[Webkit-unassigned] [Bug 178859] New: ASSERTION FAILED: source.currentCharacter() == character in WebCore::HTMLTokenizer::commitToPartialEndTag
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 26 05:22:16 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178859
Bug ID: 178859
Summary: ASSERTION FAILED: source.currentCharacter() ==
character in
WebCore::HTMLTokenizer::commitToPartialEndTag
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
Created attachment 324992
--> https://bugs.webkit.org/attachment.cgi?id=324992&action=review
Test
Checked version: 9e82982
OS: macOS Sierra (10.12.6)
Load the attached test with debug WebKitTestRunner (missing closing >):
<script></script
Backtrace:
ASSERTION FAILED: source.currentCharacter() == character
WebKit/Source/WebCore/html/parser/HTMLTokenizer.cpp(160) : bool WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString &, UChar, WebCore::HTMLTokenizer::State)
1 0x13ba13321 WTFCrash
2 0x119c7f3d3 WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString&, unsigned short, WebCore::HTMLTokenizer::State)
3 0x119c833ea WebCore::HTMLTokenizer::processToken(WebCore::SegmentedString&)
4 0x11997abef WebCore::HTMLTokenizer::nextToken(WebCore::SegmentedString&)
5 0x119b8c22a WebCore::HTMLMetaCharsetParser::checkForMetaCharset(char const*, unsigned long)
6 0x1205fe66c WebCore::TextResourceDecoder::checkForMetaCharset(char const*, unsigned long)
7 0x1205fe4e7 WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&)
8 0x1205fffad WebCore::TextResourceDecoder::decode(char const*, unsigned long)
9 0x11f9ef82a WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long)
10 0x120440ea2 WebCore::DocumentWriter::addData(char const*, unsigned long)
11 0x120438e41 WebCore::DocumentLoader::commitData(char const*, unsigned long)
12 0x111e73d39 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
13 0x12043f299 WebCore::DocumentLoader::commitLoad(char const*, int)
14 0x12043ef79 WebCore::DocumentLoader::dataReceived(char const*, int)
15 0x120440f29 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int)
16 0x120440f6a non-virtual thunk to WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int)
17 0x1206c1b3b WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int)
18 0x1206c1785 WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&)
19 0x1205f5bbb WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType)
20 0x1205f5444 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType)
21 0x112a39e86 WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long)
22 0x112a472ba void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>)
23 0x112a46f29 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long))
24 0x112a4437a void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long))
25 0x112a425ce WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)
26 0x11103b572 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
27 0x1109b688b IPC::Connection::dispatchMessage(IPC::Decoder&)
28 0x11099a199 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
29 0x1109b75b8 IPC::Connection::dispatchOneMessage()
30 0x1109f64bd IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()()
31 0x1109f63e9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call()
ASAN:DEADLYSIGNAL
=================================================================
==83675==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00013ba13359 bp 0x7fff51281370 sp 0x7fff51281360 T0)
==83675==The signal is caused by a WRITE memory access.
==83675==WARNING: invalid path to external symbolizer!
==83675==WARNING: Failed to use and restart external symbolizer!
#0 0x13ba13358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358)
#1 0x119c7f3d2 in WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString&, unsigned short, WebCore::HTMLTokenizer::State) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x152d3d2)
#2 0x119c833e9 in WebCore::HTMLTokenizer::processToken(WebCore::SegmentedString&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x15313e9)
#3 0x11997abee in WebCore::HTMLTokenizer::nextToken(WebCore::SegmentedString&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1228bee)
#4 0x119b8c229 in WebCore::HTMLMetaCharsetParser::checkForMetaCharset(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x143a229)
#5 0x1205fe66b in WebCore::TextResourceDecoder::checkForMetaCharset(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7eac66b)
#6 0x1205fe4e6 in WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7eac4e6)
#7 0x1205fffac in WebCore::TextResourceDecoder::decode(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7eadfac)
#8 0x11f9ef829 in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x729d829)
#9 0x120440ea1 in WebCore::DocumentWriter::addData(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ceeea1)
#10 0x120438e40 in WebCore::DocumentLoader::commitData(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce6e40)
#11 0x111e73d38 in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x17dfd38)
#12 0x12043f298 in WebCore::DocumentLoader::commitLoad(char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ced298)
#13 0x12043ef78 in WebCore::DocumentLoader::dataReceived(char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7cecf78)
#14 0x120440f28 in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ceef28)
#15 0x120440f69 in non-virtual thunk to WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ceef69)
#16 0x1206c1b3a in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6fb3a)
#17 0x1206c1784 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6f784)
#18 0x1205f5bba in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea3bba)
#19 0x1205f5443 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea3443)
#20 0x112a39e85 in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a5e85)
#21 0x112a472b9 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b32b9)
#22 0x112a46f28 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b2f28)
#23 0x112a44379 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b0379)
#24 0x112a425cd in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23ae5cd)
#25 0x11103b571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571)
#26 0x1109b688a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a)
#27 0x11099a198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198)
#28 0x1109b75b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7)
#29 0x1109f64bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc)
#30 0x1109f63e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8)
#31 0x13baad7e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2)
#32 0x13bb04cec in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefcec)
#33 0x13bb05d78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78)
#34 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320)
#35 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c)
#36 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715)
#37 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
#38 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
#39 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
#40 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
#41 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
#42 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
#43 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
#44 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
#45 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
#46 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
#47 0x10e978dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0)
#48 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)
==83675==Register values:
rax = 0x00000000bbadbeef rbx = 0x00007fff51281440 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000
rdi = 0x00001fffea250224 rsi = 0x0000000000000000 rbp = 0x00007fff51281370 rsp = 0x00007fff51281360
r8 = 0x00000000000000ac r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff
r12 = 0x00001c4a00061c57 r13 = 0x00007fff51283000 r14 = 0x000062500030c100 r15 = 0x000062500030e2b9
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash
==83675==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 83675)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171026/d61222cd/attachment-0001.html>
More information about the webkit-unassigned
mailing list