[Webkit-unassigned] [Bug 192347] New: Crash in HTMLCollection::updateNamedElementCache
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 3 19:43:03 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=192347
Bug ID: 192347
Summary: Crash in HTMLCollection::updateNamedElementCache
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rniwa at webkit.org
CC: cdumez at apple.com
e.g.
0 com.apple.WebCore 0x00007fff56800e90 WebCore::HTMLCollection::updateNamedElementCache() const + 192
1 com.apple.WebCore 0x00007fff56800b76 WebCore::HTMLCollection::namedItemSlow(WTF::AtomicString const&) const + 22
2 com.apple.WebCore 0x00007fff55fe674e WebCore::CachedHTMLCollection<WebCore::HTMLOptionsCollection, (WebCore::CollectionTraversalType)0>::namedItem(WTF::AtomicString const&) const + 590
3 com.apple.WebCore 0x00007fff55fde376 WebCore::JSHTMLOptionsCollection::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 502
4 com.apple.JavaScriptCore 0x00007fff4b979360 llint_slow_path_get_by_id + 2256
5 com.apple.JavaScriptCore 0x00007fff4b983d56 llint_entry + 12436
6 com.apple.JavaScriptCore 0x00007fff4b987ef7 llint_entry + 29237
7 com.apple.JavaScriptCore 0x00007fff4b980ada vmEntryToJavaScript + 304
8 com.apple.JavaScriptCore 0x00007fff4bfdf063 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 147
9 com.apple.JavaScriptCore 0x00007fff4b7f6ea4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 548
<rdar://problem/38054346>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181204/ca32b660/attachment.html>
More information about the webkit-unassigned
mailing list