VM&, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>*, JSC::JSObject*) + 612 (RefPtr.h:88) 6 com.apple.JavaScriptCore 0x00000004bcd187b2 JSC::addErrorInfo(JSC::ExecState*, JSC::JSObject*, bool) + 162 (Error.cpp:236) 7 com.apple.WebCore 0x00000004b8a020f5 WebCore::createDOMException(JSC::ExecState*, WebCore::ExceptionCode, WTF::String const&) + 421 (JSDOMExceptionHandling.cpp:153) 8 com.apple.WebCore 0x00000004b8a02267 WebCore::throwSecurityError(JSC::ExecState&, JSC::ThrowScope&, WTF::String const&) + 23 (ThrowScope.h:81) 9 com.apple.WebCore 0x00000004b8a08f39 bool WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess<(WebCore::DOMWindowType)0>(WebCore::JSDOMGlobalObject*, WebCore::AbstractDOMWindow&, JSC::ExecState&, JSC::PropertyName, JSC::PropertySlot&, WTF::String const&) + 201 (PropertySlot.h:355) 10 com.apple.WebCore 0x00000004b8a09e50 WebCore::JSDOMWindow::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 512 (JSDOMWindowCustom.cpp:204) 11 com.apple.JavaScriptCore 0x00000004bcb9289a llint_slow_path_get_by_id + 3018 (JSObjectInlines.h:151) 12 com.apple.JavaScriptCore 0x00000004bc4ec714 llint_entry + 11553 (LowLevelInterpreter64.asm:307) 13 com.apple.JavaScriptCore 0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831) 14 ??? 0x00003dd69a06ed77 0 + 67991916440951 15 ??? 0x00003dd69a086ee3 0 + 67991916539619 16 ??? 0x00003dd69a0b3b26 0 + 67991916722982 17 ??? 0x00003dd69a052254 0 + 67991916323412 18 ??? 0x00003dd69a088ec3 0 + 67991916547779 19 ??? 0x00003dd69a0b3b26 0 + 67991916722982 20 com.apple.JavaScriptCore 0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831) 21 ??? 0x00003dd69a086ee3 0 + 67991916539619 22 ??? 0x00003dd69a0b3b26 0 + 67991916722982 23 com.apple.JavaScriptCore 0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831) 24 com.apple.JavaScriptCore 0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831) 25 com.apple.JavaScriptCore 0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831) 26 com.apple.JavaScriptCore 0x00000004bc4f0647 llint_entry + 27732 (LowLevelInterpreter.asm:831) 27 ??? 0x00003dd699e4b73c 0 + 67991914198844 28 ??? 0x00003dd69a057f31 0 + 67991916347185 29 ??? 0x00003dd69a086ee3 0 + 67991916539619 30 ??? 0x00003dd69a054835 0 + 67991916333109 31 ??? 0x00003dd69a052254 0 + 67991916323412 32 ??? 0x00003dd69a03d455 0 + 67991916237909 33 ??? 0x00003dd69a057f31 0 + 67991916347185 34 ??? 0x00003dd69a06c56a 0 + 67991916430698 35 ??? 0x00003dd69a02c4c2 0 + 67991916168386 36 com.apple.JavaScriptCore 0x00000004bc4f02b4 llint_entry + 26817 (LowLevelInterpreter.asm:831) 37 com.apple.JavaScriptCore 0x00000004bc4e9839 vmEntryToJavaScript + 200 (LowLevelInterpreter64.asm:258) 38 com.apple.JavaScriptCore 0x00000004bcacbc5c JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 11020 (JITCodeInlines.h:39) 39 com.apple.JavaScriptCore 0x00000004bcd0696f JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 287 (Completion.cpp:103) 40 com.apple.WebCore 0x00000004b8a27274 WebCore::JSExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 84 (JSExecState.h:80) 41 com.apple.WebCore 0x00000004b8a270df WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 207 (ScriptController.cpp:131) 42 com.apple.WebCore 0x00000004b8cae4e3 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 563 (CurrentScriptIncrementer.h:54) 43 com.apple.WebCore 0x00000004b8c7ca1d WebCore::LoadableClassicScript::execute(WebCore::ScriptElement&) + 141 (utility:896) 44 com.apple.WebCore 0x00000004b8cae741 WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript&) + 177 (ScriptElement.cpp:427) 45 com.apple.WebCore 0x00000004b8cb492d WebCore::ScriptRunner::timerFired() + 605 (ScriptRunner.cpp:132) 46 com.apple.WebCore 0x00000004b91488c9 WebCore::ThreadTimers::sharedTimerFiredInternal() + 185 (ThreadTimers.cpp:120) 47 com.apple.WebCore 0x00000004b918fcaf WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 (MainThreadSharedTimerCF.cpp:75) 48 com.apple.CoreFoundation 0x00007fff371bae6d __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 49 com.apple.CoreFoundation 0x00007fff371baa20 __CFRunLoopDoTimer + 859 50 com.apple.CoreFoundation 0x00007fff371ba560 __CFRunLoopDoTimers + 333 51 com.apple.CoreFoundation 0x00007fff3719b7b7 __CFRunLoopRun + 2176 52 com.apple.CoreFoundation 0x00007fff3719ace4 CFRunLoopRunSpecific + 463 53 com.apple.Foundation 0x00007fff394fb5da -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280 54 com.apple.Foundation 0x00007fff394fb4af -[NSRunLoop(NSRunLoop) run] + 76 55 libxpc.dylib 0x00007fff645eaee6 _xpc_objc_main + 555 56 libxpc.dylib 0x00007fff645ea9e5 xpc_main + 433 57 com.apple.WebKit.WebContent 0x00000001040e7636 WebKit::XPCServiceMain(int, char const**) + 547 58 com.apple.WebKit.WebContent 0x00000001040e77bb main + 9 (XPCServiceMain.mm:46) 59 libdyld.dylib 0x00007fff643b4085 start + 1 1461829 1 webkit-bug-importer 2018-09-21 07:15:40 -0700 <rdar://problem/44678975> 1461830 2 graouts 2018-09-21 07:16:19 -0700 This does not appear to reproduce in STP 65, so this is likely a recent regression. 1462420 3 ap 2018-09-22 15:17:19 -0700 Yes, recent regression. Sounds like it was quickly fixed in bug 189855. *** This bug has been marked as a duplicate of bug 189855 ***