67326 2011-08-31 15:00:52 -0700 fast/regex/overflow.html asserts in debug builds 2011-08-31 17:22:01 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 simon.fraser oliver msaboff oldest_to_newest 459964 0 simon.fraser 2011-08-31 15:00:52 -0700 fast/regex/overflow.html -> unexpected DumpRenderTree crash Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 000000010ae74000-000000010aefa000 [ 536K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: objc[27078]: garbage collection is OFF Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010b32f483 WTF::CrashOnOverflow::overflowed() + 35 (CheckedArithmetic.h:72) 1 com.apple.JavaScriptCore 0x000000010b33d127 WTF::Checked<int, WTF::CrashOnOverflow>::Checked<unsigned int>(WTF::Checked<unsigned int, WTF::CrashOnOverflow> const&) + 55 (CheckedArithmetic.h:449) 2 com.apple.JavaScriptCore 0x000000010b33d07d WTF::Checked<int, WTF::CrashOnOverflow>::Checked<unsigned int>(WTF::Checked<unsigned int, WTF::CrashOnOverflow> const&) + 29 (CheckedArithmetic.h:450) 3 com.apple.JavaScriptCore 0x000000010b33b519 JSC::Yarr::YarrGenerator::generateCharacterClassFixed(unsigned long) + 233 (YarrJIT.cpp:876) 4 com.apple.JavaScriptCore 0x000000010b339ed9 JSC::Yarr::YarrGenerator::generateTerm(unsigned long) + 377 (YarrJIT.cpp:1088) 5 com.apple.JavaScriptCore 0x000000010b331f1d JSC::Yarr::YarrGenerator::generate() + 221 (YarrJIT.cpp:1205) 6 com.apple.JavaScriptCore 0x000000010b330740 JSC::Yarr::YarrGenerator::compile(JSC::JSGlobalData*, JSC::Yarr::YarrCodeBlock&) + 368 (YarrJIT.cpp:2429) 7 com.apple.JavaScriptCore 0x000000010b3301e5 JSC::Yarr::jitCompile(JSC::Yarr::YarrPattern&, JSC::JSGlobalData*, JSC::Yarr::YarrCodeBlock&) + 69 (YarrJIT.cpp:2466) 8 com.apple.JavaScriptCore 0x000000010b2d85e0 JSC::RegExp::compile(JSC::JSGlobalData*) + 976 (RegExp.cpp:138) 9 com.apple.JavaScriptCore 0x000000010b2d8fb5 JSC::RegExp::compileIfNecessary(JSC::JSGlobalData&) + 69 (RegExp.h:100) 10 com.apple.JavaScriptCore 0x000000010b2d8804 JSC::RegExp::match(JSC::JSGlobalData&, JSC::UString const&, int, WTF::Vector<int, 32ul>*) + 180 (RegExp.cpp:171) 11 com.apple.JavaScriptCore 0x000000010b2e504a JSC::RegExpConstructor::performMatch(JSC::JSGlobalData&, JSC::RegExp*, JSC::UString const&, int, int&, int&, int**) + 138 (RegExpConstructor.h:120) 12 com.apple.JavaScriptCore 0x000000010b2e419a JSC::RegExpObject::match(JSC::ExecState*) + 298 (RegExpObject.cpp:188) 13 com.apple.JavaScriptCore 0x000000010b2e445d JSC::RegExpObject::exec(JSC::ExecState*) + 29 (RegExpObject.cpp:174) 14 com.apple.JavaScriptCore 0x000000010b2e6030 _ZN3JSCL19regExpProtoFuncExecEPNS_9ExecStateE + 112 (RegExpPrototype.cpp:95) 15 ??? 0x000026c1cb4011f8 0 + 42613780517368 16 com.apple.JavaScriptCore 0x000000010b174554 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 100 (JITCode.h:80) 17 com.apple.JavaScriptCore 0x000000010b16c898 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, int, JSC::ScopeChainNode*) + 2984 (Interpreter.cpp:1296) 18 com.apple.JavaScriptCore 0x000000010b16bc7f JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int) + 1583 (Interpreter.cpp:463) 19 com.apple.JavaScriptCore 0x000000010b1b3623 cti_op_call_eval + 803 (JITStubs.cpp:3207) 20 com.apple.JavaScriptCore 0x000000010b1b71a0 0x10b042000 + 1528224 21 com.apple.JavaScriptCore 0x000000010b174554 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 100 (JITCode.h:80) 22 com.apple.JavaScriptCore 0x000000010b16fc51 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 5873 (Interpreter.cpp:898) 23 com.apple.JavaScriptCore 0x000000010b0c9016 JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue) + 662 (Completion.cpp:66) 24 com.apple.WebCore 0x000000010cd9631e WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue) + 62 (JSMainThreadExecState.h:57) 25 com.apple.WebCore 0x000000010d4c8b27 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 519 (ScriptController.cpp:142) 26 com.apple.WebCore 0x000000010d4c8df4 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 68 (ScriptController.cpp:162) 27 com.apple.WebCore 0x000000010d4e1590 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 560 (ScriptElement.cpp:292) 28 com.apple.WebCore 0x000000010c93ee9f WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) + 623 (HTMLScriptRunner.cpp:139) 29 com.apple.WebCore 0x000000010c93ebc6 WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 454 (HTMLScriptRunner.cpp:118) 30 com.apple.WebCore 0x000000010c93f7ba WebCore::HTMLScriptRunner::executeParsingBlockingScripts() + 90 (HTMLScriptRunner.cpp:196) 31 com.apple.WebCore 0x000000010c93f959 WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) + 377 (HTMLScriptRunner.cpp:206) 32 com.apple.WebCore 0x000000010c8b2962 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 530 (HTMLDocumentParser.cpp:524) 33 com.apple.WebCore 0x000000010c8b2a2f non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 47 34 com.apple.WebCore 0x000000010c20484d WebCore::CachedResource::checkNotify() + 125 (CachedResource.cpp:151) 35 com.apple.WebCore 0x000000010c21fef1 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 193 (CachedScript.cpp:105) 36 com.apple.WebCore 0x000000010c21e146 WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) + 614 (CachedResourceRequest.cpp:169) 37 com.apple.WebCore 0x000000010d5cd7de WebCore::SubresourceLoader::didFinishLoading(double) + 206 (SubresourceLoader.cpp:196) 38 com.apple.WebCore 0x000000010d489a9c WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 188 (ResourceLoader.cpp:473) 39 com.apple.WebCore 0x000000010d485a75 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 261 (ResourceHandleMac.mm:891) 40 com.apple.Foundation 0x00007fff8f634302 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 122 41 com.apple.Foundation 0x00007fff8f634282 _NSURLConnectionDidFinishLoading + 81 42 com.apple.CFNetwork 0x00007fff90a06136 URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 296 43 com.apple.CFNetwork 0x00007fff90ab5dfe URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 862 44 com.apple.CFNetwork 0x00007fff90ab5fea URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354 45 com.apple.CFNetwork 0x00007fff909e107d URLConnectionClient::processEvents() + 185 46 com.apple.CFNetwork 0x00007fff909e0f22 MultiplexerSource::perform() + 212 47 com.apple.CoreFoundation 0x00007fff96181c51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 48 com.apple.CoreFoundation 0x00007fff961814bd __CFRunLoopDoSources0 + 253 49 com.apple.CoreFoundation 0x00007fff961a82d9 __CFRunLoopRun + 905 50 com.apple.CoreFoundation 0x00007fff961a7c16 CFRunLoopRunSpecific + 230 51 com.apple.Foundation 0x00007fff8f5d7c3f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267 52 DumpRenderTree 0x000000010ae8991e _ZL7runTestRKSs + 2990 (DumpRenderTree.mm:1162) 53 DumpRenderTree 0x000000010ae88caf _ZL20runTestingServerLoopv + 223 (DumpRenderTree.mm:635) 54 DumpRenderTree 0x000000010ae88589 dumpRenderTree(int, char const**) + 361 (DumpRenderTree.mm:688) 55 DumpRenderTree 0x000000010ae8a0ac main + 124 (DumpRenderTree.mm:729) 460086 1 105862 oliver 2011-08-31 17:00:10 -0700 Created attachment 105862 Patch 460106 2 oliver 2011-08-31 17:22:01 -0700 Committed r94254: <http://trac.webkit.org/changeset/94254> 105862 2011-08-31 17:00:10 -0700 2011-08-31 17:14:45 -0700 Patch bug-67326-20110831170008.patch text/plain 2535 oliver U3VidmVyc2lvbiBSZXZpc2lvbjogOTQyNDcKZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IGI4 MTAzNWVjM2NhNzY4ZTU1OTg5ZmIyMjUzYWUxZjBiNGVkZjM1ZDEuLmRhOTg3YjQ3MDAzMzlhNjhm MjBlNjI5M2RjOThlYTZiZjQ4OGMwZDEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwpAQCAtMSwz ICsxLDE4IEBACisyMDExLTA4LTMxICBPbGl2ZXIgSHVudCAgPG9saXZlckBhcHBsZS5jb20+CisK KyAgICAgICAgZmFzdC9yZWdleC9vdmVyZmxvdy5odG1sIGFzc2VydHMgaW4gZGVidWcgYnVpbGRz CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD02NzMyNgor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSBkZWxp YmVyYXRlIG92ZXJmbG93cyBpbiB0aGVzZSBleHByZXNzaW9ucyBkb24ndCBpbnRlcmFjdCBuaWNl bHkKKyAgICAgICAgd2l0aCBDaGVja2VkPDMyYml0LXR5cGU+IHNvIHdlIGp1c3QgYnVtcCB1cCB0 byBDaGVja2VkPGludDY0X3Q+IGZvciB0aGUKKyAgICAgICAgaW50ZXJtZWRpYXRlIGNhbGN1bGF0 aW9ucy4KKworICAgICAgICAqIHlhcnIvWWFyckpJVC5jcHA6CisgICAgICAgIChKU0M6OllhcnI6 OllhcnJHZW5lcmF0b3I6OmdlbmVyYXRlUGF0dGVybkNoYXJhY3RlckZpeGVkKToKKyAgICAgICAg KEpTQzo6WWFycjo6WWFyckdlbmVyYXRvcjo6Z2VuZXJhdGVDaGFyYWN0ZXJDbGFzc0ZpeGVkKToK KwogMjAxMS0wOC0zMSAgUGV0ZXIgQmV2ZXJsb28gIDxwZXRlckBjaHJvbWl1bS5vcmc+CiAKICAg ICAgICAgQWRkIEFuZHJvaWQncyBwbGF0Zm9ybSBzcGVjaWZpY2F0aW9uIGFuZCB0aGUgcmlnaHQg YXRvbWljIGZ1bmN0aW9ucy4KZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS95YXJy L1lhcnJKSVQuY3BwIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3lhcnIvWWFyckpJVC5jcHAKaW5k ZXggMDY0OTY2MTVhNGZjNTNiOTMwZjllYzU3ZDgwYjdjYmY4MzJmZDU3OC4uOGM1MzcyZDZkOTQ1 MTI3M2EzMWM4OWVlZDQzMDY2YjZkNjNiNWIwZiAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3Jp cHRDb3JlL3lhcnIvWWFyckpJVC5jcHAKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3lhcnIv WWFyckpJVC5jcHAKQEAgLTcxOSw3ICs3MTksNyBAQCBjbGFzcyBZYXJyR2VuZXJhdG9yIDogcHJp dmF0ZSBNYWNyb0Fzc2VtYmxlciB7CiAgICAgICAgIHN1YjMyKEltbTMyKHRlcm0tPnF1YW50aXR5 Q291bnQudW5zYWZlR2V0KCkpLCBjb3VudFJlZ2lzdGVyKTsKIAogICAgICAgICBMYWJlbCBsb29w KHRoaXMpOwotICAgICAgICBCYXNlSW5kZXggYWRkcmVzcyhpbnB1dCwgY291bnRSZWdpc3Rlciwg VGltZXNUd28sICgodGVybS0+aW5wdXRQb3NpdGlvbiAtIG1fY2hlY2tlZCArIENoZWNrZWQ8aW50 Pih0ZXJtLT5xdWFudGl0eUNvdW50KSkgKiBzdGF0aWNfY2FzdDxpbnQ+KHNpemVvZihVQ2hhcikp KS51bnNhZmVHZXQoKSk7CisgICAgICAgIEJhc2VJbmRleCBhZGRyZXNzKGlucHV0LCBjb3VudFJl Z2lzdGVyLCBUaW1lc1R3bywgKENoZWNrZWQ8aW50Pih0ZXJtLT5pbnB1dFBvc2l0aW9uIC0gbV9j aGVja2VkICsgQ2hlY2tlZDxpbnQ2NF90Pih0ZXJtLT5xdWFudGl0eUNvdW50KSkgKiBzdGF0aWNf Y2FzdDxpbnQ+KHNpemVvZihVQ2hhcikpKS51bnNhZmVHZXQoKSk7CiAKICAgICAgICAgaWYgKG1f cGF0dGVybi5tX2lnbm9yZUNhc2UgJiYgaXNBU0NJSUFscGhhKGNoKSkgewogICAgICAgICAgICAg bG9hZDE2KGFkZHJlc3MsIGNoYXJhY3Rlcik7CkBAIC04NzMsNyArODczLDcgQEAgY2xhc3MgWWFy ckdlbmVyYXRvciA6IHByaXZhdGUgTWFjcm9Bc3NlbWJsZXIgewogCiAgICAgICAgIExhYmVsIGxv b3AodGhpcyk7CiAgICAgICAgIEp1bXBMaXN0IG1hdGNoRGVzdDsKLSAgICAgICAgbG9hZDE2KEJh c2VJbmRleChpbnB1dCwgY291bnRSZWdpc3RlciwgVGltZXNUd28sICgodGVybS0+aW5wdXRQb3Np dGlvbiAtIG1fY2hlY2tlZCArIENoZWNrZWQ8aW50Pih0ZXJtLT5xdWFudGl0eUNvdW50KSkgKiBz dGF0aWNfY2FzdDxpbnQ+KHNpemVvZihVQ2hhcikpKS51bnNhZmVHZXQoKSksIGNoYXJhY3Rlcik7 CisgICAgICAgIGxvYWQxNihCYXNlSW5kZXgoaW5wdXQsIGNvdW50UmVnaXN0ZXIsIFRpbWVzVHdv LCAoQ2hlY2tlZDxpbnQ+KHRlcm0tPmlucHV0UG9zaXRpb24gLSBtX2NoZWNrZWQgKyBDaGVja2Vk PGludDY0X3Q+KHRlcm0tPnF1YW50aXR5Q291bnQpKSAqIHN0YXRpY19jYXN0PGludD4oc2l6ZW9m KFVDaGFyKSkpLnVuc2FmZUdldCgpKSwgY2hhcmFjdGVyKTsKICAgICAgICAgbWF0Y2hDaGFyYWN0 ZXJDbGFzcyhjaGFyYWN0ZXIsIG1hdGNoRGVzdCwgdGVybS0+Y2hhcmFjdGVyQ2xhc3MpOwogCiAg ICAgICAgIGlmICh0ZXJtLT5pbnZlcnQoKSkK