WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
196477
REGRESSION (
r243642
): com.apple.JavaScriptCore crash in JSC::RegExpObject::execInline
https://bugs.webkit.org/show_bug.cgi?id=196477
Summary
REGRESSION (r243642): com.apple.JavaScriptCore crash in JSC::RegExpObject::ex...
Michael Saboff
Reported
2019-04-01 19:46:02 PDT
The following crash is seen with layout test js/regexp-unicode.html when using GuardMalloc: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 ??? 0x000000010b33e7f5 0 + 4482918389 1 com.apple.JavaScriptCore 0x0000000463c56d71 JSC::RegExpObject::execInline(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*) + 881 2 ??? 0x000000010b2fb16b 0 + 4482642283 3 com.apple.JavaScriptCore 0x00000004638ab8e7 llint_entry + 62084 4 com.apple.JavaScriptCore 0x000000046389c4b9 vmEntryToJavaScript + 200 5 com.apple.JavaScriptCore 0x00000004635fb3a7 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) + 2279 6 com.apple.JavaScriptCore 0x00000004635f741c JSC::eval(JSC::ExecState*) + 764 7 com.apple.JavaScriptCore 0x0000000463ea2fc6 operationCallEval + 102 8 ??? 0x000000010b33a236 0 + 4482900534 9 com.apple.JavaScriptCore 0x00000004638ab8e7 llint_entry + 62084 10 com.apple.JavaScriptCore 0x000000046389c4b9 vmEntryToJavaScript + 200 11 com.apple.JavaScriptCore 0x0000000463e0de10 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 11280 ...
Attachments
Patch
(6.20 KB, patch)
2019-04-01 20:38 PDT
,
Michael Saboff
no flags
Details
Formatted Diff
Diff
Updated patch
(6.19 KB, patch)
2019-04-01 21:47 PDT
,
Michael Saboff
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Michael Saboff
Comment 1
2019-04-01 19:46:16 PDT
<
rdar://problem/49482267
>
Michael Saboff
Comment 2
2019-04-01 20:38:13 PDT
Created
attachment 366467
[details]
Patch
Alexey Proskuryakov
Comment 3
2019-04-01 21:04:08 PDT
Comment on
attachment 366467
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=366467&action=review
> Source/JavaScriptCore/yarr/YarrJIT.cpp:1852 > +#if 0 // def JIT_UNICODE_EXPRESSIONS
Is this intentional?
Michael Saboff
Comment 4
2019-04-01 21:43:36 PDT
(In reply to Alexey Proskuryakov from
comment #3
)
> Comment on
attachment 366467
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=366467&action=review
> > > Source/JavaScriptCore/yarr/YarrJIT.cpp:1852 > > +#if 0 // def JIT_UNICODE_EXPRESSIONS > > Is this intentional?
No. It is a hold over from testing. I'll remove and repost.
Michael Saboff
Comment 5
2019-04-01 21:47:09 PDT
Created
attachment 366470
[details]
Updated patch
Keith Miller
Comment 6
2019-04-03 16:22:45 PDT
Comment on
attachment 366470
[details]
Updated patch r=me.
WebKit Commit Bot
Comment 7
2019-04-03 16:51:17 PDT
Comment on
attachment 366470
[details]
Updated patch Clearing flags on attachment: 366470 Committed
r243839
: <
https://trac.webkit.org/changeset/243839
>
WebKit Commit Bot
Comment 8
2019-04-03 16:51:19 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug