[Webkit-unassigned] [Bug 129561] New: REGRESSION: Crash in WebCore::RenderObject::invalidateContainerPreferredLogicalWidths()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Mar 1 14:58:39 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=129561

           Summary: REGRESSION: Crash in
                    WebCore::RenderObject::invalidateContainerPreferredLog
                    icalWidths()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: https://www.amazon.com/clouddrive
        OS/Version: Mac OS X 10.9
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com


Created an attachment (id=225571)
 --> (https://bugs.webkit.org/attachment.cgi?id=225571&action=review)
Crash log

r164916

Reproducibility: always

Steps:
1. https://www.amazon.com/clouddrive
2. Log in.

What happened:
Crash.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x0000000112ea0aec WebCore::RenderObject::invalidateContainerPreferredLogicalWidths() + 12
1   com.apple.WebCore                 0x0000000112efa222 WebCore::RenderTableCol::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 482
2   com.apple.WebCore                 0x0000000112e24f89 WebCore::RenderElement::setStyle(WTF::PassRef<WebCore::RenderStyle>) + 841
3   com.apple.WebCore                 0x0000000113013737 WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1255
4   com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
5   com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
6   com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
7   com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
8   com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
9   com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
10  com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
11  com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
12  com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
13  com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
14  com.apple.WebCore                 0x000000011301395a WebCore::Style::resolveTree(WebCore::Element&, WebCore::Style::Change) + 1802
15  com.apple.WebCore                 0x0000000113013240 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 256
16  com.apple.WebCore                 0x0000000112551a0b WebCore::Document::recalcStyle(WebCore::Style::Change) + 235
17  com.apple.WebCore                 0x000000011254ecc3 WebCore::Document::updateStyleIfNeeded() + 147
18  com.apple.WebCore                 0x000000011254f78e WebCore::Document::updateLayout() + 126
19  com.apple.WebCore                 0x00000001125520d6 WebCore::Document::updateLayoutIgnorePendingStylesheets() + 262
20  com.apple.WebCore                 0x00000001125ffb26 WebCore::Element::offsetWidth() + 22
21  com.apple.WebCore                 0x00000001129d0cfe WebCore::jsElementOffsetWidth(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) + 126
22  com.apple.JavaScriptCore          0x0000000111dd7572 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 626
23  com.apple.JavaScriptCore          0x0000000111f8fb97 operationGetByIdBuildList + 119
24  ???                               0x00004f0625cd5d97 0 + 86887822613911
25  com.apple.JavaScriptCore          0x000000011205dce9 llint_op_call + 130
26  ???                               0x0000000115f09000 0 + 4663054336
27  com.apple.JavaScriptCore          0x000000011205dce9 llint_op_call + 130
28  ???                               0x0000000114a50240 0 + 4641325632
29  ???                               0x00004f0625c01f1a 0 + 86887821745946
30  com.apple.JavaScriptCore          0x000000011205df1e llint_op_call_varargs + 139
31  ???                               0x0000000115746240 0 + 4654916160
32  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
33  ???                               0x0000000114a756c0 0 + 4641478336
34  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
35  ???                               0x0000000115746480 0 + 4654916736
36  ???                               0x00004f0625c9ffb7 0 + 86887822393271
37  com.apple.JavaScriptCore          0x000000011205de5c llint_op_construct + 209
38  ???                               0x0000000115d47240 0 + 4661211712
39  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
40  ???                               0x0000000115741b40 0 + 4654897984
41  com.apple.JavaScriptCore          0x000000011205dce9 llint_op_call + 130
42  ???                               0x0000000114ad2b40 0 + 4641860416
43  ???                               0x00004f0625d4bdb3 0 + 86887823097267
44  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
45  ???                               0x0000000114eb36c0 0 + 4645926592
46  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
47  ???                               0x0000000114ef5000 0 + 4646195200
48  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
49  ???                               0x0000000114a75000 0 + 4641476608
50  com.apple.JavaScriptCore          0x000000011205dce9 llint_op_call + 130
51  ???                               0x0000000114ad2b40 0 + 4641860416
52  com.apple.JavaScriptCore          0x000000011205dce9 llint_op_call + 130
53  ???                               0x0000000115a6a6c0 0 + 4658210496
54  com.apple.JavaScriptCore          0x000000011205dce9 llint_op_call + 130
55  ???                               0x0000000114eb36c0 0 + 4645926592
56  com.apple.JavaScriptCore          0x000000011205df1e llint_op_call_varargs + 139
57  ???                               0x0000000114a75240 0 + 4641477184
58  ???                               0x00004f0625c83f4f 0 + 86887822278479
59  ???                               0x00004f0625c6d52b 0 + 86887822185771
60  ???                               0x00004f0625c39f1f 0 + 86887821975327
61  ???                               0x00004f0625cb7eb4 0 + 86887822491316
62  ???                               0x00004f0625cba3fe 0 + 86887822500862
63  ???                               0x00004f0625c44b49 0 + 86887822019401
64  ???                               0x00004f0625c01f1a 0 + 86887821745946
65  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
66  ???                               0x00000001155326c0 0 + 4652738240
67  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
68  ???                               0x0000000114fbf000 0 + 4647022592
69  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
70  ???                               0x0000000114fbf240 0 + 4647023168
71  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
72  ???                               0x0000000114fb66c0 0 + 4646987456
73  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
74  ???                               0x0000000114fb6900 0 + 4646988032
75  com.apple.JavaScriptCore          0x000000011205dd54 llint_op_call + 237
76  ???                               0x000000011578d6c0 0 + 4655208128
77  ???                               0x00004f0625cf8f3b 0 + 86887822757691
78  ???                               0x00004f0625d1e923 0 + 86887822911779
79  com.apple.JavaScriptCore          0x00000001120589dd callToJavaScript + 321
80  ???                               0x0000000114e89900 0 + 4645755136
81  com.apple.JavaScriptCore          0x0000000111f773e3 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 35
82  com.apple.JavaScriptCore          0x0000000111f5d715 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 437
83  com.apple.JavaScriptCore          0x0000000111df6b4e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
84  com.apple.WebCore                 0x00000001129f1be8 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1000
85  com.apple.WebCore                 0x00000001126258de WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 750
86  com.apple.WebCore                 0x0000000112625526 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 166
87  com.apple.WebCore                 0x0000000112625468 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 88
88  com.apple.WebCore                 0x00000001131b0e07 WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 199
89  com.apple.WebCore                 0x00000001131b0e98 WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 56
90  com.apple.WebCore                 0x00000001131ac3e3 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 163
91  com.apple.WebCore                 0x00000001131afd41 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 385
92  com.apple.WebCore                 0x00000001123f4ee6 WebCore::CachedResource::checkNotify() + 166
93  com.apple.WebCore                 0x00000001123f219e WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*) + 206
94  com.apple.WebCore                 0x000000011301d34c WebCore::SubresourceLoader::didFinishLoading(double) + 92
95  com.apple.WebKit2                 0x0000000111a6dc09 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection*, IPC::MessageDecoder&) + 549
96  com.apple.WebKit2                 0x000000011193b35e WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 138
97  com.apple.WebKit2                 0x00000001118d5406 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 94
98  com.apple.WebKit2                 0x00000001118d757e IPC::Connection::dispatchOneMessage() + 106
99  com.apple.JavaScriptCore          0x00000001121a56b2 WTF::RunLoop::performWork() + 850
100 com.apple.JavaScriptCore          0x00000001121a5be2 WTF::RunLoop::performWork(void*) + 34
101 com.apple.CoreFoundation          0x00007fff8d901731 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
102 com.apple.CoreFoundation          0x00007fff8d8f2ea2 __CFRunLoopDoSources0 + 242
103 com.apple.CoreFoundation          0x00007fff8d8f262f __CFRunLoopRun + 831
104 com.apple.CoreFoundation          0x00007fff8d8f20b5 CFRunLoopRunSpecific + 309
105 com.apple.HIToolbox               0x00007fff86834a0d RunCurrentEventLoopInMode + 226
106 com.apple.HIToolbox               0x00007fff868347b7 ReceiveNextEventCommon + 479
107 com.apple.HIToolbox               0x00007fff868345bc _BlockUntilNextEventMatchingListInModeWithFilter + 65
108 com.apple.AppKit                  0x00007fff883343de _DPSNextEvent + 1434
109 com.apple.AppKit                  0x00007fff88333a2b -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
110 com.apple.AppKit                  0x00007fff88327b2c -[NSApplication run] + 553
111 com.apple.AppKit                  0x00007fff88312913 NSApplicationMain + 940
112 com.apple.XPCService              0x00007fff85c77c0f _xpc_main + 385
113 libxpc.dylib                      0x00007fff8cdacbde xpc_main + 399
114 com.apple.WebKit.WebContent.Development    0x000000010e6586a0 main + 16
115 libdyld.dylib                     0x00007fff835435fd start + 1

Expected result:
WebKit does not crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list