WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
260830
html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes
https://bugs.webkit.org/show_bug.cgi?id=260830
Summary
html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broa...
Chris Dumez
Reported
2023-08-28 16:12:24 PDT
html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes: ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x138579b70 WTFCrash + 24 (Assertions.cpp:327) 1 WebCore 0x282c594d4 WTFCrashWithInfo(int, char const*, char const*, int) + 36 (Assertions.h:768) 2 WebCore 0x283262550 WebCore::CloneDeserializer::readTerminal() + 7572 (SerializedScriptValue.cpp:4633) 3 WebCore 0x28325fb0c WebCore::CloneDeserializer::deserialize() + 1188 (SerializedScriptValue.cpp:4871) 4 WebCore 0x283268cdc WebCore::CloneDeserializer::deserialize(JSC::JSGlobalObject*, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::optional<WebCore::ImageBitmapBacking>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedOffscreenCanvas, std::__1::default_delete<WebCore::DetachedOffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::OffscreenCanvas, WTF::RawPtrTraits<WebCore::OffscreenCanvas>, WTF::DefaultRefDerefTraits<WebCore::OffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedRTCDataChannel, std::__1::default_delete<WebCore::DetachedRTCDataChannel>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::Wasm::Module, WTF::RawPtrTraits<JSC::Wasm::Module>, WTF::DefaultRefDerefTraits<JSC::Wasm::Module>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::SharedArrayBufferContents, WTF::RawPtrTraits<JSC::SharedArrayBufferContents>, WTF::DefaultRefDerefTraits<JSC::SharedArrayBufferContents>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedVideoChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedVideoChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedVideoChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsVideoFrameData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedAudioChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedAudioChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedAudioChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsAudioInternalData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 512 (SerializedScriptValue.cpp:2714) 5 WebCore 0x283268a38 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 344 (SerializedScriptValue.cpp:5454) 6 WebCore 0x2832688b8 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 108 (SerializedScriptValue.cpp:5449) 7 WebCore 0x283befb9c WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 132 (MessageEvent.cpp:73) 8 WebCore 0x2839d0a78 WebCore::BroadcastChannel::dispatchMessage(WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&)::$_6::operator()() + 344 (BroadcastChannel.cpp:253) ```
Attachments
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2023-08-28 16:12:35 PDT
<
rdar://107879263
>
Chris Dumez
Comment 2
2023-08-28 16:17:19 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/17154
EWS
Comment 3
2023-08-29 18:31:54 PDT
Committed
267438@main
(37581529c158): <
https://commits.webkit.org/267438@main
> Reviewed commits have been landed. Closing PR #17154 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug