Nightly r14317 crashes when typing in the Yahoo auto-complete widget. Stock 10.4.6 Safari seems to be more stable, but unless I'm mistaken, it has frozen with the same stack trace for me once. Probably, just a matter of chance. Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0016d664 match + 4 1 com.apple.JavaScriptCore 0x0016e3a0 match + 3392 2 com.apple.JavaScriptCore 0x0016d7cc match + 364 3 com.apple.JavaScriptCore 0x0016e3a0 match + 3392 4 com.apple.JavaScriptCore 0x0016f0ac match + 6732 5 com.apple.JavaScriptCore 0x0016d7cc match + 364 6 com.apple.JavaScriptCore 0x0016e148 match + 2792 7 com.apple.JavaScriptCore 0x0016d7cc match + 364 8 com.apple.JavaScriptCore 0x0016e3a0 match + 3392 9 com.apple.JavaScriptCore 0x0016d7cc match + 364 10 com.apple.JavaScriptCore 0x0016e3a0 match + 3392 11 com.apple.JavaScriptCore 0x0016e3c8 match + 3432 12 com.apple.JavaScriptCore 0x0016f0ac match + 6732 ...
Created attachment 8277 [details] test case (will crash!)
Created attachment 8281 [details] proposed fix This is a stack overflow, and it has nothing to do with how WebKit invokes PCRE - it's also reproducible with pcretest, versions 6.1 (used in WebKit) and 6.6 (latest). PCRE has a mode for systems with limited stack, where it no longer uses recursion (at the cost of some performance, reportedly). There are also some limits that can make deep recursion fail with an error, but I don't see how we could use them, as long as we want to work with Yahoo widgets. This patch just defines NO_RECURSE. There is no noticeable delay when opening the test.
Comment on attachment 8281 [details] proposed fix r=me
Committed revision 14435.