[Webkit-unassigned] [Bug 164084] New: ASSERTION FAILED: m_templateInsertionModes.isEmpty() in WebCore::HTMLTreeBuilder::finished
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 27 14:56:57 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=164084
Bug ID: 164084
Summary: ASSERTION FAILED: m_templateInsertionModes.isEmpty()
in WebCore::HTMLTreeBuilder::finished
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
CC: cdumez at apple.com
Load the attached test with debug WebKitTestRunner:
Checked version: e15d4df
OS: Darwin-15.6.0-x86_64-i386-64bit
<template><svg><image onload="history.back()"></image>
Backtrace:
ASSERTION FAILED: m_templateInsertionModes.isEmpty()
WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp(2847) : void WebCore::HTMLTreeBuilder::finished()
1 0x1128d6d41 WTFCrash
2 0x118e10b33 WebCore::HTMLTreeBuilder::finished()
3 0x118b7ee7c WebCore::HTMLDocumentParser::end()
4 0x118b7ab67 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
5 0x118b7a7ce WebCore::HTMLDocumentParser::prepareToStopParsing()
6 0x118b7ef1c WebCore::HTMLDocumentParser::attemptToEnd()
7 0x118b7ef74 WebCore::HTMLDocumentParser::finish()
8 0x118031a30 WebCore::DocumentWriter::end()
9 0x117f8abc7 WebCore::DocumentLoader::finishedLoading(double)
10 0x117f8a6fb WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&)
11 0x1172c1014 WebCore::CachedResource::checkNotify()
12 0x1172c1204 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
13 0x1172b6de5 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
14 0x11d0d6d5f WebCore::SubresourceLoader::didFinishLoading(double)
15 0x10a97f82f WebKit::WebResourceLoader::didFinishResourceLoad(double)
16 0x10a98dabf void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>)
17 0x10a98d765 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double))
18 0x10a98aa71 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double))
19 0x10a988e01 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)
20 0x10967a6da WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
21 0x10908ce0b IPC::Connection::dispatchMessage(IPC::Decoder&)
22 0x1090755f5 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
23 0x10908daf6 IPC::Connection::dispatchOneMessage()
24 0x10909e0ad IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()()
25 0x10909dfd9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call()
26 0x11295b361 WTF::Function<void ()>::operator()() const
27 0x1129a5027 WTF::RunLoop::performWork()
28 0x1129a5ef2 WTF::RunLoop::performWork(void*)
29 0x7fff8eaad7e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
30 0x7fff8ea8cf1c __CFRunLoopDoSources0
31 0x7fff8ea8c43f __CFRunLoopRun
ASAN:DEADLYSIGNAL
=================================================================
==6483==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001128d6d79 bp 0x7fff56d5c8a0 sp 0x7fff56d5c890 T0)
#0 0x1128d6d78 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78)
#1 0x118e10b32 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x212cb32)
#2 0x118b7ee7b in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9ae7b)
#3 0x118b7ab66 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e96b66)
#4 0x118b7a7cd in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e967cd)
#5 0x118b7ef1b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9af1b)
#6 0x118b7ef73 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9af73)
#7 0x118031a2f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x134da2f)
#8 0x117f8abc6 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a6bc6)
#9 0x117f8a6fa in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a66fa)
#10 0x1172c1013 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd013)
#11 0x1172c1203 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd203)
#12 0x1172b6de4 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d2de4)
#13 0x11d0d6d5e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63f2d5e)
#14 0x10a97f82e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1acb82e)
#15 0x10a98dabe in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9abe)
#16 0x10a98d764 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9764)
#17 0x10a98aa70 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad6a70)
#18 0x10a988e00 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad4e00)
#19 0x10967a6d9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c66d9)
#20 0x10908ce0a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8e0a)
#21 0x1090755f4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c15f4)
#22 0x10908daf5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d9af5)
#23 0x10909e0ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ea0ac)
#24 0x10909dfd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9fd8)
#25 0x11295b360 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e2d360)
#26 0x1129a5026 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77026)
#27 0x1129a5ef1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77ef1)
#28 0x7fff8eaad7e0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa7e0)
#29 0x7fff8ea8cf1b in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89f1b)
#30 0x7fff8ea8c43e in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8943e)
#31 0x7fff8ea8be37 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e37)
#32 0x7fff94359934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
#33 0x7fff9435976e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
#34 0x7fff943595ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
#35 0x7fff8fc63df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
#36 0x7fff8fc63225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
#37 0x7fff8fc57d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
#38 0x7fff8fc21367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
#39 0x7fff9a10e193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
#40 0x7fff9a10cbbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
#41 0x108ea0f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
#42 0x7fff914ac5ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#43 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) in WTFCrash
==6483==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 6483)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161027/4731a530/attachment-0001.html>
More information about the webkit-unassigned
mailing list