Layout Test js/intl-collator.html is crashing on win 7 debug Run: <https://build.webkit.org/builders/Apple%20Win%207%20Debug%20(Tests)/builds/68184> Results: <https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r192057%20(68184)/results.html> Flakiness Dashboard: <http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=js%2Fintl-collator.html>
Marked as a crash on win debug in <https://trac.webkit.org/r192074>
From the error log (https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r192057%20(68184)/js/intl-collator-crash-log.txt), this seems to cause the crash: 05 002dc548 5ab475d9 WTF!WTF::String::String(char * characters = 0x00524c98 "standard", unsigned int length = 0xcccccccc)+0x36 [c:\cygwin\home\buildbot\slave\win-debug\build\source\wtf\wtf\text\wtfstring.cpp @ 69] 06 002dc5d0 5ab523ff JavaScriptCore!JSC::sortLocaleData(class WTF::String * locale = 0x002dc7a0, class WTF::String * key = 0x065f9978)+0xf9 [c:\cygwin\home\buildbot\slave\win-debug\build\source\javascriptcore\runtime\intlcollatorconstructor.cpp @ 78] These are lines 76 - 78 of runtime/IntlCollatorConstructor.cpp: int32_t length; while ((keywordValue = uenum_next(enumeration, &length, &status)) && U_SUCCESS(status)) { String collation(keywordValue, length); It seems that uenum_next() returned a string "standard" but incorrectly set the length to 0xcccccccc or probably didn't set the length at all. This looks like a bug in an old version of ICU. I tried to find it in the ICU repo but couldn't. uenum_next() returns a null-terminated string anyway. We don't need to use the length.
Created attachment 264915 [details] Patch
Comment on attachment 264915 [details] Patch r=me
Comment on attachment 264915 [details] Patch Clearing flags on attachment: 264915 Committed r192092: <http://trac.webkit.org/changeset/192092>
All reviewed patches have been landed. Closing bug.