[Webkit-unassigned] [Bug 167878] New: CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 6 06:16:57 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=167878
Bug ID: 167878
Summary: CrashTracer: com.apple.WebKit.WebContent at WebCore:
WebCore::Node::invalidateStyle
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: koivisto at iki.fi
CC: cdumez at apple.com
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000014
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread: 0
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0 WebCore 0x000000018aa657d4 WebCore::Node::invalidateStyle(WebCore::Style::Validity, WebCore::Style::InvalidationMode) + 0 (Node.cpp:796)
1 WebCore 0x000000018ad35af8 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() + 104 (Function.h:50)
2 WebCore 0x000000018a1ff23c WebCore::Document::recalcStyle(WebCore::Style::Change) + 752 (Document.cpp:1844)
3 WebCore 0x0000000189f0a56c WebCore::Document::updateLayout() + 236 (Document.cpp:1893)
4 WebCore 0x000000018a1ff470 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 132 (Document.cpp:1951)
5 WebCore 0x0000000189f10cd4 WebCore::Element::getBoundingClientRect() + 44 (Element.cpp:1167)
6 WebCore 0x0000000189f10c20 WebCore::jsElementPrototypeFunctionGetBoundingClientRect(JSC::ExecState*) + 132 (JSElement.cpp:2931)
7 ??? 0x0000000280530030 0 + 10742857776
8 JavaScriptCore 0x00000001899a3608 llint_entry + 26408
9 JavaScriptCore 0x00000001899a3608 llint_entry + 26408
10 JavaScriptCore 0x00000001899a3608 llint_entry + 26408
11 JavaScriptCore 0x00000001899a3608 llint_entry + 26408
12 JavaScriptCore 0x00000001899a39a0 llint_entry + 27328
13 JavaScriptCore 0x000000018999cd18 vmEntryToJavaScript + 264
14 JavaScriptCore 0x0000000189885068 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 212 (JITCode.cpp:81)
15 JavaScriptCore 0x0000000189218534 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 416 (Interpreter.cpp:927)
16 WebCore 0x000000018a3ed3bc WebCore::HTMLMediaElement::didAddUserAgentShadowRoot(WebCore::ShadowRoot*) + 1072 (HTMLMediaElement.cpp:6642)
17 WebCore 0x000000018a2749ec WebCore::Element::addShadowRoot(WTF::Ref<WebCore::ShadowRoot>&&) + 260 (Element.cpp:1763)
18 WebCore 0x0000000189ea4040 WebCore::Element::ensureUserAgentShadowRoot() + 92 (Element.cpp:1856)
19 WebCore 0x000000018a3db9fc WebCore::HTMLMediaElement::configureMediaControls() + 304 (HTMLMediaElement.cpp:3891)
20 WebCore 0x000000018a0c461c WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 284 (ContainerNode.cpp:349)
21 WebCore 0x000000018a0c41a8 WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 36 (ContainerNode.cpp:802)
22 WebCore 0x000000018a0c3f68 WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&) + 320 (ContainerNode.cpp:691)
23 WebCore 0x000000018a0c3c3c WebCore::ContainerNode::insertBefore(WebCore::Node&, WebCore::Node*) + 332 (ContainerNode.cpp:254)
24 WebCore 0x000000018a7c3ed4 WebCore::JSNode::insertBefore(JSC::ExecState&) + 112 (JSNodeCustom.cpp:126)
25 WebCore 0x0000000189e7ca70 WebCore::jsNodePrototypeFunctionInsertBefore(JSC::ExecState*) + 108 (JSNode.cpp:674)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170206/03649f93/attachment-0001.html>
More information about the webkit-unassigned
mailing list