We get this crash when using a JSC configFile and libgmalloc: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106a13fb0) * frame #0: 0x00007fff581b0712 libsystem_platform.dylib`_platform_strlen + 18 frame #1: 0x0000000101814731 JavaScriptCore`JSC::Options::setOptions(optionsStr="") at Options.cpp:647:21 frame #2: 0x000000010163c3dc JavaScriptCore`JSC::ConfigFile::parse(this=0x00007ffeefbfec10) at ConfigFile.cpp:470:13 frame #3: 0x000000010164355b JavaScriptCore`JSC::processConfigFile(this=0x00007ffeefbff520)::$_1::operator()() const at ConfigFile.cpp:536:24 frame #4: 0x000000010164347d JavaScriptCore`decltype(__f=0x00007ffeefbff520)::$_1>(fp)()) std::__1::__invoke<JSC::processConfigFile(char const*, char const*, char const*)::$_1>(JSC::processConfigFile(char const*, char const*, char const*)::$_1&&) at type_traits:4345:1 frame #5: 0x0000000101643458 JavaScriptCore`void std::__1::__call_once_param<std::__1::tuple<JSC::processConfigFile(char const*, char const*, char const*)::$_1&&> >::__execute<>(this=0x00007ffeefbff4f0, (null)=__tuple_indices<> @ 0x00007ffeefbff458) at mutex:621:9 frame #6: 0x0000000101643425 JavaScriptCore`std::__1::__call_once_param<std::__1::tuple<JSC::processConfigFile(char const*, char const*, char const*)::$_1&&> >::operator(this=0x00007ffeefbff4f0)() at mutex:613:9 frame #7: 0x00000001016432fd JavaScriptCore`void std::__1::__call_once_proxy<std::__1::tuple<JSC::processConfigFile(char const*, char const*, char const*)::$_1&&> >(__vp=0x00007ffeefbff4f0) at mutex:649:5 frame #8: 0x00007fff5569b896 libc++.1.dylib`std::__1::__call_once(unsigned long volatile&, void*, void (*)(void*)) + 139 frame #9: 0x000000010163c9cc JavaScriptCore`void std::__1::call_once<JSC::processConfigFile(char const*, char const*, char const*)::$_1>(__flag=0x000000010220c5a0, __func=0x00007ffeefbff520)::$_1&&) at mutex:666:9 frame #10: 0x000000010163c95f JavaScriptCore`JSC::processConfigFile(configFilename="jsc.config", processName="jsc", parentProcessName=0x0000000000000000) at ConfigFile.cpp:530:5 frame #11: 0x0000000100005344 jsc`jscmain(argc=2, argv=0x00007ffeefbff690) at jsc.cpp:3002:5 frame #12: 0x00000001000052ee jsc`main(argc=2, argv=0x00007ffeefbff690) at jsc.cpp:2410:15 frame #13: 0x00007fff57fca0a5 libdyld.dylib`start + 1 It appears this i due to the implicit temporary CString getting destructed after the call to Cstring::data(), but before the call to Options::setOptions().
Created attachment 366521 [details] Patch
Comment on attachment 366521 [details] Patch r=me.
<rdar://problem/49529020>
Comment on attachment 366521 [details] Patch Clearing flags on attachment: 366521 Committed r243754: <https://trac.webkit.org/changeset/243754>
All reviewed patches have been landed. Closing bug.