Bug 167400

Summary: Always crashed with youtube/tv on ARM platfrom
Product: WebKit Reporter: Mark Wang <mwang>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Critical CC: fpizlo, ggaren, keith_miller, mark.lam
Priority: P2    
Version: WebKit Local Build   
Hardware: Other   
OS: Linux   
Attachments:
Description Flags
the patch to fix this issue. none

Mark Wang
Reported 2017-01-24 18:15:38 PST
When loading www.youtube.com/tv, the crash always happens if playing anyone of videos. My runing environment is: 1/ ARM platfrom. 2/ webkitgtk-2.12.2 3/ JIT is disabled. It can't be reproduced on other platforms, like mips.
Attachments
the patch to fix this issue. (1.14 KB, patch)
2017-01-24 18:32 PST, Mark Wang 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Wang
Comment 1 2017-01-24 18:29:33 PST
The crash is caused by DataView.getFloat32(). On ARM platform, DataView.getFloat32() requires an aligned address, otherwise, it causes crash.
Mark Wang
Comment 2 2017-01-24 18:32:01 PST
Created attachment 299661 [details] the patch to fix this issue. the patch is verified on ARM platform. It can fix the crash issue.
Alexey Proskuryakov
Comment 3 2017-01-24 23:07:45 PST
Do you observe the crash when compiling with gcc?
Mark Wang
Comment 4 2017-01-25 00:40:03 PST
(In reply to comment #3) > Do you observe the crash when compiling with gcc? When compiling JSDataViewPrototype.cpp, no any error or warninngs is outputed in the console. In fact, DataView.getFloat32() could read a float from the buffer with any offset. The compiler can't know the offset for the alignment.
Keith Miller
Comment 5 2017-01-25 10:23:58 PST
This fix looks reasonable but we should just skip the #ifs and just use the memcpy version on all platforms. The compiler should convert the memcpy into a load on platforms where they are equivalent anyway. I would just add a comment saying that the load may not be aligned so we use memcpy to implement the load.
Mark Lam
Comment 6 2017-01-25 10:26:10 PST
(In reply to comment #5) > This fix looks reasonable but we should just skip the #ifs and just use the > memcpy version on all platforms. The compiler should convert the memcpy into > a load on platforms where they are equivalent anyway. I would just add a > comment saying that the load may not be aligned so we use memcpy to > implement the load. Also, please add a ChangeLog. See https://webkit.org/contributing-code/ for more details.
Note You need to log in before you can comment on or make changes to this bug.