Bug 196684

Summary:

REGRESSION (r243642): Crash in reddit.com page

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ews-watchlist, ggaren, keith_miller, mark.lam, saam, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	ggaren: review+

Michael Saboff

Reported 2019-04-07 08:22:32 PDT

Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000705e35260 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [2522] VM Regions Near 0x705e35260: WebKit Malloc 0000000627e00000-0000000627f00000 [ 1024K] rw-/rwx SM=PRV --> WebAssembly memory (re 0000000800000000-0000001000000000 [ 32.0G] rw-/rwx SM=NUL reserved VM address space (unallocated) Application Specific Information: Bundle controller class: BrowserBundleController Enabled App Extensions: com.apple.ist.ds.appleconnect2.SafariExtension (APPLEBNISIGNED) (Version: 1288 - Display Version: 3.2.2) AppleConnect Safari Extension Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 ??? 0x000054c664c2e2eb 0 + 93211070751467 1 com.apple.JavaScriptCore 0x00007fff35f6b09f JSC::RegExpObject::execInline(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*) + 943 2 ??? 0x000054c664c0116b 0 + 93211070566763 3 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 4 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 5 com.apple.JavaScriptCore 0x00007fff35bbb852 llint_entry + 64383 6 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 7 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 8 com.apple.JavaScriptCore 0x00007fff35bbaf57 llint_entry + 62084 9 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 10 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 11 com.apple.JavaScriptCore 0x00007fff35bbaf57 llint_entry + 62084 12 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 13 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 14 com.apple.JavaScriptCore 0x00007fff35bbb852 llint_entry + 64383 15 com.apple.JavaScriptCore 0x00007fff35bbaee5 llint_entry + 61970 ...

Attachments
Patch (3.98 KB, patch) 2019-04-07 08:30 PDT, Michael Saboff	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2019-04-07 08:22:46 PDT

<rdar://problem/49589308>

Michael Saboff

Comment 2 2019-04-07 08:23:31 PDT

This page crashes: https://www.reddit.com/r/unpopularopinion/comments/b9pvhv/splitting_5050_after_a_divorce_is_not_fair/

Michael Saboff

Comment 3 2019-04-07 08:30:16 PDT

Created attachment 366905 [details] Patch

Geoffrey Garen

Comment 4 2019-04-07 16:03:45 PDT

Comment on attachment 366905 [details] Patch r=me

Michael Saboff

Comment 5 2019-04-07 16:24:47 PDT

Committed r243967: <https://trac.webkit.org/changeset/243967>

Note You need to log in before you can comment on or make changes to this bug.