Bug 260830

Summary: html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Chris Dumez 2023-08-28 16:12:24 PDT 
html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes:
```
Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	       0x138579b70 WTFCrash + 24 (Assertions.cpp:327)
1   WebCore                       	       0x282c594d4 WTFCrashWithInfo(int, char const*, char const*, int) + 36 (Assertions.h:768)
2   WebCore                       	       0x283262550 WebCore::CloneDeserializer::readTerminal() + 7572 (SerializedScriptValue.cpp:4633)
3   WebCore                       	       0x28325fb0c WebCore::CloneDeserializer::deserialize() + 1188 (SerializedScriptValue.cpp:4871)
4   WebCore                       	       0x283268cdc WebCore::CloneDeserializer::deserialize(JSC::JSGlobalObject*, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::optional<WebCore::ImageBitmapBacking>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedOffscreenCanvas, std::__1::default_delete<WebCore::DetachedOffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::OffscreenCanvas, WTF::RawPtrTraits<WebCore::OffscreenCanvas>, WTF::DefaultRefDerefTraits<WebCore::OffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedRTCDataChannel, std::__1::default_delete<WebCore::DetachedRTCDataChannel>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::Wasm::Module, WTF::RawPtrTraits<JSC::Wasm::Module>, WTF::DefaultRefDerefTraits<JSC::Wasm::Module>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::SharedArrayBufferContents, WTF::RawPtrTraits<JSC::SharedArrayBufferContents>, WTF::DefaultRefDerefTraits<JSC::SharedArrayBufferContents>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedVideoChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedVideoChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedVideoChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsVideoFrameData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedAudioChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedAudioChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedAudioChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsAudioInternalData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 512 (SerializedScriptValue.cpp:2714)
5   WebCore                       	       0x283268a38 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 344 (SerializedScriptValue.cpp:5454)
6   WebCore                       	       0x2832688b8 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 108 (SerializedScriptValue.cpp:5449)
7   WebCore                       	       0x283befb9c WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 132 (MessageEvent.cpp:73)
8   WebCore                       	       0x2839d0a78 WebCore::BroadcastChannel::dispatchMessage(WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&)::$_6::operator()() + 344 (BroadcastChannel.cpp:253)
```
Comment 1 Chris Dumez 2023-08-28 16:12:35 PDT 
<rdar://107879263>
Comment 2 Chris Dumez 2023-08-28 16:17:19 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/17154
Comment 3 EWS 2023-08-29 18:31:54 PDT 
Committed 267438@main (37581529c158): <https://commits.webkit.org/267438@main>

Reviewed commits have been landed. Closing PR #17154 and removing active labels.