RESOLVED FIXED 46553
REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch != invalidCharacterValue) running websocket/tests/bad-sub-protocol-non-ascii.html 
https://bugs.webkit.org/show_bug.cgi?id=46553
Summary REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch !=...
mitz
Reported 2010-09-24 22:42:41 PDT
run-webkit-tests websocket/tests/bad-sub-protocol-non-ascii.html ASSERTION FAILED: ch != invalidCharacterValue (./wtf/StringHashFunctions.h:50 void WTF::StringHasher::addCharacter(UChar)) Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001001368c7 WTF::StringHasher::addCharacter(unsigned short) + 59 (StringHashFunctions.h:50) 1 com.apple.JavaScriptCore 0x00000001001369a2 unsigned int WTF::StringHasher::createHash<unsigned short, &(WTF::StringHasher::defaultCoverter(unsigned short))>(unsigned short const*, unsigned int) + 142 (StringHashFunctions.h:104) 2 com.apple.JavaScriptCore 0x000000010014c0ab unsigned int WTF::StringHasher::createHash<unsigned short>(unsigned short const*, unsigned int) + 27 (StringHashFunctions.h:129) 3 com.apple.JavaScriptCore 0x00000001001369ce WTF::stringHash(unsigned short const*, unsigned int) + 27 (StringHashFunctions.h:167) 4 com.apple.JavaScriptCore 0x00000001001369eb WTF::StringImpl::computeHash(unsigned short const*, unsigned int) + 27 (StringImpl.h:236) 5 com.apple.JavaScriptCore 0x00000001001a6bf8 JSC::IdentifierUCharBufferTranslator::hash(JSC::UCharBuffer const&) + 31 (Identifier.cpp:153) 6 com.apple.JavaScriptCore 0x00000001001a6c0f WTF::HashSetTranslatorAdapter<WTF::StringImpl*, WTF::HashTraits<WTF::StringImpl*>, JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator>::hash(JSC::UCharBuffer const&) + 21 (HashSet.h:103) 7 com.apple.JavaScriptCore 0x00000001001a6c95 std::pair<std::pair<WTF::StringImpl**, bool>, unsigned int> WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >::fullLookupForWriting<JSC::UCharBuffer, WTF::HashSetTranslatorAdapter<WTF::StringImpl*, WTF::HashTraits<WTF::StringImpl*>, JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator> >(JSC::UCharBuffer const&) + 131 (HashTable.h:584) 8 com.apple.JavaScriptCore 0x00000001001a8aa0 std::pair<WTF::HashTableIterator<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >, bool> WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >::addPassingHashCode<JSC::UCharBuffer, JSC::UCharBuffer, WTF::HashSetTranslatorAdapter<WTF::StringImpl*, WTF::HashTraits<WTF::StringImpl*>, JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator> >(JSC::UCharBuffer const&, JSC::UCharBuffer const&) + 126 (HashTable.h:726) 9 com.apple.JavaScriptCore 0x00000001001a8cce std::pair<WTF::HashTableConstIteratorAdapter<WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >, WTF::StringImpl*>, bool> WTF::HashSet<WTF::StringImpl*, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*> >::add<JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator>(JSC::UCharBuffer const&) + 46 (HashSet.h:188) 10 com.apple.JavaScriptCore 0x00000001001a8d1c std::pair<WTF::HashTableConstIteratorAdapter<WTF::HashTable<WTF::StringImpl*, WTF::StringImpl*, WTF::IdentityExtractor<WTF::StringImpl*>, WTF::StringHash, WTF::HashTraits<WTF::StringImpl*>, WTF::HashTraits<WTF::StringImpl*> >, WTF::StringImpl*>, bool> JSC::IdentifierTable::add<JSC::UCharBuffer, JSC::IdentifierUCharBufferTranslator>(JSC::UCharBuffer) + 44 (Identifier.cpp:54) 11 com.apple.JavaScriptCore 0x00000001001a6325 JSC::Identifier::add(JSC::JSGlobalData*, unsigned short const*, int) + 197 (Identifier.cpp:228) 12 com.apple.JavaScriptCore 0x0000000100248417 JSC::Identifier::Identifier(JSC::JSGlobalData*, unsigned short const*, int) + 43 (Identifier.h:44) 13 com.apple.JavaScriptCore 0x000000010024845f JSC::IdentifierArena::makeIdentifier(JSC::JSGlobalData*, unsigned short const*, unsigned long) + 47 (ParserArena.h:52) 14 com.apple.JavaScriptCore 0x00000001002484b1 JSC::Lexer::makeIdentifier(unsigned short const*, unsigned long) + 49 (Lexer.cpp:326) 15 com.apple.JavaScriptCore 0x00000001002488c0 JSC::Lexer::parseString(JSC::JSTokenData*) + 1036 (Lexer.cpp:533) 16 com.apple.JavaScriptCore 0x0000000100247359 JSC::Lexer::lex(JSC::JSTokenData*, JSC::JSTokenInfo*, JSC::Lexer::LexType) + 2609 (Lexer.cpp:1009) 17 com.apple.JavaScriptCore 0x000000010022f2a8 JSC::JSParser::next(JSC::Lexer::LexType) + 116 (JSParser.cpp:93) 18 com.apple.JavaScriptCore 0x000000010023816c JSC::ASTBuilder::Arguments JSC::JSParser::parseArguments<JSC::ASTBuilder>(JSC::ASTBuilder&) + 194 (JSParser.cpp:1470) 19 com.apple.JavaScriptCore 0x0000000100238556 JSC::ASTBuilder::Expression JSC::JSParser::parseMemberExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 858 (JSParser.cpp:1522) 20 com.apple.JavaScriptCore 0x0000000100238824 JSC::ASTBuilder::Expression JSC::JSParser::parseUnaryExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 156 (JSParser.cpp:1565) 21 com.apple.JavaScriptCore 0x0000000100235f70 JSC::ASTBuilder::Expression JSC::JSParser::parseBinaryExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 74 (JSParser.cpp:1177) 22 com.apple.JavaScriptCore 0x000000010023625d JSC::ASTBuilder::Expression JSC::JSParser::parseConditionalExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 29 (JSParser.cpp:1143) 23 com.apple.JavaScriptCore 0x00000001002363af JSC::ASTBuilder::Expression JSC::JSParser::parseAssignmentExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 105 (JSParser.cpp:1093) 24 com.apple.JavaScriptCore 0x0000000100237848 JSC::ASTBuilder::Expression JSC::JSParser::parseExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) + 66 (JSParser.cpp:1068) 25 com.apple.JavaScriptCore 0x0000000100238047 JSC::ASTBuilder::Statement JSC::JSParser::parseExpressionStatement<JSC::ASTBuilder>(JSC::ASTBuilder&) + 41 (JSParser.cpp:984) 26 com.apple.JavaScriptCore 0x000000010023921b JSC::ASTBuilder::Statement JSC::JSParser::parseStatement<JSC::ASTBuilder>(JSC::ASTBuilder&) + 1145 (JSParser.cpp:874) 27 com.apple.JavaScriptCore 0x0000000100239250 JSC::ASTBuilder::SourceElements JSC::JSParser::parseSourceElements<JSC::ASTBuilder>(JSC::ASTBuilder&) + 42 (JSParser.cpp:361) 28 com.apple.JavaScriptCore 0x000000010021f57c JSC::JSParser::parseProgram() + 146 (JSParser.cpp:343) 29 com.apple.JavaScriptCore 0x000000010021f72c JSC::jsParse(JSC::JSGlobalData*, JSC::FunctionParameters*, JSC::SourceCode const*) + 106 (JSParser.cpp:313) 30 com.apple.JavaScriptCore 0x000000010026d1f7 JSC::Parser::parse(JSC::JSGlobalData*, JSC::FunctionParameters*, int*, JSC::UString*) + 181 (Parser.cpp:56) 31 com.apple.JavaScriptCore 0x000000010019d86e WTF::PassRefPtr<JSC::EvalNode> JSC::Parser::parse<JSC::EvalNode>(JSC::JSGlobalData*, JSC::JSGlobalObject*, JSC::Debugger*, JSC::ExecState*, JSC::SourceCode const&, JSC::FunctionParameters*, JSC::JSObject**) + 158 (Parser.h:89) 32 com.apple.JavaScriptCore 0x000000010019834c JSC::EvalExecutable::compileInternal(JSC::ExecState*, JSC::ScopeChainNode*) + 176 (Executable.cpp:99) 33 com.apple.JavaScriptCore 0x0000000100188173 JSC::EvalExecutable::compile(JSC::ExecState*, JSC::ScopeChainNode*) + 63 (Executable.h:206) 34 com.apple.JavaScriptCore 0x00000001001b0e1f JSC::EvalCodeCache::get(JSC::ExecState*, JSC::UString const&, JSC::ScopeChainNode*, JSC::JSValue&) + 361 (EvalCodeCache.h:55) 35 com.apple.JavaScriptCore 0x00000001001ac9a4 JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int, JSC::JSValue&) + 364 (Interpreter.cpp:376) 36 com.apple.JavaScriptCore 0x00000001001d30a7 cti_op_call_eval + 367 (JITStubs.cpp:3175) 37 com.apple.JavaScriptCore 0x00000001001d001b jscGeneratedNativeCode + 0 (JITStubs.cpp:1007) 38 com.apple.JavaScriptCore 0x00000001001afb96 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) + 76 (JITCode.h:77) 39 com.apple.JavaScriptCore 0x00000001001ac24d JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) + 995 (Interpreter.cpp:703) 40 com.apple.JavaScriptCore 0x000000010017bf65 JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) + 484 (Completion.cpp:63) 41 com.apple.WebCore 0x000000010155c31a WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) + 58 (JSMainThreadExecState.h:54) 42 com.apple.WebCore 0x00000001019155d8 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*, WebCore::ShouldAllowXSS) + 514 (ScriptController.cpp:151) 43 com.apple.WebCore 0x00000001019157e2 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ShouldAllowXSS) + 58 (ScriptController.cpp:178) 44 com.apple.WebCore 0x000000010191b0ac WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&, WebCore::ShouldAllowXSS) + 142 (ScriptControllerBase.cpp:62) 45 com.apple.WebCore 0x0000000101319101 WebCore::HTMLScriptRunner::executeScript(WebCore::ScriptSourceCode const&) const + 205 (HTMLScriptRunner.cpp:154) 46 com.apple.WebCore 0x00000001013194e7 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) + 283 (HTMLScriptRunner.cpp:142) 47 com.apple.WebCore 0x0000000101319867 WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 331 (HTMLScriptRunner.cpp:122) 48 com.apple.WebCore 0x00000001013198aa WebCore::HTMLScriptRunner::executeParsingBlockingScripts() + 56 (HTMLScriptRunner.cpp:197) 49 com.apple.WebCore 0x0000000101319b08 WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) + 300 (HTMLScriptRunner.cpp:212) 50 com.apple.WebCore 0x00000001012c029b WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 325 (HTMLDocumentParser.cpp:476) 51 com.apple.WebCore 0x0000000100f19ad2 WebCore::CachedScript::checkNotify() + 86 (CachedScript.cpp:99) 52 com.apple.WebCore 0x0000000100f19ba2 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 142 (CachedScript.cpp:91) 53 com.apple.WebCore 0x00000001016e9285 WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 461 (loader.cpp:409) 54 com.apple.WebCore 0x00000001019a58da WebCore::SubresourceLoader::didFinishLoading(double) + 164 (SubresourceLoader.cpp:183) 55 com.apple.WebCore 0x00000001018f6a6c WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 48 (ResourceLoader.cpp:447) 56 com.apple.WebCore 0x00000001018f1f0d -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 274 (ResourceHandleMac.mm:921) 57 com.apple.Foundation 0x00007fff885f6b6c _NSURLConnectionDidFinishLoading + 113 58 com.apple.CFNetwork 0x00007fff86faa05e URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 174 59 com.apple.CFNetwork 0x00007fff8700f3d2 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 254 60 com.apple.CFNetwork 0x00007fff8700f63e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 874 61 com.apple.CFNetwork 0x00007fff86f9678f URLConnectionClient::processEvents() + 121 62 com.apple.CFNetwork 0x00007fff86f9656c MultiplexerSource::perform() + 160 63 com.apple.CoreFoundation 0x00007fff80f74e91 __CFRunLoopDoSources0 + 1361 64 com.apple.CoreFoundation 0x00007fff80f73089 __CFRunLoopRun + 873 65 com.apple.CoreFoundation 0x00007fff80f7284f CFRunLoopRunSpecific + 575 66 com.apple.Foundation 0x00007fff885b0a18 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270 67 DumpRenderTree 0x0000000100011c15 runTest(std::string const&) + 1795 (DumpRenderTree.mm:1274) 68 DumpRenderTree 0x0000000100012102 runTestingServerLoop() + 145 (DumpRenderTree.mm:607) 69 DumpRenderTree 0x0000000100012517 dumpRenderTree(int, char const**) + 309 (DumpRenderTree.mm:663) 70 DumpRenderTree 0x0000000100012739 main + 97 (DumpRenderTree.mm:705) 71 DumpRenderTree 0x0000000100002294 start + 52
Attachments
Patch (2.85 KB, patch)
2010-09-25 01:19 PDT, Patrick R. Gansterer 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2010-09-24 22:45:33 PDT
StringHasher was added in r68289.
Patrick R. Gansterer
Comment 2 2010-09-25 01:19:02 PDT
Created attachment 68815 [details] Patch
Adam Barth
Comment 3 2010-09-26 21:21:57 PDT
Comment on attachment 68815 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=68815&action=review I see. We're just talking about FFFE. > JavaScriptCore/ChangeLog:7 > + REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch != invalidCharacterValue) > + running websocket/tests/bad-sub-protocol-non-ascii.html > + https://bugs.webkit.org/show_bug.cgi?id=46553 Thanks. This bug was troubling me. > JavaScriptCore/ChangeLog:9 > + Because we use StringHasher for binary data too, so the check for invalid unicode input is wrong. Why are we using StringHasher for binary data? String is supposed to represent a UTF16 string.
WebKit Commit Bot
Comment 4 2010-09-26 22:09:20 PDT
Comment on attachment 68815 [details] Patch Clearing flags on attachment: 68815 Committed r68368: <http://trac.webkit.org/changeset/68368>
WebKit Commit Bot
Comment 5 2010-09-26 22:09:25 PDT
All reviewed patches have been landed. Closing bug.
Patrick R. Gansterer
Comment 6 2010-09-27 00:10:16 PDT
(In reply to comment #3) > Why are we using StringHasher for binary data? I don't know! > String is supposed to represent a UTF16 string. That's why I used FFFE. IMHO using StringHasher for creating a hash of binary data is no problem (see bug 46514).
Note You need to log in before you can comment on or make changes to this bug.