72455 2011-11-15 19:54:47 -0800 QNX StackBase doesn't take guard page into account 2011-11-16 04:36:40 -0800 1 1 1 Unclassified WebKit Platform 528+ (Nightly build) Other Other RESOLVED FIXED P1 Critical --- 1 staikos webkit-unassigned dbates webkit.review.bot oldest_to_newest 503532 0 115305 staikos 2011-11-15 19:54:47 -0800 Created attachment 115305 Patch to fix the crash by excluding the guard page from the stack. There is a 4kb guard page on the stack on QNX. The current code doesn't take this into account, causing it to crash before hitting the recursion/stack guard in WTF. Crashes multiple layout tests including large-expressions.js and regress-96526-002.js 503535 1 115305 staikos 2011-11-15 19:57:07 -0800 Comment on attachment 115305 Patch to fix the crash by excluding the guard page from the stack. Missing changelog 503557 2 115314 staikos 2011-11-15 20:46:52 -0800 Created attachment 115314 Add patch with changelog 503566 3 115314 dbates 2011-11-15 21:11:40 -0800 Comment on attachment 115314 Add patch with changelog View in context: https://bugs.webkit.org/attachment.cgi?id=115314&action=review Thanks for the patch! > Source/JavaScriptCore/wtf/StackBounds.cpp:110 > + m_bound = static_cast<char*>(stackBase) + 0x1000; // 4kb guard page This is OK as-is. We should look to query the OS for the page size. 503593 4 115314 webkit.review.bot 2011-11-15 22:21:20 -0800 Comment on attachment 115314 Add patch with changelog Clearing flags on attachment: 115314 Committed r100406: <http://trac.webkit.org/changeset/100406> 503594 5 webkit.review.bot 2011-11-15 22:21:25 -0800 All reviewed patches have been landed. Closing bug. 503762 6 staikos 2011-11-16 04:36:40 -0800 (In reply to comment #3) > (From update of attachment 115314 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=115314&action=review > > Thanks for the patch! > > > Source/JavaScriptCore/wtf/StackBounds.cpp:110 > > + m_bound = static_cast<char*>(stackBase) + 0x1000; // 4kb guard page > > This is OK as-is. We should look to query the OS for the page size. There is no way to do that yet other than read the book, as far as I know. 115305 2011-11-15 19:54:47 -0800 2011-11-15 20:13:32 -0800 Patch to fix the crash by excluding the guard page from the stack. 0001-2011-11-15-George-Staikos-gstaikos-rim.com.patch text/plain 1022 staikos RnJvbSBhMzllNWJmODcwNjg0YTQzMzY1NDk0MGJmNmVlZmIxYzgyYzcyN2Y0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgU3RhaWtvcyA8c3RhaWtvc0B3ZWJraXQub3JnPgpE YXRlOiBUdWUsIDE1IE5vdiAyMDExIDE5OjQ1OjI0IC0wNTAwClN1YmplY3Q6IFtQQVRDSF0gMjAx MS0xMS0xNSAgR2VvcmdlIFN0YWlrb3MgIDxzdGFpa29zQHdlYmtpdC5vcmc+CgogICAgICAgIFJl bW92ZSB0aGUgZ3VhcmQgcGFnZSBmcm9tIHRoZSBhZGRyZXNzYWJsZSBzdGFjayByZWdpb24gb24g UU5YLgoKICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KCiAgICAgICAgKiB3dGYv U3RhY2tCb3VuZHMuY3BwOgogICAgICAgIChXVEY6OlN0YWNrQm91bmRzOjppbml0aWFsaXplKToK LS0tCiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvd3RmL1N0YWNrQm91bmRzLmNwcCB8ICAgIDIgKy0K IDEgZmlsZXMgY2hhbmdlZCwgMSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvU3RhY2tCb3VuZHMuY3BwIGIvU291cmNl L0phdmFTY3JpcHRDb3JlL3d0Zi9TdGFja0JvdW5kcy5jcHAKaW5kZXggYWEzYTliNC4uZDIzMDkw MyAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3d0Zi9TdGFja0JvdW5kcy5jcHAK KysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3d0Zi9TdGFja0JvdW5kcy5jcHAKQEAgLTEwNyw3 ICsxMDcsNyBAQCB2b2lkIFN0YWNrQm91bmRzOjppbml0aWFsaXplKCkKICAgICBzdGFja1NpemUg PSB0aHJlYWRJbmZvLnN0a3NpemU7CiAgICAgQVNTRVJUKHN0YWNrQmFzZSk7CiAKLSAgICBtX2Jv dW5kID0gc3RhY2tCYXNlOworICAgIG1fYm91bmQgPSBzdGF0aWNfY2FzdDxjaGFyKj4oc3RhY2tC YXNlKSArIDB4MTAwMDsgLy8gNGtiIGd1YXJkIHBhZ2UKICAgICBtX29yaWdpbiA9IHN0YXRpY19j YXN0PGNoYXIqPihzdGFja0Jhc2UpICsgc3RhY2tTaXplOwogfQogCi0tIAoxLjcuMC4yCgo= 115314 2011-11-15 20:46:52 -0800 2011-11-15 22:21:18 -0800 Add patch with changelog 72455.patch text/plain 1640 staikos RnJvbSBhMzllNWJmODcwNjg0YTQzMzY1NDk0MGJmNmVlZmIxYzgyYzcyN2Y0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgU3RhaWtvcyA8c3RhaWtvc0B3ZWJraXQub3JnPgpE YXRlOiBUdWUsIDE1IE5vdiAyMDExIDE5OjQ1OjI0IC0wNTAwClN1YmplY3Q6IFtQQVRDSF0gMjAx MS0xMS0xNSAgR2VvcmdlIFN0YWlrb3MgIDxzdGFpa29zQHdlYmtpdC5vcmc+CgogICAgICAgIFJl bW92ZSB0aGUgZ3VhcmQgcGFnZSBmcm9tIHRoZSBhZGRyZXNzYWJsZSBzdGFjayByZWdpb24gb24g UU5YLgoKICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KCiAgICAgICAgKiB3dGYv U3RhY2tCb3VuZHMuY3BwOgogICAgICAgIChXVEY6OlN0YWNrQm91bmRzOjppbml0aWFsaXplKToK LS0tCiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvd3RmL1N0YWNrQm91bmRzLmNwcCB8ICAgIDIgKy0K IDEgZmlsZXMgY2hhbmdlZCwgMSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvU3RhY2tCb3VuZHMuY3BwIGIvU291cmNl L0phdmFTY3JpcHRDb3JlL3d0Zi9TdGFja0JvdW5kcy5jcHAKaW5kZXggYWEzYTliNC4uZDIzMDkw MyAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3d0Zi9TdGFja0JvdW5kcy5jcHAK KysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3d0Zi9TdGFja0JvdW5kcy5jcHAKQEAgLTEwNyw3 ICsxMDcsNyBAQCB2b2lkIFN0YWNrQm91bmRzOjppbml0aWFsaXplKCkKICAgICBzdGFja1NpemUg PSB0aHJlYWRJbmZvLnN0a3NpemU7CiAgICAgQVNTRVJUKHN0YWNrQmFzZSk7CiAKLSAgICBtX2Jv dW5kID0gc3RhY2tCYXNlOworICAgIG1fYm91bmQgPSBzdGF0aWNfY2FzdDxjaGFyKj4oc3RhY2tC YXNlKSArIDB4MTAwMDsgLy8gNGtiIGd1YXJkIHBhZ2UKICAgICBtX29yaWdpbiA9IHN0YXRpY19j YXN0PGNoYXIqPihzdGFja0Jhc2UpICsgc3RhY2tTaXplOwogfQogCmRpZmYgLS1naXQgYS9Tb3Vy Y2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5n ZUxvZwppbmRleCBhYTNhOWI0Li5kMjMwOTAzIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAg LTEsMyArMSwxMyBAQAorMjAxMS0xMS0xNSAgR2VvcmdlIFN0YWlrb3MgIDxzdGFpa29zQHdlYmtp dC5vcmc+CisKKyAgICAgICAgUmVtb3ZlIHRoZSBndWFyZCBwYWdlIGZyb20gdGhlIGFkZHJlc3Nh YmxlIHN0YWNrIHJlZ2lvbiBvbiBRTlguCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD03MjQ1NQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgICogd3RmL1N0YWNrQm91bmRzLmNwcDoKKyAgICAgICAgKFdURjo6U3Rh Y2tCb3VuZHM6OmluaXRpYWxpemUpOgorCiAyMDExLTA4LTAyICBGaWxpcCBQaXpsbyAgPGZwaXps b0BhcHBsZS5jb20+CiAKICAgICAgICAgSlNDIEdDIHVzZXMgZHVtbXkgY2VsbHMgdG8gYXZvaWQg aGF2aW5nIHRvIHJlbWVtYmVyIHdoaWNoIGNlbGxzCi0tIAoxLjcuMC4yCgo=