WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
215835
REGRESSION (
r264661
): Crashes in WebCore::wrap<WebCore::Blob> in CloneDeserializer
https://bugs.webkit.org/show_bug.cgi?id=215835
Summary
REGRESSION (r264661): Crashes in WebCore::wrap<WebCore::Blob> in CloneDeseria...
xiao_chengyi
Reported
2020-08-25 20:29:07 PDT
Created
attachment 407268
[details]
The property inspector of XCode when the crash happens. commit in 7/22 in SerializedScriptValue.cpp result in crash. !m_isDOMGlobalObject and m_isJSIDBSerializationGlobalObject are not equal. Cause a crash in a type checking. Build Date & Hardware: Build 2020-08-25 on Mac OS 10.15.4 run and debug in iOS 14 beta 5 simulator.
Attachments
The property inspector of XCode when the crash happens.
(94.41 KB, application/zip)
2020-08-25 20:29 PDT
,
xiao_chengyi
no flags
Details
crashreport
(2.53 KB, text/plain)
2020-08-26 20:53 PDT
,
xiao_chengyi
no flags
Details
symbolicated crash report
(5.21 KB, text/plain)
2020-08-31 05:53 PDT
,
xiao_chengyi
no flags
Details
Patch
(5.60 KB, patch)
2020-09-01 10:31 PDT
,
Sihui Liu
no flags
Details
Formatted Diff
Diff
Patch
(6.97 KB, patch)
2020-09-01 17:52 PDT
,
Sihui Liu
no flags
Details
Formatted Diff
Diff
Patch for landing
(6.93 KB, patch)
2020-09-02 09:30 PDT
,
Sihui Liu
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2020-08-26 11:27:11 PDT
The closest change to this file
r264661
, although that was 7/21 in California. Is this what you are blaming? Could you please attach a complete crash log, and/or steps to reproduce?
xiao_chengyi
Comment 2
2020-08-26 20:53:15 PDT
Created
attachment 407373
[details]
crashreport
xiao_chengyi
Comment 3
2020-08-26 20:53:49 PDT
(In reply to Alexey Proskuryakov from
comment #1
)
> The closest change to this file
r264661
, although that was 7/21 in > California. Is this what you are blaming? > > Could you please attach a complete crash log, and/or steps to reproduce?
Yes,
r264661
is the change I'm talking about. Sorry, but I can only provide part of the crash log.See crashreport in Attachments.
Alexey Proskuryakov
Comment 4
2020-08-26 21:25:42 PDT
Thank you for the confirmation. We cannot symbolicate a partial crash report, and this may not be actionable without a symbolicated trace, or better, a repro case. Keeping open in case Sihui has an idea.
xiao_chengyi
Comment 5
2020-08-31 05:53:00 PDT
Created
attachment 407597
[details]
symbolicated crash report
xiao_chengyi
Comment 6
2020-08-31 05:57:35 PDT
(In reply to Alexey Proskuryakov from
comment #4
)
> Thank you for the confirmation. > > We cannot symbolicate a partial crash report, and this may not be actionable > without a symbolicated trace, or better, a repro case. > > Keeping open in case Sihui has an idea.
Hi, we managed to get symbolicated crash report. Would you please take a look at it ? thanks. :-)
Alexey Proskuryakov
Comment 7
2020-08-31 09:27:06 PDT
Thank you! I think that this may be enough info for an investigation. Any details tat could help prioritization would also be appreciated (such as user impact qualification).
Alexey Proskuryakov
Comment 8
2020-08-31 10:36:22 PDT
rdar://problem/68084639
Sihui Liu
Comment 9
2020-09-01 10:31:36 PDT
Created
attachment 407695
[details]
Patch
Alexey Proskuryakov
Comment 10
2020-09-01 10:41:59 PDT
Comment on
attachment 407695
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=407695&action=review
> Source/WebCore/ChangeLog:3 > + REGRESSION (
r264661
): Crashes in WebCore::wrap<WebCore::Blob> in CloneDeserializer
Can a regression test be added for this?
Sihui Liu
Comment 11
2020-09-01 17:52:48 PDT
Created
attachment 407721
[details]
Patch
Sihui Liu
Comment 12
2020-09-01 17:53:38 PDT
(In reply to Alexey Proskuryakov from
comment #10
)
> Comment on
attachment 407695
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=407695&action=review
> > > Source/WebCore/ChangeLog:3 > > + REGRESSION (
r264661
): Crashes in WebCore::wrap<WebCore::Blob> in CloneDeserializer > > Can a regression test be added for this?
Test added.
youenn fablet
Comment 13
2020-09-02 02:38:21 PDT
Comment on
attachment 407721
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=407721&action=review
> Source/WebCore/bindings/js/SerializedScriptValue.cpp:2042 > + , m_isValidDOMGlobalObject(m_isDOMGlobalObject && !globalObject->inherits<JSIDBSerializationGlobalObject>(globalObject->vm()))
I would rename it to something like m_canCreateDOMObject.
Sihui Liu
Comment 14
2020-09-02 09:30:17 PDT
Created
attachment 407772
[details]
Patch for landing
EWS
Comment 15
2020-09-02 10:04:39 PDT
Committed
r266470
: <
https://trac.webkit.org/changeset/266470
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 407772
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug