invalid construct crashes when debugger activated
Reported by
vandy...@gmail.com,
Apr 25 2017
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0 Steps to reproduce the problem: 1. Iterate an array with forEach() 2. Within the body use continue; 3. Load source in page 4. Open dev tools What is the expected behavior? Probably I should just be told it's a syntax error (Firefox does) What went wrong? SEGV of web page Did this work before? N/A Chrome version: 57.0.2987.98 Channel: stable OS Version: 8.7 Flash Version:
,
Apr 28 2017
,
Apr 28 2017
wow. thanks for the report and please provide more details.
I load following script via data url [1].
<script>eval('[1,2,3].forEach(_ => {continue})'));</script>
Open DevTools, no crash to me. I checked stable, canary and ToT.
[1] data:text/html;charset=utf-8,<script>eval%28%27%5B1%2C2%2C3%5D.forEach%28_%20%3D>%20%7B%20continue%20%7D%29%27%29<%2Fscript>
,
Apr 28 2017
Hi, happily I just recreated it (original source had drifted forward).
<html>
<head>
<title>Test Array forEach</title>
</head>
<body>
<script>
const foo = [1, 2, 3, 4];
function runit() {
foo.forEach( v => {
if (v > 2) {
continue;
}
console.log(v);
} );
}
</script>
<button onclick="runit();">Run Me</button>
</body>
</html>
I load that (on an HTTPS web page, if that matters) and then open dev
tools. Sometimes I have to walk the source and it bombs when I click
the source line (to set a breakpoint) on the continue. Other times
just opening the dev tools makes it bomb.
"continue" shouldn't even be allowed in that context, right? (I hit
this when converting control structures).
This is Debian: Linux pacman 3.16.0-4-686-pae #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) i686 GNU/Linux
And in case it's any help at all:
Received signal 11 SEGV_MAPERR 000000000000
#0 0x0000b0e9d45a <unknown>
#1 0x0000aeccdd28 ([vdso]+0xd27)
#2 0x0000afe9c9bd <unknown>
#3 0x0000afecdfa1 <unknown>
#4 0x0000afec3b7d <unknown>
#5 0x0000afec0c88 <unknown>
#6 0x0000af8c3136 <unknown>
#7 0x0000af8c1dac <unknown>
#8 0x0000af8c2053 <unknown>
#9 0x0000af8c1e1b <unknown>
#10 0x0000afb4ba52 <unknown>
#11 0x0000afafc312 <unknown>
#12 0x0000afb1fe9a <unknown>
#13 0x0000afb1ff34 <unknown>
#14 0x0000af668854 <unknown>
#15 0x0000af668abf <unknown>
#16 0x0000af8c0abc <unknown>
#17 0x0000af504022 <unknown>
#18 0x0000afec0368 <unknown>
#19 0x0000afeb4e46 <unknown>
#20 0x0000afe54e63 <unknown>
#21 0x0000afe5035c <unknown>
#22 0x0000afe3cdb5 <unknown>
#23 0x0000afed4223 <unknown>
#24 0x0000b3c9a5fa <unknown>
#25 0x0000b33ec888 <unknown>
#26 0x0000b47a23b2 <unknown>
#27 0x0000b47a2082 <unknown>
#28 0x0000b47a169c <unknown>
#29 0x0000b46630e6 <unknown>
#30 0x0000b4d006cd <unknown>
#31 0x0000b322773b <unknown>
#32 0x0000b4d00624 <unknown>
#33 0x0000b322a7f9 <unknown>
#34 0x0000b19ed160 <unknown>
#35 0x0000b19ef5bc <unknown>
#36 0x0000b0f47c71 <unknown>
#37 0x0000b3367666 <unknown>
#38 0x0000b3365b97 <unknown>
#39 0x0000b3369772 <unknown>
#40 0x0000b0f47c71 <unknown>
#41 0x0000b0ebf489 <unknown>
#42 0x0000b0ebf8af <unknown>
#43 0x0000b0ebfc88 <unknown>
#44 0x0000b0ec2548 <unknown>
#45 0x0000b0ebf1d5 <unknown>
#46 0x0000b0ee89df <unknown>
#47 0x0000b46d99f5 <unknown>
#48 0x0000b0a3fc03 <unknown>
#49 0x0000b0a4021d <unknown>
#50 0x0000b0a410e1 <unknown>
#51 0x0000b0a3f755 <unknown>
#52 0x0000af10ce88 ChromeMain
#53 0x0000af10cdbb <unknown>
#54 0x0000ad4f7a63 __libc_start_main
#55 0x0000af10cc3a <unknown>
gs: 00000033 fs: 00000000 es: 0000007b ds: 0000007b
edi: b85005a0 esi: b84aa8f0 ebp: bfc38df8 esp: bfc38de0
ebx: b75dc524 edx: bfc38f58 ecx: 25e80000 eax: 00000000
trp: 0000000e err: 00000004 ip: afe9c9bd cs: 00000073
efl: 00010286 usp: bfc38de0 ss: 0000007b
[end of stack trace]
,
Apr 28 2017
Thank you very much! I can reproduce it by setting breakpoint at line with continue.
,
Apr 28 2017
,
May 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f79c3b51426b5b68f044593979a674106a5432c6 commit f79c3b51426b5b68f044593979a674106a5432c6 Author: kozyatinskiy <kozyatinskiy@chromium.org> Date: Mon May 01 19:44:13 2017 [inspector] entered into context before getPossibleBreakpoints call getPossibleBreakpoints implementation can enforce function compilation which potentially can produce syntax error, we need to have a context to correctly report this error. BUG= chromium:715334 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2851853002 Cr-Commit-Position: refs/heads/master@{#45003} [modify] https://crrev.com/f79c3b51426b5b68f044593979a674106a5432c6/src/inspector/v8-debugger-agent-impl.cc [add] https://crrev.com/f79c3b51426b5b68f044593979a674106a5432c6/test/inspector/debugger/get-possible-breakpoints-lazy-error-expected.txt [add] https://crrev.com/f79c3b51426b5b68f044593979a674106a5432c6/test/inspector/debugger/get-possible-breakpoints-lazy-error.js
,
May 4 2017
,
Jul 10 2017
5.9 is already on stable thus please don't merge to 5.9. |
||||
►
Sign in to add a comment |
||||
Comment 1 by nyerramilli@google.com
, Apr 28 2017