[Webkit-unassigned] [Bug 158445] New: Using requestAnimationFrame, rewriting a style node's textContent can cause WebKit to crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 6 16:04:40 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=158445
Bug ID: 158445
Summary: Using requestAnimationFrame, rewriting a style node's
textContent can cause WebKit to crash
Classification: Unclassified
Product: WebKit
Version: Safari 9
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Major
Priority: P2
Component: CSS
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dfreedm at google.com
Created attachment 280641
--> https://bugs.webkit.org/attachment.cgi?id=280641&action=review
Minimal Repro
Using requestAnimationFrame, rewriting a style node's textContent can cause WebKit to crash
This reproduction seems to take between 1 and 10 loads to see the issue
Steps to reproduce
1. Open Safari
2. Open Inspector (no real need here, just more obvious when a crash occurs as the inspector will close)
3. Load attached `minimal.html`
4. Reload as necessary
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160606/66a2d817/attachment.html>
More information about the webkit-unassigned
mailing list