JS crash

[xmbshwll]

PhantomJS binary always crashes on some sites. Looks like JSCore problem.

Example command:

../bin/phantomjs rasterize.js http://nohasslecontractorinsurance.com/ test.png

Here is the backtrace:

(gdb) i th
  Id   Target Id         Frame 
  4    Thread 0x7fffaf3a9700 (LWP 28256) "QThread" 0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
  3    Thread 0x7ffff4c75700 (LWP 28255) "QThread" 0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
  2    Thread 0x7ffff547e700 (LWP 28254) "phantomjs" 0x00007ffff67cd84d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
  1    Thread 0x7ffff7fcf740 (LWP 28251) "phantomjs" 0x0000000000e11d62 in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
(gdb) t 1
[Switching to thread 1 (Thread 0x7ffff7fcf740 (LWP 28251))]
#0  0x0000000000e11d62 in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
(gdb) bt
#0  0x0000000000e11d62 in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
#1  0x0000000000e124cb in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
#2  0x0000000000e124cb in JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets(JSC::Yarr::PatternDisjunction*, unsigned int, unsigned int) ()
#3  0x0000000000e1dcf8 in JSC::Yarr::YarrPattern::compile(JSC::UString const&) ()
#4  0x0000000000e1df98 in JSC::Yarr::YarrPattern::YarrPattern(JSC::UString const&, bool, bool, char const**) ()
#5  0x0000000000edc8e6 in JSC::RegExp::compile(JSC::JSGlobalData*) ()
#6  0x0000000000edd67b in JSC::RegExp::create(JSC::JSGlobalData*, JSC::UString const&, JSC::RegExpFlags) ()
#7  0x0000000000ee240c in JSC::RegExpCache::create(JSC::UString const&, JSC::RegExpFlags, WTF::HashTableIteratorAdapter<WTF::HashTable<JSC::RegExpKey, std::pair<JSC::RegExpKey, WTF::RefPtr<JSC::RegExp> >, WTF::PairFirstExtractor<std::pair<JSC::RegExpKey, WTF::RefPtr<JSC::RegExp> > >, WTF::RegExpHash<JSC::RegExpKey>, WTF::PairHashTraits<WTF::HashTraits<JSC::RegExpKey>, WTF::HashTraits<WTF::RefPtr<JSC::RegExp> > >, WTF::HashTraits<JSC::RegExpKey> >, std::pair<JSC::RegExpKey, WTF::RefPtr<JSC::RegExp> > >) ()
#8  0x0000000000ee2db0 in JSC::RegExpCache::lookupOrCreate(JSC::UString const&, JSC::RegExpFlags) ()
#9  0x0000000000edb781 in JSC::constructRegExp(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArgList const&) [clone .constprop.122] ()
#10 0x0000000000edc0f6 in JSC::constructWithRegExpConstructor(JSC::ExecState*) ()
#11 0x0000000000e809f7 in cti_op_construct_NotJSConstruct ()
#12 0x00007fffb001aa34 in ?? ()
#13 0x0000000000000000 in ?? ()
(gdb) t 2
[Switching to thread 2 (Thread 0x7ffff547e700 (LWP 28254))]
#0  0x00007ffff67cd84d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
82  ../sysdeps/unix/syscall-template.S: Нет такого файла или каталога.
(gdb) bt
#0  0x00007ffff67cd84d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007ffff67cd6ec in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00000000004d5607 in WTF::TCMalloc_PageHeap::scavengerThread() ()
#3  0x00000000004d58d9 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) ()
#4  0x00007ffff72e6e9a in start_thread (arg=0x7ffff547e700) at pthread_create.c:308
#5  0x00007ffff6801ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()
(gdb) t 3
[Switching to thread 3 (Thread 0x7ffff4c75700 (LWP 28255))]
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
82  ../sysdeps/unix/syscall-template.S: Нет такого файла или каталога.
(gdb) bt
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
#1  0x0000000001c44866 in qt_safe_select(int, fd_set*, fd_set*, fd_set*, timeval const*) ()
#2  0x0000000001c466b7 in QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) ()
#3  0x0000000001c46af3 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#4  0x0000000001c1cf62 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#5  0x0000000001c1d1bf in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
#6  0x0000000001b2f147 in QThread::exec() ()
#7  0x0000000001b31f0c in QThreadPrivate::start(void*) ()
#8  0x00007ffff72e6e9a in start_thread (arg=0x7ffff4c75700) at pthread_create.c:308
#9  0x00007ffff6801ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()
(gdb) t 4
[Switching to thread 4 (Thread 0x7fffaf3a9700 (LWP 28256))]
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
82  in ../sysdeps/unix/syscall-template.S
(gdb) bt
#0  0x00007ffff67fb033 in select () at ../sysdeps/unix/syscall-template.S:82
#1  0x0000000001c4480f in qt_safe_select(int, fd_set*, fd_set*, fd_set*, timeval const*) ()
#2  0x0000000001c466b7 in QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) ()
#3  0x0000000001c46af3 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#4  0x0000000001c1cf62 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#5  0x0000000001c1d1bf in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
#6  0x0000000001b2f147 in QThread::exec() ()
#7  0x0000000001b31f0c in QThreadPrivate::start(void*) ()
#8  0x00007ffff72e6e9a in start_thread (arg=0x7fffaf3a9700) at pthread_create.c:308
#9  0x00007ffff6801ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()

[vitallium]

Minimal example to reproduce this crash:

var r = new RegExp('(|^)required(|$)', 'ig');

[JamesMGreene]

I'm assuming it's the empty group parts, right?

[vitallium]

No crash in 2.0.