Summary: | Layout Test js/intl-collator.html is crashing on win 7 debug | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Ryan Haddad <ryanhaddad> | ||||
Component: | JavaScriptCore | Assignee: | Sukolsak Sakshuwong <sukolsak> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | ap, benjamin, commit-queue, darin, sukolsak | ||||
Priority: | P2 | ||||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=147601 | ||||||
Attachments: |
|
Description
Ryan Haddad
2015-11-05 13:57:53 PST
Marked as a crash on win debug in <https://trac.webkit.org/r192074> From the error log (https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r192057%20(68184)/js/intl-collator-crash-log.txt), this seems to cause the crash: 05 002dc548 5ab475d9 WTF!WTF::String::String(char * characters = 0x00524c98 "standard", unsigned int length = 0xcccccccc)+0x36 [c:\cygwin\home\buildbot\slave\win-debug\build\source\wtf\wtf\text\wtfstring.cpp @ 69] 06 002dc5d0 5ab523ff JavaScriptCore!JSC::sortLocaleData(class WTF::String * locale = 0x002dc7a0, class WTF::String * key = 0x065f9978)+0xf9 [c:\cygwin\home\buildbot\slave\win-debug\build\source\javascriptcore\runtime\intlcollatorconstructor.cpp @ 78] These are lines 76 - 78 of runtime/IntlCollatorConstructor.cpp: int32_t length; while ((keywordValue = uenum_next(enumeration, &length, &status)) && U_SUCCESS(status)) { String collation(keywordValue, length); It seems that uenum_next() returned a string "standard" but incorrectly set the length to 0xcccccccc or probably didn't set the length at all. This looks like a bug in an old version of ICU. I tried to find it in the ICU repo but couldn't. uenum_next() returns a null-terminated string anyway. We don't need to use the length. Created attachment 264915 [details]
Patch
Comment on attachment 264915 [details]
Patch
r=me
Comment on attachment 264915 [details] Patch Clearing flags on attachment: 264915 Committed r192092: <http://trac.webkit.org/changeset/192092> All reviewed patches have been landed. Closing bug. |