286125 – [Win] "array subscript out of range" error in std::array<unsigned char,3>::operator[] in WTF::SignalHandlers::forEachHandler

RESOLVED FIXED286125

[Win] "array subscript out of range" error in std::array<unsigned char,3>::operator[] in WTF::SignalHandlers::forEachHandler

https://bugs.webkit.org/show_bug.cgi?id=286125

Summary [Win] "array subscript out of range" error in std::array<unsigned char,3>::op...

Fujii Hironori

Reported 2025-01-16 23:22:26 PST

While testing debug build of <https://github.com/WebKit/WebKit/pull/36366#issuecomment-2597475092>, I'm observing "array subscript out of range" in std::array<unsigned char,3>::operator[]. 10 Id: 437c.6608 Suspend: 1 Teb: 000000a4`283a0000 Unfrozen # Child-SP RetAddr Call Site 00 000000a4`2dbfe990 00007ffb`208381d4 ucrtbased!_invoke_watson(wchar_t * expression = 0x00007ffb`0cb067ce ""array subscript out of range"", wchar_t * function_name = 0x00007ffb`0cb06060 "", wchar_t * file_name = 0x00007ffb`0cb06708 "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\array", unsigned int line_number = 0x21e, unsigned int64 reserved = 0)+0x2c [minkernel\crts\ucrt\src\appcrt\misc\invalid_parameter.cpp @ 237] 01 000000a4`2dbfe9c0 00007ffb`20838070 ucrtbased!_invalid_parameter_internal(wchar_t * expression = 0x00007ffb`0cb067ce ""array subscript out of range"", wchar_t * function_name = 0x00007ffb`0cb06060 "", wchar_t * file_name = 0x00007ffb`0cb06708 "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\array", unsigned int line_number = 0x21e, unsigned int64 reserved = 0, class __crt_cached_ptd_host * ptd = 0x000000a4`2dbfea60)+0x144 [minkernel\crts\ucrt\src\appcrt\misc\invalid_parameter.cpp @ 114] 02 000000a4`2dbfea30 00007ffb`0cac5465 ucrtbased!_invalid_parameter(wchar_t * expression = 0x00007ffb`0cb067ce ""array subscript out of range"", wchar_t * function_name = 0x00007ffb`0cb06060 "", wchar_t * file_name = 0x00007ffb`0cb06708 "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\array", unsigned int line_number = 0x21e, unsigned int64 reserved = 0)+0x60 [minkernel\crts\ucrt\src\appcrt\misc\invalid_parameter.cpp @ 125] 03 000000a4`2dbfeab0 00007ffb`0cac4ba3 JavaScriptCore!std::array<unsigned char,3>::operator[](unsigned int64 _Pos = 3)+0x95 [C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\array @ 542] 04 000000a4`2dbfeb00 00007ffb`0cac4b32 JavaScriptCore!WTF::SignalHandlers::forEachHandler<`lambda at C:\webkit\wa\Source\WTF\wtf\win\SignalsWin.cpp:109:37'>(WTF::Signal signal = NumberOfSignals (0n3), class WTF::vectoredHandler::<lambda_0> * func = 0x000000a4`2dbfebb8)+0x43 [C:\webkit\wa\Source\WTF\wtf\win\SignalsWin.cpp @ 66] 05 000000a4`2dbfeb70 00007ffb`fcf680ba JavaScriptCore!WTF::vectoredHandler(struct _EXCEPTION_POINTERS * exceptionInfo = 0x000000a4`2dbfec40)+0xb2 [C:\webkit\wa\Source\WTF\wtf\win\SignalsWin.cpp @ 119] 06 000000a4`2dbfec00 00007ffb`fcf0e662 ntdll!RtlpCallVectoredHandlers+0x112 07 000000a4`2dbfeca0 00007ffb`fcf44955 ntdll!RtlDispatchException+0x62 08 000000a4`2dbfeef0 00007ffb`fa75fb4c ntdll!RtlRaiseException+0x195 09 000000a4`2dbff6d0 00007ffb`0cac579f KERNELBASE!RaiseException+0x6c 0a 000000a4`2dbff7b0 00007ffb`0c9ed8db JavaScriptCore!WTF::糸::initializeCurrentThreadInternal(char * szThreadName = 0x00007ffb`1a944b30 "DrawingAreaWC CommitQueue")+0x4f [C:\webkit\wa\Source\WTF\wtf\win\ThreadingWin.cpp @ 134] 0b 000000a4`2dbff810 00007ffb`0cac5993 JavaScriptCore!WTF::Thread::entryPoint(struct WTF::Thread::NewThreadContext * newThreadContext = 0x000001be`b9fab1b0)+0xdb [C:\webkit\wa\Source\WTF\wtf\Threading.cpp @ 253] 0c 000000a4`2dbff860 00007ffb`20843010 JavaScriptCore!WTF::wtfThreadEntryPoint(void * data = 0x000001be`b9fab1b0)+0x13 [C:\webkit\wa\Source\WTF\wtf\win\ThreadingWin.cpp @ 147] 0d 000000a4`2dbff890 00007ffb`fc96259d ucrtbased!thread_start<unsigned int (void * parameter = 0x000001be`baa73960)+0xb0 [minkernel\crts\ucrt\src\appcrt\startup\thread.cpp @ 97] 0e 000000a4`2dbff8f0 00007ffb`fcf4af38 KERNEL32!BaseThreadInitThunk+0x1d 0f 000000a4`2dbff920 00000000`00000000 ntdll!RtlUserThreadStart+0x28

Attachments
Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2025-01-16 23:27:34 PST

Pull request: https://github.com/WebKit/WebKit/pull/39181

EWS

Comment 2 2025-01-17 15:04:49 PST

Committed 289087@main (f0a0151f500b): <https://commits.webkit.org/289087@main> Reviewed commits have been landed. Closing PR #39181 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2025-01-17 15:05:27 PST

<rdar://problem/143155473>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Fujii Hironori

Reported

2025-01-16 23:22 PST

Modified

2025-01-17 15:05 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks