46553 – REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch != invalidCharacterValue) running websocket/tests/bad-sub-protocol-non-ascii.html

Bug 46553 - REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch != invalidCharacterValue) running websocket/tests/bad-sub-protocol-non-ascii.html

Summary: REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch !=...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P1 Normal
Assignee:	Patrick R. Gansterer

URL:
Keywords:	LayoutTestFailure, Regression

Depends on:
Blocks:

Reported:	2010-09-24 22:42 PDT by mitz
Modified:	2010-09-27 00:10 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Patch (2.85 KB, patch) 2010-09-25 01:19 PDT, Patrick R. Gansterer	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2010-09-24 22:42:41 PDT

run-webkit-tests websocket/tests/bad-sub-protocol-non-ascii.html

ASSERTION FAILED: ch != invalidCharacterValue
(./wtf/StringHashFunctions.h:50 void WTF::StringHasher::addCharacter(UChar))

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x00000001001368c7 WTF::StringHasher::addCharacter(unsigned short) + 59 (StringHashFunctions.h:50)
1   com.apple.JavaScriptCore      	0x00000001001369a2 unsigned int WTF::StringHasher::createHash<unsigned short, &(WTF::StringHasher::defaultCoverter(unsigned short))>(unsigned short const*, unsigned int) + 142 (StringHashFunctions.h:104)
2   com.apple.JavaScriptCore      	0x000000010014c0ab unsigned int WTF::StringHasher::createHash<unsigned short>(unsigned short const*, unsigned int) + 27 (StringHashFunctions.h:129)
3   com.apple.JavaScriptCore      	0x00000001001369ce WTF::stringHash(unsigned short const*, unsigned int) + 27 (StringHashFunctions.h:167)
4   com.apple.JavaScriptCore      	0x00000001001369eb WTF::StringImpl::computeHash(unsigned short const*, unsigned int) + 27 (StringImpl.h:236)
5   com.apple.JavaScriptCore      	0x00000001001a6bf8 JSC::IdentifierUCharBufferTranslator::hash(JSC::UCharBuffer const&) + 31 (Identifier.cpp:153)
6   com.apple.JavaScriptCore      	0x00000001001a6c0f WTF::HashSetTranslatorAdapter<WTF::StringImpl*, WTF::HashTraits<WTF::StringImpl*>, JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator>::hash(JSC::UCharBuffer const&) + 21 (HashSet.h:103)
7   com.apple.JavaScriptCore      	0x00000001001a6c95 std::pair<std::pair<WTF::StringImpl**, bool>, unsigned int> WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >::fullLookupForWriting<JSC::UCharBuffer, WTF::HashSetTranslatorAdapter<WTF::StringImpl*, WTF::HashTraits<WTF::StringImpl*>, JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator> >(JSC::UCharBuffer const&) + 131 (HashTable.h:584)
8   com.apple.JavaScriptCore      	0x00000001001a8aa0 std::pair<WTF::HashTableIterator<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >, bool> WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >::addPassingHashCode<JSC::UCharBuffer, JSC::UCharBuffer, WTF::HashSetTranslatorAdapter<WTF::StringImpl*, WTF::HashTraits<WTF::StringImpl*>, JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator> >(JSC::UCharBuffer const&, JSC::UCharBuffer const&) + 126 (HashTable.h:726)
9   com.apple.JavaScriptCore      	0x00000001001a8cce std::pair<WTF::HashTableConstIteratorAdapter<WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >, WTF::StringImpl*>, bool> WTF::HashSet<WTF::StringImpl*, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*> >::add<JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator>(JSC::UCharBuffer const&) + 46 (HashSet.h:188)
10  com.apple.JavaScriptCore      	0x00000001001a8d1c std::pair<WTF::HashTableConstIteratorAdapter<WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >, WTF::StringImpl*>, bool> JSC::IdentifierTable::add<JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator>(JSC::UCharBuffer) + 44 (Identifier.cpp:54)
11  com.apple.JavaScriptCore      	0x00000001001a6325 JSC::Identifier::add(JSC::JSGlobalData*, unsigned short const*, int) + 197 (Identifier.cpp:228)
12  com.apple.JavaScriptCore      	0x0000000100248417 JSC::Identifier::Identifier(JSC::JSGlobalData*, unsigned short const*, int) + 43 (Identifier.h:44)
13  com.apple.JavaScriptCore      	0x000000010024845f JSC::IdentifierArena::makeIdentifier(JSC::JSGlobalData*, unsigned short const*, unsigned long) + 47 (ParserArena.h:52)
14  com.apple.JavaScriptCore      	0x00000001002484b1 JSC::Lexer::makeIdentifier(unsigned short const*, unsigned long) + 49 (Lexer.cpp:326)
15  com.apple.JavaScriptCore      	0x00000001002488c0 JSC::Lexer::parseString(JSC::JSTokenData*) + 1036 (Lexer.cpp:533)
16  com.apple.JavaScriptCore      	0x0000000100247359 JSC::Lexer::lex(JSC::JSTokenData*, JSC::JSTokenInfo*, JSC::Lexer::LexType) + 2609 (Lexer.cpp:1009)
17  com.apple.JavaScriptCore      	0x000000010022f2a8 JSC::JSParser::next(JSC::Lexer::LexType) + 116 (JSParser.cpp:93)
18  com.apple.JavaScriptCore      	0x000000010023816c JSC::ASTBuilder::Arguments JSC::JSParser::parseArguments<JSC::ASTBuilder>(JSC::ASTBuilder&) + 194 (JSParser.cpp:1470)
19  com.apple.JavaScriptCore      	0x0000000100238556 JSC::ASTBuilder::Expression JSC::JSParser::parseMemberExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 858 (JSParser.cpp:1522)
20  com.apple.JavaScriptCore      	0x0000000100238824 JSC::ASTBuilder::Expression JSC::JSParser::parseUnaryExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 156 (JSParser.cpp:1565)
21  com.apple.JavaScriptCore      	0x0000000100235f70 JSC::ASTBuilder::Expression JSC::JSParser::parseBinaryExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 74 (JSParser.cpp:1177)
22  com.apple.JavaScriptCore      	0x000000010023625d JSC::ASTBuilder::Expression JSC::JSParser::parseConditionalExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 29 (JSParser.cpp:1143)
23  com.apple.JavaScriptCore      	0x00000001002363af JSC::ASTBuilder::Expression JSC::JSParser::parseAssignmentExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 105 (JSParser.cpp:1093)
24  com.apple.JavaScriptCore      	0x0000000100237848 JSC::ASTBuilder::Expression JSC::JSParser::parseExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 66 (JSParser.cpp:1068)
25  com.apple.JavaScriptCore      	0x0000000100238047 JSC::ASTBuilder::Statement JSC::JSParser::parseExpressionStatement<JSC::ASTBuilder>(JSC::ASTBuilder&) + 41 (JSParser.cpp:984)
26  com.apple.JavaScriptCore      	0x000000010023921b JSC::ASTBuilder::Statement JSC::JSParser::parseStatement<JSC::ASTBuilder>(JSC::ASTBuilder&) + 1145 (JSParser.cpp:874)
27  com.apple.JavaScriptCore      	0x0000000100239250 JSC::ASTBuilder::SourceElements JSC::JSParser::parseSourceElements<JSC::ASTBuilder>(JSC::ASTBuilder&) + 42 (JSParser.cpp:361)
28  com.apple.JavaScriptCore      	0x000000010021f57c JSC::JSParser::parseProgram() + 146 (JSParser.cpp:343)
29  com.apple.JavaScriptCore      	0x000000010021f72c JSC::jsParse(JSC::JSGlobalData*, JSC::FunctionParameters*, JSC::SourceCode const*) + 106 (JSParser.cpp:313)
30  com.apple.JavaScriptCore      	0x000000010026d1f7 JSC::Parser::parse(JSC::JSGlobalData*, JSC::FunctionParameters*, int*, JSC::UString*) + 181 (Parser.cpp:56)
31  com.apple.JavaScriptCore      	0x000000010019d86e WTF::PassRefPtr<JSC::EvalNode> JSC::Parser::parse<JSC::EvalNode>(JSC::JSGlobalData*, JSC::JSGlobalObject*, JSC::Debugger*, JSC::ExecState*, JSC::SourceCode const&, JSC::FunctionParameters*, JSC::JSObject**) + 158 (Parser.h:89)
32  com.apple.JavaScriptCore      	0x000000010019834c JSC::EvalExecutable::compileInternal(JSC::ExecState*, JSC::ScopeChainNode*) + 176 (Executable.cpp:99)
33  com.apple.JavaScriptCore      	0x0000000100188173 JSC::EvalExecutable::compile(JSC::ExecState*, JSC::ScopeChainNode*) + 63 (Executable.h:206)
34  com.apple.JavaScriptCore      	0x00000001001b0e1f JSC::EvalCodeCache::get(JSC::ExecState*, JSC::UString const&, JSC::ScopeChainNode*, JSC::JSValue&) + 361 (EvalCodeCache.h:55)
35  com.apple.JavaScriptCore      	0x00000001001ac9a4 JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int, JSC::JSValue&) + 364 (Interpreter.cpp:376)
36  com.apple.JavaScriptCore      	0x00000001001d30a7 cti_op_call_eval + 367 (JITStubs.cpp:3175)
37  com.apple.JavaScriptCore      	0x00000001001d001b jscGeneratedNativeCode + 0 (JITStubs.cpp:1007)
38  com.apple.JavaScriptCore      	0x00000001001afb96 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) + 76 (JITCode.h:77)
39  com.apple.JavaScriptCore      	0x00000001001ac24d JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) + 995 (Interpreter.cpp:703)
40  com.apple.JavaScriptCore      	0x000000010017bf65 JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) + 484 (Completion.cpp:63)
41  com.apple.WebCore             	0x000000010155c31a WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) + 58 (JSMainThreadExecState.h:54)
42  com.apple.WebCore             	0x00000001019155d8 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*, WebCore::ShouldAllowXSS) + 514 (ScriptController.cpp:151)
43  com.apple.WebCore             	0x00000001019157e2 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ShouldAllowXSS) + 58 (ScriptController.cpp:178)
44  com.apple.WebCore             	0x000000010191b0ac WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&, WebCore::ShouldAllowXSS) + 142 (ScriptControllerBase.cpp:62)
45  com.apple.WebCore             	0x0000000101319101 WebCore::HTMLScriptRunner::executeScript(WebCore::ScriptSourceCode const&) const + 205 (HTMLScriptRunner.cpp:154)
46  com.apple.WebCore             	0x00000001013194e7 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) + 283 (HTMLScriptRunner.cpp:142)
47  com.apple.WebCore             	0x0000000101319867 WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 331 (HTMLScriptRunner.cpp:122)
48  com.apple.WebCore             	0x00000001013198aa WebCore::HTMLScriptRunner::executeParsingBlockingScripts() + 56 (HTMLScriptRunner.cpp:197)
49  com.apple.WebCore             	0x0000000101319b08 WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) + 300 (HTMLScriptRunner.cpp:212)
50  com.apple.WebCore             	0x00000001012c029b WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 325 (HTMLDocumentParser.cpp:476)
51  com.apple.WebCore             	0x0000000100f19ad2 WebCore::CachedScript::checkNotify() + 86 (CachedScript.cpp:99)
52  com.apple.WebCore             	0x0000000100f19ba2 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 142 (CachedScript.cpp:91)
53  com.apple.WebCore             	0x00000001016e9285 WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 461 (loader.cpp:409)
54  com.apple.WebCore             	0x00000001019a58da WebCore::SubresourceLoader::didFinishLoading(double) + 164 (SubresourceLoader.cpp:183)
55  com.apple.WebCore             	0x00000001018f6a6c WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 48 (ResourceLoader.cpp:447)
56  com.apple.WebCore             	0x00000001018f1f0d -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 274 (ResourceHandleMac.mm:921)
57  com.apple.Foundation          	0x00007fff885f6b6c _NSURLConnectionDidFinishLoading + 113
58  com.apple.CFNetwork           	0x00007fff86faa05e URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 174
59  com.apple.CFNetwork           	0x00007fff8700f3d2 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 254
60  com.apple.CFNetwork           	0x00007fff8700f63e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 874
61  com.apple.CFNetwork           	0x00007fff86f9678f URLConnectionClient::processEvents() + 121
62  com.apple.CFNetwork           	0x00007fff86f9656c MultiplexerSource::perform() + 160
63  com.apple.CoreFoundation      	0x00007fff80f74e91 __CFRunLoopDoSources0 + 1361
64  com.apple.CoreFoundation      	0x00007fff80f73089 __CFRunLoopRun + 873
65  com.apple.CoreFoundation      	0x00007fff80f7284f CFRunLoopRunSpecific + 575
66  com.apple.Foundation          	0x00007fff885b0a18 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270
67  DumpRenderTree                	0x0000000100011c15 runTest(std::string const&) + 1795 (DumpRenderTree.mm:1274)
68  DumpRenderTree                	0x0000000100012102 runTestingServerLoop() + 145 (DumpRenderTree.mm:607)
69  DumpRenderTree                	0x0000000100012517 dumpRenderTree(int, char const**) + 309 (DumpRenderTree.mm:663)
70  DumpRenderTree                	0x0000000100012739 main + 97 (DumpRenderTree.mm:705)
71  DumpRenderTree                	0x0000000100002294 start + 52

Comment 1 mitz 2010-09-24 22:45:33 PDT

StringHasher was added in r68289.

Comment 2 Patrick R. Gansterer 2010-09-25 01:19:02 PDT

Created attachment 68815 [details]
Patch

Comment 3 Adam Barth 2010-09-26 21:21:57 PDT

Comment on attachment 68815 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=68815&action=review

I see.  We're just talking about FFFE.

> JavaScriptCore/ChangeLog:7
> +        REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch != invalidCharacterValue)
> +        running websocket/tests/bad-sub-protocol-non-ascii.html
> +        https://bugs.webkit.org/show_bug.cgi?id=46553

Thanks.  This bug was troubling me.

> JavaScriptCore/ChangeLog:9
> +        Because we use StringHasher for binary data too, so the check for invalid unicode input is wrong.

Why are we using StringHasher for binary data?  String is supposed to represent a UTF16 string.

Comment 4 WebKit Commit Bot 2010-09-26 22:09:20 PDT

Comment on attachment 68815 [details]
Patch

Clearing flags on attachment: 68815

Committed r68368: <http://trac.webkit.org/changeset/68368>

Comment 5 WebKit Commit Bot 2010-09-26 22:09:25 PDT

All reviewed patches have been landed.  Closing bug.

Comment 6 Patrick R. Gansterer 2010-09-27 00:10:16 PDT

(In reply to comment #3)
> Why are we using StringHasher for binary data?
I don't know!

> String is supposed to represent a UTF16 string.
That's why I used FFFE.

IMHO using StringHasher for creating a hash of binary data is no problem (see bug 46514).