WebKit Bugzilla
Attachment 343121 Details for
Bug 186827
: Crash in sanitizeStackForVMImpl sometimes when switching threads with same VM
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
186827.patch (text/plain), 1.72 KB, created by
Michael Saboff
on 2018-06-19 16:57:24 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Michael Saboff
Created:
2018-06-19 16:57:24 PDT
Size:
1.72 KB
patch
obsolete
>Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 232993) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,15 @@ >+2018-06-19 Michael Saboff <msaboff@apple.com> >+ >+ Crash in sanitizeStackForVMImpl sometimes when switching threads with same VM >+ https://bugs.webkit.org/show_bug.cgi?id=186827 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Need to set VM::lastStackTop before any possible calls to sanitizeStack(). >+ >+ * runtime/JSLock.cpp: >+ (JSC::JSLock::didAcquireLock): >+ > 2018-06-19 Tadeu Zagallo <tzagallo@apple.com> > > ShadowChicken crashes with stack overflow in the LLInt >Index: Source/JavaScriptCore/runtime/JSLock.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/JSLock.cpp (revision 232993) >+++ Source/JavaScriptCore/runtime/JSLock.cpp (working copy) >@@ -134,6 +134,9 @@ void JSLock::didAcquireLock() > m_entryAtomicStringTable = thread.setCurrentAtomicStringTable(m_vm->atomicStringTable()); > ASSERT(m_entryAtomicStringTable); > >+ m_vm->setLastStackTop(thread.savedLastStackTop()); >+ ASSERT(thread.stack().contains(m_vm->lastStackTop())); >+ > if (m_vm->heap.hasAccess()) > m_shouldReleaseHeapAccess = false; > else { >@@ -145,9 +148,6 @@ void JSLock::didAcquireLock() > void* p = &p; // A proxy for the current stack pointer. > m_vm->setStackPointerAtVMEntry(p); > >- m_vm->setLastStackTop(thread.savedLastStackTop()); >- ASSERT(thread.stack().contains(m_vm->lastStackTop())); >- > m_vm->heap.machineThreads().addCurrentThread(); > #if ENABLE(WEBASSEMBLY) > Wasm::startTrackingCurrentThread();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343121">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186827
: 343121