Bug 196684

Summary:

REGRESSION (r243642): Crash in reddit.com page

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ews-watchlist, ggaren, keith_miller, mark.lam, saam, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	ggaren: review+

Description Michael Saboff 2019-04-07 08:22:32 PDT

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000705e35260
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [2522]

VM Regions Near 0x705e35260:
    WebKit Malloc          0000000627e00000-0000000627f00000 [ 1024K] rw-/rwx SM=PRV  
--> 
    WebAssembly memory (re 0000000800000000-0000001000000000 [ 32.0G] rw-/rwx SM=NUL  reserved VM address space (unallocated)

Application Specific Information:
Bundle controller class:
BrowserBundleController
 
Enabled App Extensions:
com.apple.ist.ds.appleconnect2.SafariExtension (APPLEBNISIGNED) (Version: 1288 - Display Version: 3.2.2) AppleConnect Safari Extension
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   ???                           	0x000054c664c2e2eb 0 + 93211070751467
1   com.apple.JavaScriptCore      	0x00007fff35f6b09f JSC::RegExpObject::execInline(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*) + 943
2   ???                           	0x000054c664c0116b 0 + 93211070566763
3   com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
4   com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
5   com.apple.JavaScriptCore      	0x00007fff35bbb852 llint_entry + 64383
6   com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
7   com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
8   com.apple.JavaScriptCore      	0x00007fff35bbaf57 llint_entry + 62084
9   com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
10  com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
11  com.apple.JavaScriptCore      	0x00007fff35bbaf57 llint_entry + 62084
12  com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
13  com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
14  com.apple.JavaScriptCore      	0x00007fff35bbb852 llint_entry + 64383
15  com.apple.JavaScriptCore      	0x00007fff35bbaee5 llint_entry + 61970
...

Comment 1 Michael Saboff 2019-04-07 08:22:46 PDT

<rdar://problem/49589308>

Comment 2 Michael Saboff 2019-04-07 08:23:31 PDT

This page crashes: https://www.reddit.com/r/unpopularopinion/comments/b9pvhv/splitting_5050_after_a_divorce_is_not_fair/

Comment 3 Michael Saboff 2019-04-07 08:30:16 PDT

Created attachment 366905 [details]
Patch

Comment 4 Geoffrey Garen 2019-04-07 16:03:45 PDT

Comment on attachment 366905 [details]
Patch

r=me

Comment 5 Michael Saboff 2019-04-07 16:24:47 PDT

Committed r243967: <https://trac.webkit.org/changeset/243967>