196305 2019-03-27 10:47:44 -0700 Assertion failed at Source/JavaScriptCore/runtime/ExceptionHelpers.cpp:278 2019-04-05 17:06:13 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified REOPENED https://bugs.webkit.org/show_bug.cgi?id=196089 InRadar P2 Normal --- 1 sevendays37 tzagallo commit-queue ews-watchlist fpizlo keith_miller mark.lam msaboff ryanhaddad saam tzagallo webkit-bug-importer ysuzuki oldest_to_newest 1521738 0 sevendays37 2019-03-27 10:47:44 -0700 The debug build of JavaScriptCore failed assertion at Source/JavaScriptCore/runtime/ExceptionHelpers.cpp:278. PoC: const var_1 = 'a'.padStart(2147483648 - 1); new var_1(); Commit: 6369975 OS: Ubuntu 18.04.1 LTS Arch: x86_64 1522122 1 ap 2019-03-28 11:13:36 -0700 JSObject* createError(ExecState* exec, JSValue value, const String& message, ErrorInstance::SourceAppender appender) { VM& vm = exec->vm(); auto scope = DECLARE_CATCH_SCOPE(vm); String valueDescription = errorDescriptionForValue(exec, value); ASSERT(scope.exception() || !!valueDescription); // Line 278 1522123 2 ap 2019-03-28 11:13:57 -0700 Sorry, didn't mean to mark this one as invalid. 1522129 3 ap 2019-03-28 11:20:19 -0700 Test crashes shipping Safari: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff3f8b6edf JSC::errorDescriptionForValue(JSC::ExecState*, JSC::JSValue) + 559 1 com.apple.JavaScriptCore 0x00007fff3f8b72f5 JSC::createError(JSC::ExecState*, JSC::JSValue, WTF::String const&, WTF::String (*)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) + 53 2 com.apple.JavaScriptCore 0x00007fff3ef0e9e8 JSC::createNotAConstructorError(JSC::ExecState*, JSC::JSValue) + 56 3 com.apple.JavaScriptCore 0x00007fff3f7776cb JSC::LLInt::setUpCall(JSC::ExecState*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 187 4 com.apple.JavaScriptCore 0x00007fff3f13ea8f llint_entry + 63468 1522130 4 webkit-bug-importer 2019-03-28 11:20:34 -0700 <rdar://problem/49387382> 1522436 5 366267 tzagallo 2019-03-29 05:03:22 -0700 Created attachment 366267 Patch 1522598 6 366267 commit-queue 2019-03-29 14:54:00 -0700 Comment on attachment 366267 Patch Clearing flags on attachment: 366267 Committed r243665: <https://trac.webkit.org/changeset/243665> 1522599 7 commit-queue 2019-03-29 14:54:02 -0700 All reviewed patches have been landed. Closing bug. 1524905 8 ryanhaddad 2019-04-05 17:05:37 -0700 Reverted r243665 for reason: Caused iOS JSC tests to exit with an exception. Committed r243955: <https://trac.webkit.org/changeset/243955> 1524906 9 ryanhaddad 2019-04-05 17:06:13 -0700 (In reply to Ryan Haddad from comment #8) > Reverted r243665 for reason: > > Caused iOS JSC tests to exit with an exception. > > Committed r243955: <https://trac.webkit.org/changeset/243955> See radar for details. 366267 2019-03-29 05:03:22 -0700 2019-03-29 14:54:00 -0700 Patch bug-196305-20190329130320.patch text/plain 3110 tzagallo U3VidmVyc2lvbiBSZXZpc2lvbjogMjQzNjQ0CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCBh NDFiNTk2YThiODgxZGZmMDAxM2NjYjYzMmNmMTU1MGZjMjQwYmE3Li43NzIxM2QyNzRjNjAyNTA3 YWM4Njc3ZGQ3MWEzYTVjZDMyNWYyNDFhIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxOSBAQAorMjAxOS0wMy0yOSAgVGFkZXUgWmFnYWxsbyAgPHR6YWdhbGxvQGFwcGxlLmNv bT4KKworICAgICAgICBBc3NlcnRpb24gZmFpbGVkIGluIEpTQzo6Y3JlYXRlRXJyb3IKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NjMwNQorICAgICAg ICA8cmRhcjovL3Byb2JsZW0vNDkzODczODI+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgSlNDOjpjcmVhdGVFcnJvciBhc3N1bWVzIHRoYXQgYGVycm9y RGVzY3JpcHRpb25Gb3JWYWx1ZWAgd2lsbCBlaXRoZXIKKyAgICAgICAgdGhyb3cgYW4gZXhjZXB0 aW9uIG9yIHJldHVybiBhIHZhbGlkIGRlc2NyaXB0aW9uIHN0cmluZy4gSG93ZXZlciwgdGhhdAor ICAgICAgICBpcyBub3QgdHJ1ZSBpZiB0aGUgdmFsdWUgaXMgYSByb3BlIHN0cmluZyBhbmQgd2Ug c3VjY2Vzc2Z1bGx5IHJlc29sdmUgaXQsCisgICAgICAgIGJ1dCBsYXRlciBmYWlsIHRvIHdyYXAg dGhlIHN0cmluZyBpbiBxdW90ZXMgd2l0aCBgdHJ5TWFrZVN0cmluZ2AuCisKKyAgICAgICAgKiBy dW50aW1lL0V4Y2VwdGlvbkhlbHBlcnMuY3BwOgorICAgICAgICAoSlNDOjpjcmVhdGVFcnJvcik6 CisKIDIwMTktMDMtMjkgIENhdGhpZSBDaGVuICA8Y2F0aGllY2hlbkBpZ2FsaWEuY29tPgogCiAg ICAgICAgIEltcGxlbWVudCBSZXNpemVPYnNlcnZlci4KZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9ydW50aW1lL0V4Y2VwdGlvbkhlbHBlcnMuY3BwIGIvU291cmNlL0phdmFTY3Jp cHRDb3JlL3J1bnRpbWUvRXhjZXB0aW9uSGVscGVycy5jcHAKaW5kZXggMTU2YzE4MGUxODM0N2Y0 N2M5MzkwNDU5ZTVkMjE3NTExYjk4MzFmZi4uNjQ4NmMwNjkzMjM5ZjZiYzFjNGYwMDhmMTAzZjE0 NWQwMDlmNGIxMiAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvRXhj ZXB0aW9uSGVscGVycy5jcHAKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvRXhj ZXB0aW9uSGVscGVycy5jcHAKQEAgLTI3NSw4ICsyNzUsNyBAQCBKU09iamVjdCogY3JlYXRlRXJy b3IoRXhlY1N0YXRlKiBleGVjLCBKU1ZhbHVlIHZhbHVlLCBjb25zdCBTdHJpbmcmIG1lc3NhZ2Us IEVycgogICAgIGF1dG8gc2NvcGUgPSBERUNMQVJFX0NBVENIX1NDT1BFKHZtKTsKIAogICAgIFN0 cmluZyB2YWx1ZURlc2NyaXB0aW9uID0gZXJyb3JEZXNjcmlwdGlvbkZvclZhbHVlKGV4ZWMsIHZh bHVlKTsKLSAgICBBU1NFUlQoc2NvcGUuZXhjZXB0aW9uKCkgfHwgISF2YWx1ZURlc2NyaXB0aW9u KTsKLSAgICBpZiAoIXZhbHVlRGVzY3JpcHRpb24pIHsKKyAgICBpZiAoc2NvcGUuZXhjZXB0aW9u KCkgfHwgIXZhbHVlRGVzY3JpcHRpb24pIHsKICAgICAgICAgc2NvcGUuY2xlYXJFeGNlcHRpb24o KTsKICAgICAgICAgcmV0dXJuIGNyZWF0ZU91dE9mTWVtb3J5RXJyb3IoZXhlYyk7CiAgICAgfQpk aWZmIC0tZ2l0IGEvSlNUZXN0cy9DaGFuZ2VMb2cgYi9KU1Rlc3RzL0NoYW5nZUxvZwppbmRleCA0 MGJiYmRiYjQ3ZGJmYjMwNDg2ODUwODg2YzI0ZGQ2ODk2YTdkYjlhLi5iYTYzMDk5ZjAyYzc5MzY2 ZDc0MWIxMDI3NzE5ZGUxMzNmZGY4OTU1IDEwMDY0NAotLS0gYS9KU1Rlc3RzL0NoYW5nZUxvZwor KysgYi9KU1Rlc3RzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDE5LTAzLTI5ICBUYWRl dSBaYWdhbGxvICA8dHphZ2FsbG9AYXBwbGUuY29tPgorCisgICAgICAgIEFzc2VydGlvbiBmYWls ZWQgaW4gSlNDOjpjcmVhdGVFcnJvcgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTk2MzA1CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS80OTM4NzM4Mj4K KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIHN0cmVz cy9jcmVhdGUtZXJyb3Itb3V0LW9mLW1lbW9yeS1yb3BlLXN0cmluZy0yLmpzOiBBZGRlZC4KKyAg ICAgICAgKGFzc2VydCk6CisgICAgICAgIChjYXRjaCk6CisKIDIwMTktMDMtMjggIFNhYW0gQmFy YXRpICA8c2JhcmF0aUBhcHBsZS5jb20+CiAKICAgICAgICAgQmFja3dhcmRzR3JhcGggbmVlZHMg dG8gY29uc2lkZXIgYmFjayBlZGdlcyBhcyB0aGUgYmFja3dhcmQncyByb290IHN1Y2Nlc3Nvcgpk aWZmIC0tZ2l0IGEvSlNUZXN0cy9zdHJlc3MvY3JlYXRlLWVycm9yLW91dC1vZi1tZW1vcnktcm9w ZS1zdHJpbmctMi5qcyBiL0pTVGVzdHMvc3RyZXNzL2NyZWF0ZS1lcnJvci1vdXQtb2YtbWVtb3J5 LXJvcGUtc3RyaW5nLTIuanMKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uNDVhZjY4ZDUxNjMwNWIwMzQ1MmE4MTI4YTVm ZGNjYWJkYzIyYWI1NgotLS0gL2Rldi9udWxsCisrKyBiL0pTVGVzdHMvc3RyZXNzL2NyZWF0ZS1l cnJvci1vdXQtb2YtbWVtb3J5LXJvcGUtc3RyaW5nLTIuanMKQEAgLTAsMCArMSwxMiBAQAorZnVu Y3Rpb24gYXNzZXJ0KGEsIG1lc3NhZ2UpIHsKKyAgICBpZiAoIWEpCisgICAgICAgIHRocm93IG5l dyBFcnJvcihtZXNzYWdlKTsKK30KKwordHJ5IHsKKyAgICBjb25zdCB2YXJfMSA9ICdhJy5wYWRT dGFydCgyMTQ3NDgzNjQ4IC0gMSk7CisgICAgbmV3IHZhcl8xKCk7CisgICAgYXNzZXJ0KGZhbHNl LCBgU2hvdWxkIHRocm93IE9PTSBlcnJvcmApOworfSBjYXRjaCAoZXJyb3IpIHsKKyAgICBhc3Nl cnQoZXJyb3IubWVzc2FnZSA9PSAiT3V0IG9mIG1lbW9yeSIsICJFeHBlY3RlZCBPdXRPZk1lbW9y eUVycm9yLCBidXQgZ290OiAiICsgZXJyb3IpOworfQo=