Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

JS crash #11447

Closed
maybeshewill opened this issue Jul 1, 2013 · 3 comments
Closed

JS crash #11447

maybeshewill opened this issue Jul 1, 2013 · 3 comments

Comments

@maybeshewill
Copy link

PhantomJS binary always crashes on some sites. Looks like JSCore problem.

Example command:

../bin/phantomjs rasterize.js http://nohasslecontractorinsurance.com/ test.png

Here is the backtrace:

(gdb) i th
  Id   Target Id         Frame 
  4    Thread 0x7fffaf3a9700 (LWP 28256) "QThread" 0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
  3    Thread 0x7ffff4c75700 (LWP 28255) "QThread" 0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
  2    Thread 0x7ffff547e700 (LWP 28254) "phantomjs" 0x00007ffff67cd84d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
  1    Thread 0x7ffff7fcf740 (LWP 28251) "phantomjs" 0x0000000000e11d62 in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
(gdb) t 1
[Switching to thread 1 (Thread 0x7ffff7fcf740 (LWP 28251))]
#0  0x0000000000e11d62 in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
(gdb) bt
#0  0x0000000000e11d62 in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
#1  0x0000000000e124cb in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
#2  0x0000000000e124cb in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
#3  0x0000000000e1dcf8 in JSC::Yarr::YarrPattern::compile(JSC::UString const&) ()
#4  0x0000000000e1df98 in JSC::Yarr::YarrPattern::YarrPattern(JSC::UString const&, bool, bool, char const**) ()
#5  0x0000000000edc8e6 in JSC::RegExp::compile(JSC::JSGlobalData*) ()
#6  0x0000000000edd67b in JSC::RegExp::create(JSC::JSGlobalData*, JSC::UString const&, JSC::RegExpFlags) ()
#7  0x0000000000ee240c in JSC::RegExpCache::create(JSC::UString const&, JSC::RegExpFlags, WTF::HashTableIteratorAdapter<WTF::HashTable<JSC::RegExpKey, std::pair<JSC::RegExpKey, WTF::RefPtr<JSC::RegExp> >, WTF::PairFirstExtractor<std::pair<JSC::RegExpKey, WTF::RefPtr<JSC::RegExp> > >, WTF::RegExpHash<JSC::RegExpKey>, WTF::PairHashTraits<WTF::HashTraits<JSC::RegExpKey>, WTF::HashTraits<WTF::RefPtr<JSC::RegExp> > >, WTF::HashTraits<JSC::RegExpKey> >, std::pair<JSC::RegExpKey, WTF::RefPtr<JSC::RegExp> > >) ()
#8  0x0000000000ee2db0 in JSC::RegExpCache::lookupOrCreate(JSC::UString const&, JSC::RegExpFlags) ()
#9  0x0000000000edb781 in JSC::constructRegExp(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArgList const&) [clone .constprop.122] ()
#10 0x0000000000edc0f6 in JSC::constructWithRegExpConstructor(JSC::ExecState*) ()
#11 0x0000000000e809f7 in cti_op_construct_NotJSConstruct ()
#12 0x00007fffb001aa34 in ?? ()
#13 0x0000000000000000 in ?? ()
(gdb) t 2
[Switching to thread 2 (Thread 0x7ffff547e700 (LWP 28254))]
#0  0x00007ffff67cd84d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
82  ../sysdeps/unix/syscall-template.S: Нет такого файла или каталога.
(gdb) bt
#0  0x00007ffff67cd84d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007ffff67cd6ec in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00000000004d5607 in WTF::TCMalloc_PageHeap::scavengerThread() ()
#3  0x00000000004d58d9 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) ()
#4  0x00007ffff72e6e9a in start_thread (arg=0x7ffff547e700) at pthread_create.c:308
#5  0x00007ffff6801ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()
(gdb) t 3
[Switching to thread 3 (Thread 0x7ffff4c75700 (LWP 28255))]
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
82  ../sysdeps/unix/syscall-template.S: Нет такого файла или каталога.
(gdb) bt
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
#1  0x0000000001c44866 in qt_safe_select(int, fd_set*, fd_set*, fd_set*, timeval const*) ()
#2  0x0000000001c466b7 in QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) ()
#3  0x0000000001c46af3 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#4  0x0000000001c1cf62 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#5  0x0000000001c1d1bf in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
#6  0x0000000001b2f147 in QThread::exec() ()
#7  0x0000000001b31f0c in QThreadPrivate::start(void*) ()
#8  0x00007ffff72e6e9a in start_thread (arg=0x7ffff4c75700) at pthread_create.c:308
#9  0x00007ffff6801ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()
(gdb) t 4
[Switching to thread 4 (Thread 0x7fffaf3a9700 (LWP 28256))]
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
82  in ../sysdeps/unix/syscall-template.S
(gdb) bt
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
#1  0x0000000001c4480f in qt_safe_select(int, fd_set*, fd_set*, fd_set*, timeval const*) ()
#2  0x0000000001c466b7 in QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) ()
#3  0x0000000001c46af3 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#4  0x0000000001c1cf62 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#5  0x0000000001c1d1bf in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
#6  0x0000000001b2f147 in QThread::exec() ()
#7  0x0000000001b31f0c in QThreadPrivate::start(void*) ()
#8  0x00007ffff72e6e9a in start_thread (arg=0x7fffaf3a9700) at pthread_create.c:308
#9  0x00007ffff6801ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()
@vitallium
Copy link
Collaborator

Minimal example to reproduce this crash:

var r = new RegExp('(|^)required(|$)', 'ig');

@JamesMGreene
Copy link
Collaborator

I'm assuming it's the empty group parts, right?

@vitallium
Copy link
Collaborator

No crash in 2.0.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JamesMGreene @maybeshewill @vitallium