[Webkit-unassigned] [Bug 186766] [DEBUG] Crash under CSSPrimitiveValue::init() when transitioning background-position and reading the computed style
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 19 00:35:51 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=186766
Antoine Quint <graouts at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Crash under |[DEBUG] Crash under
|CSSPrimitiveValue::init() |CSSPrimitiveValue::init()
|when transitioning |when transitioning
|background-position and |background-position and
|reading the computed style |reading the computed style
--- Comment #3 from Antoine Quint <graouts at apple.com> ---
#0 0x000000024f993230 in ::WTFCrash() at /Source/WTF/wtf/Assertions.cpp:267
#1 0x0000000241bb0a55 in WebCore::CSSPrimitiveValue::init(WebCore::Length const&) at /Source/WebCore/css/CSSPrimitiveValue.cpp:416
#2 0x0000000241bb0801 in WebCore::CSSPrimitiveValue::CSSPrimitiveValue(WebCore::Length const&) at /Source/WebCore/css/CSSPrimitiveValue.cpp:334
#3 0x0000000241bb0add in WebCore::CSSPrimitiveValue::CSSPrimitiveValue(WebCore::Length const&) at /Source/WebCore/css/CSSPrimitiveValue.cpp:333
#4 0x0000000241b3b87e in WTF::Ref<WebCore::CSSPrimitiveValue, WTF::DumbPtrTraits<WebCore::CSSPrimitiveValue> > WebCore::CSSPrimitiveValue::create<WebCore::Length const&>(WebCore::Length const&&&) at /Source/WebCore/./css/CSSPrimitiveValue.h:388
#5 0x0000000241b1be24 in WTF::Ref<WebCore::CSSPrimitiveValue, WTF::DumbPtrTraits<WebCore::CSSPrimitiveValue> > WebCore::CSSValuePool::createValue<WebCore::Length const&>(WebCore::Length const&&&) at /Source/WebCore/css/CSSValuePool.h:67
#6 0x0000000241b10c04 in WebCore::ComputedStyleExtractor::valueForPropertyinStyle(WebCore::RenderStyle const&, WebCore::CSSPropertyID, WebCore::RenderElement*) at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:2818
#7 0x0000000241b0e86b in WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:2708
#8 0x0000000241b0e475 in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:2416
#9 0x0000000241b2899a in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal(WebCore::CSSPropertyID) at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:4296
#10 0x0000000241bca6c2 in WebCore::CSSStyleDeclaration::namedItem(WTF::AtomicString const&) at /Source/WebCore/css/CSSStyleDeclaration.cpp:264
#11 0x00000002403c59d8 in std::optional<WTF::Variant<WTF::String, double> > WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0::operator()<WebCore::JSCSSStyleDeclaration, JSC::PropertyName>(WebCore::JSCSSStyleDeclaration&, JSC::PropertyName) const at /Users/antoine/Builds/Debug/DerivedSources/WebCore/JSCSSStyleDeclaration.cpp:196
#12 0x00000002403b8673 in decltype(fp2(fp0fp1)) WebCore::accessVisibleNamedProperty<(WebCore::OverrideBuiltins)0, WebCore::JSCSSStyleDeclaration, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&>(JSC::ExecState&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&&&) at /Source/WebCore/bindings/js/JSDOMAbstractOperations.h:97
#13 0x00000002403b769e in WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) at /Users/antoine/Builds/Debug/DerivedSources/WebCore/JSCSSStyleDeclaration.cpp:201
#14 0x000000024fab3602 in JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) at /Source/JavaScriptCore/runtime/JSObjectInlines.h:150
#15 0x000000024fab2af6 in JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) at /Source/JavaScriptCore/runtime/JSObject.h:1407
#16 0x00000002502f6a72 in JSC::JSValue::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const at /Source/JavaScriptCore/runtime/JSCJSValueInlines.h:872
#17 0x00000002502de692 in JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const at /Source/JavaScriptCore/runtime/JSCJSValueInlines.h:826
#18 0x00000002509bb564 in ::llint_slow_path_get_by_id(JSC::ExecState *, JSC::Instruction *) at /Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:712
#19 0x000000024fa80a38 in llint_entry at /Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:58
#20 0x000000024fa7d282 in llintPCRangeStart at /Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:257
#21 0x00000002508d980a in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) at /Source/JavaScriptCore/jit/JITCodeInlines.h:38
#22 0x00000002508d9de0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Source/JavaScriptCore/interpreter/Interpreter.cpp:1023
#23 0x0000000250b67e6a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Source/JavaScriptCore/runtime/CallData.cpp:41
#24 0x0000000250b67f49 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) at /Source/JavaScriptCore/runtime/CallData.cpp:48
#25 0x0000000250b681ed in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) at /Source/JavaScriptCore/runtime/CallData.cpp:67
#26 0x00000002418d6d0b in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) at /Source/WebCore/bindings/js/JSMainThreadExecState.h:72
#27 0x0000000241959ac6 in WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) at /Source/WebCore/bindings/js/ScheduledAction.cpp:119
#28 0x0000000241959570 in WebCore::ScheduledAction::execute(WebCore::Document&) at /Source/WebCore/bindings/js/ScheduledAction.cpp:140
#29 0x0000000241959433 in WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) at /Source/WebCore/bindings/js/ScheduledAction.cpp:86
#30 0x00000002427382a9 in WebCore::DOMTimer::fired() at /Source/WebCore/page/DOMTimer.cpp:365
#31 0x000000024297c3c4 in WebCore::ThreadTimers::sharedTimerFiredInternal() at /Source/WebCore/platform/ThreadTimers.cpp:117
#32 0x0000000242991df1 in WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const at /Source/WebCore/platform/ThreadTimers.cpp:69
#33 0x0000000242991da9 in WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() at /Users/antoine/Builds/Debug/usr/local/include/wtf/Function.h:101
#34 0x000000024000f1fb in WTF::Function<void ()>::operator()() const at /Users/antoine/Builds/Debug/usr/local/include/wtf/Function.h:56
#35 0x0000000242954335 in WebCore::MainThreadSharedTimer::fired() at /Source/WebCore/platform/MainThreadSharedTimer.cpp:54
#36 0x00000002429f9519 in WebCore::timerFired(__CFRunLoopTimer*, void*) at /Source/WebCore/platform/cf/MainThreadSharedTimerCF.cpp:74
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180619/2b57d3bf/attachment-0001.html>
More information about the webkit-unassigned
mailing list