Bug 260830
| Summary: | html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | WebCore Misc. | Assignee: | Chris Dumez <cdumez> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Chris Dumez
html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes:
```
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 JavaScriptCore 0x138579b70 WTFCrash + 24 (Assertions.cpp:327)
1 WebCore 0x282c594d4 WTFCrashWithInfo(int, char const*, char const*, int) + 36 (Assertions.h:768)
2 WebCore 0x283262550 WebCore::CloneDeserializer::readTerminal() + 7572 (SerializedScriptValue.cpp:4633)
3 WebCore 0x28325fb0c WebCore::CloneDeserializer::deserialize() + 1188 (SerializedScriptValue.cpp:4871)
4 WebCore 0x283268cdc WebCore::CloneDeserializer::deserialize(JSC::JSGlobalObject*, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::optional<WebCore::ImageBitmapBacking>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedOffscreenCanvas, std::__1::default_delete<WebCore::DetachedOffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::OffscreenCanvas, WTF::RawPtrTraits<WebCore::OffscreenCanvas>, WTF::DefaultRefDerefTraits<WebCore::OffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedRTCDataChannel, std::__1::default_delete<WebCore::DetachedRTCDataChannel>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::Wasm::Module, WTF::RawPtrTraits<JSC::Wasm::Module>, WTF::DefaultRefDerefTraits<JSC::Wasm::Module>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::SharedArrayBufferContents, WTF::RawPtrTraits<JSC::SharedArrayBufferContents>, WTF::DefaultRefDerefTraits<JSC::SharedArrayBufferContents>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedVideoChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedVideoChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedVideoChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsVideoFrameData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedAudioChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedAudioChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedAudioChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsAudioInternalData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 512 (SerializedScriptValue.cpp:2714)
5 WebCore 0x283268a38 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 344 (SerializedScriptValue.cpp:5454)
6 WebCore 0x2832688b8 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 108 (SerializedScriptValue.cpp:5449)
7 WebCore 0x283befb9c WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 132 (MessageEvent.cpp:73)
8 WebCore 0x2839d0a78 WebCore::BroadcastChannel::dispatchMessage(WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&)::$_6::operator()() + 344 (BroadcastChannel.cpp:253)
```
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Chris Dumez
<rdar://107879263>
Chris Dumez
Pull request: https://github.com/WebKit/WebKit/pull/17154
EWS
Committed 267438@main (37581529c158): <https://commits.webkit.org/267438@main>
Reviewed commits have been landed. Closing PR #17154 and removing active labels.