Bug 207699

Summary:

New crash when passing Swift [:] into jsvalue.invokeMethod

Product:

WebKit

Reporter:

Jesse Grosjean <jesse>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED INVALID

Severity:

Major

CC:

ap, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Mac

OS:

macOS 10.15

Attachments:

Description	Flags
jsvalue.invokeMethod causes crash when using params [options ?? [:]]	none

Description Jesse Grosjean 2020-02-13 09:01:47 PST

I have for a number of years been using this pattern when calling a method on jsValue to handle optional parameters:

public func doit(_ options: [String : Any]?) {  
    jsValueOutline.invokeMethod("doit", withArguments: [options ?? [:]])  
}

In particular notice the code: `options ?? [:]`

This stated crashing for me recently with this stack:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread  
0   libobjc.A.dylib               0x00007fff6eb583c9 class_conformsToProtocol + 170  
1   com.apple.JavaScriptCore       0x00007fff3858d6bd objectToValueWithoutCopy(JSContext*, objc_object*) + 77  
2   com.apple.JavaScriptCore       0x00007fff3858cf3a objectToValue(JSContext*, objc_object*) + 74  
3   com.apple.JavaScriptCore       0x00007fff3858ed17 -[JSValue invokeMethod:withArguments:] + 151  


I "think" it's related to 10.15.4 beta, but not entirely sure. It's odd in that I couldn't reproduce it for a day (I was getting user reports of it) ... and then "all of the sudden" I could reproduce it every time. The only change that I remember making is that I enabled Safari debugger Safari > My Computer > Automatically Show Web Inspector for JSContexts .. and also Pause those contexts.

I am able to fix the problem by chaining the above code to:

publicfunc doit(_ options: [String : Any]?) {  
    jsValueOutline.invokeMethod("doit", withArguments: [options as Any])  
}

Note that the `options ?? [:]` code is now changed to `options as Any`.

I've posted a thread on this issue in the developer forums:

https://forums.developer.apple.com/thread/129058

Comment 1 Alexey Proskuryakov 2020-02-16 18:22:20 PST

Thank you for the report! Could you please provide a complete test case?

Comment 2 Radar WebKit Bug Importer 2020-02-16 18:22:50 PST

<rdar://problem/59498452>

Comment 3 Alexey Proskuryakov 2020-02-17 09:21:59 PST

It's been found that this is an issue in some Swift code outside WebKit, so marking as INVALID. This will continue to be tracked by Apple internally.

A test project would still be useful to double-check the finding, if possible.

Comment 4 Jesse Grosjean 2020-02-17 10:35:07 PST

Created attachment 390935 [details]
jsvalue.invokeMethod causes crash when using params [options ?? [:]]