[Webkit-unassigned] [Bug 178867] New: ASSERTION FAILED: match() == PseudoClass in WebCore::CSSSelector::pseudoClassType
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 26 07:09:31 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178867
Bug ID: 178867
Summary: ASSERTION FAILED: match() == PseudoClass in
WebCore::CSSSelector::pseudoClassType
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
Created attachment 325007
--> https://bugs.webkit.org/attachment.cgi?id=325007&action=review
Test
Load the attached test with debug WebKitTestRunner:
<style>
.a:after:not(.b) {}
</style>
Checked version: 9e82982
OS: macOS Sierra (10.12.6)
Backtrace:
ASSERTION FAILED: match() == PseudoClass
WebKit/Source/WebCore/css/CSSSelector.h(263) : WebCore::CSSSelector::PseudoClassType WebCore::CSSSelector::pseudoClassType() const
1 0x1340f9321 WTFCrash
2 0x117c8705f WebCore::CSSSelector::pseudoClassType() const
3 0x117f403ea WebCore::(anonymous namespace)::isSimpleSelectorValidAfterPseudoElement(WebCore::CSSParserSelector const&, WebCore::CSSSelector::PseudoElementType)
4 0x117f3b1ac WebCore::CSSSelectorParser::consumeCompoundSelector(WebCore::CSSParserTokenRange&)
5 0x117f3784d WebCore::CSSSelectorParser::consumeComplexSelector(WebCore::CSSParserTokenRange&)
6 0x117f36aae WebCore::CSSSelectorParser::consumeComplexSelectorList(WebCore::CSSParserTokenRange&)
7 0x117f367d3 WebCore::CSSSelectorParser::parseSelector(WebCore::CSSParserTokenRange, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*)
8 0x117ebebee WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange)
9 0x117eb1011 WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType)
10 0x117eb1757 bool WebCore::CSSParserImpl::consumeRuleList<WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::$_2>(WebCore::CSSParserTokenRange, WebCore::CSSParserImpl::RuleListType, WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::$_2)
11 0x117e9f541 WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)
12 0x117e9f14b WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WebCore::CSSParser::RuleParsing)
13 0x117e46559 WebCore::StyleSheetContents::parseString(WTF::String const&)
14 0x1182c5025 WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&)
15 0x1182c3cb3 WebCore::InlineStyleSheetOwner::createSheetFromTextContents(WebCore::Element&)
16 0x1182c403b WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&)
17 0x11231c9a9 WebCore::HTMLStyleElement::finishParsingChildren()
18 0x112082888 WebCore::HTMLElementStack::popCommon()
19 0x112083c40 WebCore::HTMLElementStack::pop()
20 0x1123963d2 WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&&)
21 0x112391c7b WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&&)
22 0x1123908bc WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&)
23 0x112060fb8 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&)
24 0x112060918 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
25 0x11205d637 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
26 0x11205cd70 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
27 0x112062a93 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&)
28 0x1180d5b9e WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
29 0x118b1f22c WebCore::DocumentWriter::end()
30 0x118b1d794 WebCore::DocumentLoader::finishedLoading()
31 0x118b1d164 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&)
ASAN:DEADLYSIGNAL
=================================================================
==85093==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001340f9359 bp 0x7fff5883fa10 sp 0x7fff5883fa00 T0)
==85093==The signal is caused by a WRITE memory access.
==85093==WARNING: invalid path to external symbolizer!
==85093==WARNING: Failed to use and restart external symbolizer!
#0 0x1340f9358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358)
#1 0x117c8705e in WebCore::CSSSelector::pseudoClassType() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x6e4f05e)
#2 0x117f403e9 in WebCore::(anonymous namespace)::isSimpleSelectorValidAfterPseudoElement(WebCore::CSSParserSelector const&, WebCore::CSSSelector::PseudoElementType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x71083e9)
#3 0x117f3b1ab in WebCore::CSSSelectorParser::consumeCompoundSelector(WebCore::CSSParserTokenRange&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x71031ab)
#4 0x117f3784c in WebCore::CSSSelectorParser::consumeComplexSelector(WebCore::CSSParserTokenRange&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70ff84c)
#5 0x117f36aad in WebCore::CSSSelectorParser::consumeComplexSelectorList(WebCore::CSSParserTokenRange&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70feaad)
#6 0x117f367d2 in WebCore::CSSSelectorParser::parseSelector(WebCore::CSSParserTokenRange, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70fe7d2)
#7 0x117ebebed in WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7086bed)
#8 0x117eb1010 in WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7079010)
#9 0x117eb1756 in bool WebCore::CSSParserImpl::consumeRuleList<WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::$_2>(WebCore::CSSParserTokenRange, WebCore::CSSParserImpl::RuleListType, WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::$_2) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7079756)
#10 0x117e9f540 in WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7067540)
#11 0x117e9f14a in WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WebCore::CSSParser::RuleParsing) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x706714a)
#12 0x117e46558 in WebCore::StyleSheetContents::parseString(WTF::String const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x700e558)
#13 0x1182c5024 in WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x748d024)
#14 0x1182c3cb2 in WebCore::InlineStyleSheetOwner::createSheetFromTextContents(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x748bcb2)
#15 0x1182c403a in WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x748c03a)
#16 0x11231c9a8 in WebCore::HTMLStyleElement::finishParsingChildren() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x14e49a8)
#17 0x112082887 in WebCore::HTMLElementStack::popCommon() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x124a887)
#18 0x112083c3f in WebCore::HTMLElementStack::pop() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x124bc3f)
#19 0x1123963d1 in WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x155e3d1)
#20 0x112391c7a in WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1559c7a)
#21 0x1123908bb in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x15588bb)
#22 0x112060fb7 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1228fb7)
#23 0x112060917 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1228917)
#24 0x11205d636 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1225636)
#25 0x11205cd6f in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224d6f)
#26 0x112062a92 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122aa92)
#27 0x1180d5b9d in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x729db9d)
#28 0x118b1f22b in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce722b)
#29 0x118b1d793 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5793)
#30 0x118b1d163 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5163)
#31 0x118b1da8b in non-virtual thunk to WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5a8b)
#32 0x118dadee8 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f75ee8)
#33 0x118da6003 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6e003)
#34 0x118da7f92 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6ff92)
#35 0x118cd8f9f in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea0f9f)
#36 0x10a338f59 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a6f59)
#37 0x10a3459df in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b39df)
#38 0x10a3455f8 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b35f8)
#39 0x10a34281f in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b081f)
#40 0x10a34084a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23ae84a)
#41 0x108939571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571)
#42 0x1082b488a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a)
#43 0x108298198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198)
#44 0x1082b55b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7)
#45 0x1082f44bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc)
#46 0x1082f43e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8)
#47 0x1341937e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2)
#48 0x1341eae1e in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefe1e)
#49 0x1341ebd78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78)
#50 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320)
#51 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c)
#52 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715)
#53 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
#54 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
#55 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
#56 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
#57 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
#58 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
#59 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
#60 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
#61 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
#62 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
#63 0x1073b6dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0)
#64 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)
==85093==Register values:
rax = 0x00000000bbadbeef rbx = 0x00007fff5883ff00 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000
rdi = 0x00001fffeb107ef8 rsi = 0x0000000000000000 rbp = 0x00007fff5883fa10 rsp = 0x00007fff5883fa00
r8 = 0x0000000000000042 r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff
r12 = 0xf2f2f200f201f2f2 r13 = 0xf200f201f1f1f1f1 r14 = 0x01f2f2f200f2f2f2 r15 = 0xf201f2f2f200f201
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash
==85093==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 85093)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171026/4d649a75/attachment-0001.html>
More information about the webkit-unassigned
mailing list