260830 – html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes

Bug 260830 - html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes

Summary: html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broa...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-08-28 16:12 PDT by Chris Dumez
Modified:	2023-08-29 18:31 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2023-08-28 16:12:24 PDT

html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/broadcastchannel-success.https.html crashes:
```
Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	       0x138579b70 WTFCrash + 24 (Assertions.cpp:327)
1   WebCore                       	       0x282c594d4 WTFCrashWithInfo(int, char const*, char const*, int) + 36 (Assertions.h:768)
2   WebCore                       	       0x283262550 WebCore::CloneDeserializer::readTerminal() + 7572 (SerializedScriptValue.cpp:4633)
3   WebCore                       	       0x28325fb0c WebCore::CloneDeserializer::deserialize() + 1188 (SerializedScriptValue.cpp:4871)
4   WebCore                       	       0x283268cdc WebCore::CloneDeserializer::deserialize(JSC::JSGlobalObject*, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::optional<WebCore::ImageBitmapBacking>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedOffscreenCanvas, std::__1::default_delete<WebCore::DetachedOffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::OffscreenCanvas, WTF::RawPtrTraits<WebCore::OffscreenCanvas>, WTF::DefaultRefDerefTraits<WebCore::OffscreenCanvas>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<std::__1::unique_ptr<WebCore::DetachedRTCDataChannel, std::__1::default_delete<WebCore::DetachedRTCDataChannel>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::Vector<JSC::ArrayBufferContents, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::Wasm::Module, WTF::RawPtrTraits<JSC::Wasm::Module>, WTF::DefaultRefDerefTraits<JSC::Wasm::Module>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<JSC::SharedArrayBufferContents, WTF::RawPtrTraits<JSC::SharedArrayBufferContents>, WTF::DefaultRefDerefTraits<JSC::SharedArrayBufferContents>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedVideoChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedVideoChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedVideoChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsVideoFrameData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WTF::RefPtr<WebCore::WebCodecsEncodedAudioChunkStorage, WTF::RawPtrTraits<WebCore::WebCodecsEncodedAudioChunkStorage>, WTF::DefaultRefDerefTraits<WebCore::WebCodecsEncodedAudioChunkStorage>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::WebCodecsAudioInternalData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 512 (SerializedScriptValue.cpp:2714)
5   WebCore                       	       0x283268a38 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 344 (SerializedScriptValue.cpp:5454)
6   WebCore                       	       0x2832688b8 WebCore::SerializedScriptValue::deserialize(JSC::JSGlobalObject&, JSC::JSGlobalObject*, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SerializationErrorMode, bool*) + 108 (SerializedScriptValue.cpp:5449)
7   WebCore                       	       0x283befb9c WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 132 (MessageEvent.cpp:73)
8   WebCore                       	       0x2839d0a78 WebCore::BroadcastChannel::dispatchMessage(WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>>&&)::$_6::operator()() + 344 (BroadcastChannel.cpp:253)
```

Comment 1 Chris Dumez 2023-08-28 16:12:35 PDT

<rdar://107879263>

Comment 2 Chris Dumez 2023-08-28 16:17:19 PDT

Pull request: https://github.com/WebKit/WebKit/pull/17154

Comment 3 EWS 2023-08-29 18:31:54 PDT

Committed 267438@main (37581529c158): <https://commits.webkit.org/267438@main>

Reviewed commits have been landed. Closing PR #17154 and removing active labels.