Bug 188331

Summary: REGRESSION (r208953): TemplateObjectDescriptor constructor calculates m_hash on use-after-move variable
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 164898    
Bug Blocks:    
Attachments:
Description Flags
Patch v1 none

David Kilzer (:ddkilzer)
Reported 2018-08-04 12:22:19 PDT
TemplateObjectDescriptor constructor calculates m_hash on use-after-move variable: inline TemplateObjectDescriptor::TemplateObjectDescriptor(StringVector&& rawStrings, OptionalStringVector&& cookedStrings) : m_rawStrings(WTFMove(rawStrings)) , m_cookedStrings(WTFMove(cookedStrings)) , m_hash(calculateHash(rawStrings)) { } It should probably use m_rawstrings instead.
Attachments
Patch v1 (1.53 KB, patch)
2018-08-04 12:27 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2018-08-04 12:23:25 PDT
Regressed in r208953: Bug 164898: Crash in com.apple.JavaScriptCore: WTF::ThreadSpecific<WTF::WTFThreadData, + 142 ​<https://bugs.webkit.org/show_bug.cgi?id=164898> <https://trac.webkit.org/changeset/208953/webkit>
Yusuke Suzuki
Comment 2 2018-08-04 12:24:18 PDT
Oops!
David Kilzer (:ddkilzer)
Comment 3 2018-08-04 12:27:00 PDT
Created attachment 346593 [details] Patch v1 Not sure how to write a test for this.
Radar WebKit Bug Importer
Comment 4 2018-08-04 12:27:26 PDT
<rdar://problem/42935448>
David Kilzer (:ddkilzer)
Comment 5 2018-08-04 12:28:15 PDT
(In reply to David Kilzer (:ddkilzer) from comment #3) > Created attachment 346593 [details] > Patch v1 > > Not sure how to write a test for this. Also not sure of the user visible effect. Just poor performance when looking up items in the hash?
Yusuke Suzuki
Comment 6 2018-08-04 12:28:34 PDT
Comment on attachment 346593 [details] Patch v1 r=me
David Kilzer (:ddkilzer)
Comment 7 2018-08-04 12:29:15 PDT
<rdar://problem/42882339>
Yusuke Suzuki
Comment 8 2018-08-04 12:29:31 PDT
(In reply to David Kilzer (:ddkilzer) from comment #5) > (In reply to David Kilzer (:ddkilzer) from comment #3) > > Created attachment 346593 [details] > > Patch v1 > > > > Not sure how to write a test for this. > > Also not sure of the user visible effect. Just poor performance when > looking up items in the hash? I think so. Calculating a hash on empty vector (moved).
WebKit Commit Bot
Comment 9 2018-08-04 13:07:21 PDT
Comment on attachment 346593 [details] Patch v1 Clearing flags on attachment: 346593 Committed r234580: <https://trac.webkit.org/changeset/234580>
WebKit Commit Bot
Comment 10 2018-08-04 13:07:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.