Bug 220458

Summary:

Crash in JavaScriptCore after using reassigned JSContext variable

Product:

WebKit

Reporter:

Maarten Engels <maartene>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

maartene, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Other

Hardware:

All

OS:

All

Attachments:

Description	Flags
Xcode example program to show bug	none

Description Maarten Engels 2021-01-08 01:00:17 PST

Created attachment 417255 [details]
Xcode example program to show bug

I'm using a simple wrapper around JavaScriptCore: SwiftJS (https://github.com/SusanDoggie/SwiftJS) 

The wrapper uses:
* libjavascriptcoregtk-4.0-18 on Linux (tested on Ubuntu 20.04.1 LTS on ARM64)
* "Built in" JavaScriptCore on macOS (tested on macOS 11.1 Intel)
Both environments exhibit the same behaviour.

Actual behaviour
This wrapper crashes when trying to use an existing variable that has a new JSContext assigned. This looks like the bug described in https://bugs.webkit.org/show_bug.cgi?id=129070 but that one should already be fixed.

Expected behaviour
After assigning a new JSContext the old JSContext should be freed (this happens), the new one should be initialized (this also happens) and should after that be accessible just like the earlier one. (this does not happen) 

Steps to reproduce
See attached project for an example. Just build and run the project.

Now, this could be the due to a bug in the wrapper. However, the wrapper code seems simple enough, so perhaps there is a bug in JavaScriptCore?

See also issue: https://github.com/SusanDoggie/SwiftJS/issues/1 

Kind regards,

Maarten

Comment 1 Radar WebKit Bug Importer 2021-01-15 01:01:12 PST

<rdar://problem/73238355>