196684 2019-04-07 08:22:32 -0700 REGRESSION (r243642): Crash in reddit.com page 2019-04-07 16:24:47 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff ews-watchlist ggaren keith_miller mark.lam saam webkit-bug-importer oldest_to_newest 1525080 0 msaboff 2019-04-07 08:22:32 -0700 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000705e35260 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [2522] VM Regions Near 0x705e35260: WebKit Malloc 0000000627e00000-0000000627f00000 [ 1024K] rw-/rwx SM=PRV --> WebAssembly memory (re 0000000800000000-0000001000000000 [ 32.0G] rw-/rwx SM=NUL reserved VM address space (unallocated) Application Specific Information: Bundle controller class: BrowserBundleController Enabled App Extensions: com.apple.ist.ds.appleconnect2.SafariExtension (APPLEBNISIGNED) (Version: 1288 - Display Version: 3.2.2) AppleConnect Safari Extension Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 ??? 0x000054c664c2e2eb 0 + 93211070751467 1 com.apple.JavaScriptCore 0x00007fff35f6b09f JSC::RegExpObject::execInline(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*) + 943 2 ??? 0x000054c664c0116b 0 + 93211070566763 3 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 4 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 5 com.apple.JavaScriptCore 0x00007fff35bbb852 llint_entry + 64383 6 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 7 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 8 com.apple.JavaScriptCore 0x00007fff35bbaf57 llint_entry + 62084 9 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 10 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 11 com.apple.JavaScriptCore 0x00007fff35bbaf57 llint_entry + 62084 12 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 13 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 14 com.apple.JavaScriptCore 0x00007fff35bbb852 llint_entry + 64383 15 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 ... 1525081 1 msaboff 2019-04-07 08:22:46 -0700 <rdar://problem/49589308> 1525082 2 msaboff 2019-04-07 08:23:31 -0700 This page crashes: https://www.reddit.com/r/unpopularopinion/comments/b9pvhv/splitting_5050_after_a_divorce_is_not_fair/ 1525083 3 366905 msaboff 2019-04-07 08:30:16 -0700 Created attachment 366905 Patch 1525098 4 366905 ggaren 2019-04-07 16:03:45 -0700 Comment on attachment 366905 Patch r=me 1525102 5 msaboff 2019-04-07 16:24:47 -0700 Committed r243967: <https://trac.webkit.org/changeset/243967> 366905 2019-04-07 08:30:16 -0700 2019-04-07 16:03:45 -0700 Patch 196684.patch text/plain 4075 msaboff SW5kZXg6IEpTVGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEpTVGVzdHMvQ2hhbmdlTG9n CShyZXZpc2lvbiAyNDM5NjUpCisrKyBKU1Rlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpA QCAtMSwzICsxLDE0IEBACisyMDE5LTA0LTA3ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBw bGUuY29tPgorCisgICAgICAgIFJFR1JFU1NJT04gKHIyNDM2NDIpOiBDcmFzaCBpbiByZWRkaXQu Y29tIHBhZ2UKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE5NjY4NAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IE5ldyByZWdyZXNzaW9uIHRlc3QuCisKKyAgICAgICAgKiBzdHJlc3MvcmVnZXhwLW5vbmdyZWVk eS1jaGFyY2xhc3MtYmFja3RyYWNrcy5qczogQWRkZWQuCisKIDIwMTktMDQtMDUgIFl1c3VrZSBT dXp1a2kgIDx5c3V6dWtpQGFwcGxlLmNvbT4KIAogICAgICAgICBbSlNDXSBPU1JFeGl0IHJlY292 ZXJ5IGZvciBTcGVjdWxhdGl2ZUFkZCBkb2VzIG5vdCBjb25zaWVyICJBID0gQSArIEEiIHBhdHRl cm4KSW5kZXg6IEpTVGVzdHMvc3RyZXNzL3JlZ2V4cC1ub25ncmVlZHktY2hhcmNsYXNzLWJhY2t0 cmFja3MuanMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gSlNUZXN0cy9zdHJlc3MvcmVnZXhwLW5vbmdyZWVkeS1j aGFyY2xhc3MtYmFja3RyYWNrcy5qcwkobm9uZXhpc3RlbnQpCisrKyBKU1Rlc3RzL3N0cmVzcy9y ZWdleHAtbm9uZ3JlZWR5LWNoYXJjbGFzcy1iYWNrdHJhY2tzLmpzCSh3b3JraW5nIGNvcHkpCkBA IC0wLDAgKzEsMTUgQEAKKy8vIFRoZSByZWdyZXNzaW9uIHRlc3QgY2hlY2tzIHRoYXQgbXVsdGlw bGUgbm9uLWdyZWVkeSBjaGFyYWN0ZXIgY2xhc3NlcyBiYWNrdHJhY2sgcHJvcGVybHkuCisKK2xl dCByZSA9IC9bXlwvXStcL3h4eFwvW15cL10rP1wvW15cL10rP1wvW15cL10rPy87CitsZXQgc3Ry OworbGV0IG1hdGNoOworCitzdHIgPSAiYmxhaC94eHgvYmxhaC9ibGFoX2JsYWhfYmxhaF9ibGFo X2JsYWhfYmxhaF9ibGFoX2JsYWhfYmxhaF9ibGFoLyI7CittYXRjaCA9IHJlLmV4ZWMoc3RyKTsK K2lmIChtYXRjaCAhPT0gbnVsbCkKKyAgICB0aHJvdyhyZSArICIuZXhlYyhcIiIgKyBzdHIgKyAi XCIpIFNob3VsZCBub3QgaGF2ZSBtYXRjaGVkISIpOworCitzdHIgPSAiYmxhaC94eHgvYmxhaC9i bGFoX2JsYWhfYmxhaF9ibGFoLyI7CittYXRjaCA9IHJlLmV4ZWMoc3RyKTsKK2lmIChtYXRjaCAh PT0gbnVsbCkKKyAgICB0aHJvdyhyZSArICIuZXhlYyhcIiIgKyBzdHIgKyAiXCIpIFNob3VsZCBu b3QgaGF2ZSBtYXRjaGVkISIpOwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxv Zwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCShyZXZpc2lv biAyNDM4MzkpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNv cHkpCkBAIC0xLDMgKzEsMTggQEAKKzIwMTktMDQtMDcgIE1pY2hhZWwgU2Fib2ZmICA8bXNhYm9m ZkBhcHBsZS5jb20+CisKKyAgICAgICAgUkVHUkVTU0lPTiAocjI0MzY0Mik6IENyYXNoIGluIHJl ZGRpdC5jb20gcGFnZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MTk2Njg0CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgSW4gcjI0MzY0MiwgdGhlIGNvZGUgdGhhdCBzYXZlcyBhbmQgcmVzdG9yZXMgdGhlIGNv dW50IGZvciBub24tZ3JlZWR5IGNoYXJhY3RlciBjbGFzc2VzCisgICAgICAgIHdhcyBpbmFkdmVy dGVudGx5IHB1dCBpbnNpZGUgYW4gaWYgc3RhdGVtZW50LiAgVGhpcyBjb2RlIHNob3VsZCBiZSBn ZW5lcmF0ZWQgZm9yIGFsbAorICAgICAgICBub24tZ3JlZWR5IGNoYXJhY3RlciBjbGFzc2VzLgor CisgICAgICAgICogeWFyci9ZYXJySklULmNwcDoKKyAgICAgICAgKEpTQzo6WWFycjo6WWFyckdl bmVyYXRvcjo6Z2VuZXJhdGVDaGFyYWN0ZXJDbGFzc05vbkdyZWVkeSk6CisgICAgICAgIChKU0M6 OllhcnI6OllhcnJHZW5lcmF0b3I6OmJhY2t0cmFja0NoYXJhY3RlckNsYXNzTm9uR3JlZWR5KToK KwogMjAxOS0wNC0wMyAgTWljaGFlbCBTYWJvZmYgIDxtc2Fib2ZmQGFwcGxlLmNvbT4KIAogICAg ICAgICBSRUdSRVNTSU9OIChyMjQzNjQyKTogY29tLmFwcGxlLkphdmFTY3JpcHRDb3JlIGNyYXNo IGluIEpTQzo6UmVnRXhwT2JqZWN0OjpleGVjSW5saW5lCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlw dENvcmUveWFyci9ZYXJySklULmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENv cmUveWFyci9ZYXJySklULmNwcAkocmV2aXNpb24gMjQzODM5KQorKysgU291cmNlL0phdmFTY3Jp cHRDb3JlL3lhcnIvWWFyckpJVC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE5NDMsMTEgKzE5NDMs MTUgQEAgY2xhc3MgWWFyckdlbmVyYXRvciA6IHB1YmxpYyBZYXJySklUSW5mbwogCiAgICAgICAg IG1vdmUoVHJ1c3RlZEltbTMyKDApLCBjb3VudFJlZ2lzdGVyKTsKICAgICAgICAgb3AubV9yZWVu dHJ5ID0gbGFiZWwoKTsKKworI2lmZGVmIEpJVF9VTklDT0RFX0VYUFJFU1NJT05TCiAgICAgICAg IGlmIChtX2RlY29kZVN1cnJvZ2F0ZVBhaXJzKSB7CiAgICAgICAgICAgICBpZiAoIXRlcm0tPmNo YXJhY3RlckNsYXNzLT5oYXNPbmVDaGFyYWN0ZXJTaXplKCkgfHwgdGVybS0+aW52ZXJ0KCkpCiAg ICAgICAgICAgICAgICAgc3RvcmVUb0ZyYW1lKGluZGV4LCB0ZXJtLT5mcmFtZUxvY2F0aW9uICsg QmFja1RyYWNrSW5mb0NoYXJhY3RlckNsYXNzOjpiZWdpbkluZGV4KCkpOwotICAgICAgICAgICAg c3RvcmVUb0ZyYW1lKGNvdW50UmVnaXN0ZXIsIHRlcm0tPmZyYW1lTG9jYXRpb24gKyBCYWNrVHJh Y2tJbmZvQ2hhcmFjdGVyQ2xhc3M6Om1hdGNoQW1vdW50SW5kZXgoKSk7CiAgICAgICAgIH0KKyNl bmRpZgorCisgICAgICAgIHN0b3JlVG9GcmFtZShjb3VudFJlZ2lzdGVyLCB0ZXJtLT5mcmFtZUxv Y2F0aW9uICsgQmFja1RyYWNrSW5mb0NoYXJhY3RlckNsYXNzOjptYXRjaEFtb3VudEluZGV4KCkp OwogICAgIH0KIAogICAgIHZvaWQgYmFja3RyYWNrQ2hhcmFjdGVyQ2xhc3NOb25HcmVlZHkoc2l6 ZV90IG9wSW5kZXgpCkBAIC0xOTY2LDEwICsxOTcwLDExIEBAIGNsYXNzIFlhcnJHZW5lcmF0b3Ig OiBwdWJsaWMgWWFyckpJVEluZm8KICAgICAgICAgaWYgKG1fZGVjb2RlU3Vycm9nYXRlUGFpcnMp IHsKICAgICAgICAgICAgIGlmICghdGVybS0+Y2hhcmFjdGVyQ2xhc3MtPmhhc09uZUNoYXJhY3Rl clNpemUoKSB8fCB0ZXJtLT5pbnZlcnQoKSkKICAgICAgICAgICAgICAgICBsb2FkRnJvbUZyYW1l KHRlcm0tPmZyYW1lTG9jYXRpb24gKyBCYWNrVHJhY2tJbmZvQ2hhcmFjdGVyQ2xhc3M6OmJlZ2lu SW5kZXgoKSwgaW5kZXgpOwotICAgICAgICAgICAgbG9hZEZyb21GcmFtZSh0ZXJtLT5mcmFtZUxv Y2F0aW9uICsgQmFja1RyYWNrSW5mb0NoYXJhY3RlckNsYXNzOjptYXRjaEFtb3VudEluZGV4KCks IGNvdW50UmVnaXN0ZXIpOwogICAgICAgICB9CiAjZW5kaWYKIAorICAgICAgICBsb2FkRnJvbUZy YW1lKHRlcm0tPmZyYW1lTG9jYXRpb24gKyBCYWNrVHJhY2tJbmZvQ2hhcmFjdGVyQ2xhc3M6Om1h dGNoQW1vdW50SW5kZXgoKSwgY291bnRSZWdpc3Rlcik7CisKICAgICAgICAgbm9uR3JlZWR5RmFp bHVyZXMuYXBwZW5kKGF0RW5kT2ZJbnB1dCgpKTsKICAgICAgICAgbm9uR3JlZWR5RmFpbHVyZXMu YXBwZW5kKGJyYW5jaDMyKEVxdWFsLCBjb3VudFJlZ2lzdGVyLCBJbW0zMih0ZXJtLT5xdWFudGl0 eU1heENvdW50LnVuc2FmZUdldCgpKSkpOwogCg==