WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
217448
Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor()
https://bugs.webkit.org/show_bug.cgi?id=217448
Summary
Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConst...
Chris Dumez
Reported
2020-10-07 14:30:07 PDT
Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor(): ==30091==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500062f010 at pc 0x000605bbbe6b bp 0x7000053f07a0 sp 0x7000053f0798 READ of size 8 at 0x62500062f010 thread T81 ==30091==WARNING: invalid path to external symbolizer! ==30091==WARNING: Failed to use and restart external symbolizer! #0 0x605bbbe6a in JSC::HandleBlock::handleSet() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x598e6a) #1 0x605bd9173 in JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>::clear() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x5b6173) #2 0x605bbbe81 in WebCore::JSCallbackDataStrong::~JSCallbackDataStrong() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x598e81) #3 0x605b99659 in WebCore::JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x576659) #4 0x605b997dd in WebCore::JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x5767dd) #5 0x605c29bc4 in WTF::RefCounted<WebCore::AudioWorkletProcessorConstructor, std::__1::default_delete<WebCore::AudioWorkletProcessorConstructor> >::deref() const (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x606bc4) #6 0x607e3bcf8 in WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > >::~KeyValuePair() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2818cf8) #7 0x607e3bb9c in WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > > >, WTF::DefaultHash<WTF::String>, WTF::HashMap<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> >, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::deallocateTable(WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > >*) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2818b9c) #8 0x607e37779 in WebCore::AudioWorkletGlobalScope::~AudioWorkletGlobalScope() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2814779) #9 0x607e3781d in WebCore::AudioWorkletGlobalScope::~AudioWorkletGlobalScope() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x281481d) #10 0x605c2a194 in WTF::RefCounted<WebCore::WorkletGlobalScope, std::__1::default_delete<WebCore::WorkletGlobalScope> >::deref() const (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x607194) #11 0x607e5c406 in WTF::RefPtr<WebCore::AudioWorkletGlobalScope, WTF::DumbPtrTraits<WebCore::AudioWorkletGlobalScope>, WTF::DefaultRefDerefTraits<WebCore::AudioWorkletGlobalScope> >::operator=(std::nullptr_t) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2839406) #12 0x607e5bd20 in WebCore::AudioWorkletThread::workletThread() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2838d20) #13 0x623496803 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x116803) #14 0x6234a1bd8 in WTF::wtfThreadEntryPoint(void*) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x121bd8) #15 0x7fff69705108 in _pthread_start (/usr/lib/system/libsystem_pthread.dylib:x86_64+0x6108) #16 0x7fff69700b8a in thread_start (/usr/lib/system/libsystem_pthread.dylib:x86_64+0x1b8a)
Attachments
Patch
(1.80 KB, patch)
2020-10-07 14:32 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2020-10-07 14:30:20 PDT
<
rdar://problem/70059902
>
Chris Dumez
Comment 2
2020-10-07 14:32:47 PDT
Created
attachment 410779
[details]
Patch
Geoffrey Garen
Comment 3
2020-10-07 14:46:38 PDT
Comment on
attachment 410779
[details]
Patch r=me
EWS
Comment 4
2020-10-07 15:44:14 PDT
Committed
r268159
: <
https://trac.webkit.org/changeset/268159
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 410779
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug