[Webkit-unassigned] [Bug 158297] Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 2 19:45:58 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=158297

--- Comment #3 from Chris Dumez <cdumez at apple.com> ---
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x7fff9553497a WTF::HashTableAddResult<WTF::HashTableIterator<std::__1::pair<WTF::String, bool>, WTF::KeyValuePair<std::__1::pair<WTF::String, bool>, WTF::RefPtr<WebCore::CSSPrimitiveValue> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WTF::String, bool>, WTF::RefPtr<WebCore::CSSPrimitiveValue> > >, WTF::PairHash<WTF::String, bool>, WTF::HashMap<std::__1::pair<WTF::String, bool>, WTF::RefPtr<WebCore::CSSPrimitiveValue>, WTF::PairHash<WTF::String, bool>, WTF::HashTraits<std::__1::pair<WTF::String, bool> >, WTF::HashTraits<WTF::RefPtr<WebCore::CSSPrimitiveValue> > >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WTF::String, bool> > > > WTF::HashMap<std::__1::pair<WTF::String, bool>, WTF::RefPtr<WebCore::CSSPrimitiveValue>, WTF::PairHash<WTF::String, bool>, WTF::HashTraits<std::__1::pair<WTF::String, bool> >, WTF::HashTraits<WTF::RefPtr<WebCore::CSSPrimitiveValue> > >::add<std::nullptr_t>(std::__1::pair<WTF::String, bool>&&
1   com.apple.WebCore                 0x7fff955344a2 WebCore::CSSValuePool::createFontFamilyValue(WTF::String const&, WebCore::FromSystemFontID) + 258 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.6.17/css/CSSValuePool.cpp:132)
2   com.apple.WebCore                 0x7fff952c563b WebCore::fontFamilyFromStyle(WebCore::RenderStyle*) + 267 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.6.17/css/CSSComputedStyleDeclaration.cpp:1594)
3   com.apple.WebCore                 0x7fff951cf7bb WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const + 8411 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.6.17/css/CSSComputedStyleDeclaration.cpp:2676)
4   com.apple.WebCore                 0x7fff951cd69e WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal(WebCore::CSSPropertyID) + 62 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.6.17/css/CSSComputedStyleDeclaration.cpp:2147)
5   com.apple.WebCore                 0x7fff951c57b4 WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 68 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.6.17/bindings/js/JSCSSStyleDeclarationCustom.cpp:303)
6   com.apple.WebCore                 0x7fff9589eb5c WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 460 (/Library/Caches/com.apple.xbs/Binaries/WebCore/WebCore-7601.6.17~1/Symbols/BuiltProducts/DerivedSources/WebCore/JSCSSStyleDeclaration.cpp:207)
7   com.apple.JavaScriptCore          0x7fff8be84193 llint_slow_path_get_by_id + 1091 (/Library/Caches/com.apple.xbs/Sources/JavaScriptCore/JavaScriptCore-7601.6.13/runtime/JSObject.h:1154)
8   com.apple.JavaScriptCore          0x00007fff8c2185f0 llint_entry + 10503

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160603/85096785/attachment-0001.html>

More information about the webkit-unassigned mailing list