168971 – Null pointer crash when loading module with unresolved import also as a script file

Bug 168971 - Null pointer crash when loading module with unresolved import also as a script file

Summary: Null pointer crash when loading module with unresolved import also as a scrip...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-02-28 08:44 PST by André Bargull
Modified:	2017-03-06 08:57 PST (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (6.32 KB, patch) 2017-03-02 01:31 PST, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Patch (6.06 KB, patch) 2017-03-02 01:33 PST, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description André Bargull 2017-02-28 08:44:01 PST

svn revision: 213147

Test file, t.js:
---
import {x} from "./t.js"
---

STR:
- Start JSC shell with: ~/svn/webkit/WebKitBuild/Debug/bin/jsc -m t.js -f t.js

Crashes with:
---
Thread 1 "jsc" received signal SIGSEGV, Segmentation fault.
0x000000000046f5f0 in JSC::MarkedBlock::vm (this=0x0) at ../../Source/JavaScriptCore/heap/MarkedBlock.h:411
---

Stack trace:
---
#0  0x000000000046f5f0 in JSC::MarkedBlock::vm (this=0x0) at ../../Source/JavaScriptCore/heap/MarkedBlock.h:411
#1  0x000000000047c4fe in JSC::HeapCell::vm (this=0x0) at ../../Source/JavaScriptCore/heap/HeapCellInlines.h:67
#2  0x00007ffff68b2b32 in JSC::Interpreter::execute (this=0x7fffef5fe080, executable=0x7fffaed4c320, callFrame=0x7fffffffcd60, scope=0x0) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1173
#3  0x00007ffff6b9de2e in JSC::JSModuleRecord::evaluate (this=0x7fffaed500a0, exec=0x7fffffffcd60) at ../../Source/JavaScriptCore/runtime/JSModuleRecord.cpp:207
#4  0x00007ffff6b97bc7 in JSC::JSModuleLoader::evaluate (this=0x7fffaedb0190, exec=0x7fffffffcd60, key=..., moduleRecordValue=..., scriptFetcher=...)
    at ../../Source/JavaScriptCore/runtime/JSModuleLoader.cpp:238
#5  0x00007ffff6c28def in JSC::moduleLoaderPrototypeEvaluate (exec=0x7fffffffcd60) at ../../Source/JavaScriptCore/runtime/ModuleLoaderPrototype.cpp:245
...
---

Comment 1 Radar WebKit Bug Importer 2017-03-01 22:36:03 PST

<rdar://problem/30801142>

Comment 2 Yusuke Suzuki 2017-03-02 01:31:57 PST

Created attachment 303181 [details]
Patch

Comment 3 Yusuke Suzuki 2017-03-02 01:33:59 PST

Created attachment 303182 [details]
Patch

Comment 4 Saam Barati 2017-03-04 17:27:29 PST

Comment on attachment 303182 [details]
Patch

r=me

Comment 5 Yusuke Suzuki 2017-03-06 08:29:55 PST

Comment on attachment 303182 [details]
Patch

Thanks!

Comment 6 WebKit Commit Bot 2017-03-06 08:57:14 PST

Comment on attachment 303182 [details]
Patch

Clearing flags on attachment: 303182

Committed r213452: <http://trac.webkit.org/changeset/213452>

Comment 7 WebKit Commit Bot 2017-03-06 08:57:19 PST

All reviewed patches have been landed.  Closing bug.