[Webkit-unassigned] [Bug 185493] New: Release assert in TreeScopeOrderedMap::remove via HTMLImageElement::removedFromAncestor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 9 14:46:16 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=185493

            Bug ID: 185493
           Summary: Release assert in TreeScopeOrderedMap::remove via
                    HTMLImageElement::removedFromAncestor
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: cdumez at apple.com

e.g.
ASSERTION FAILED: entry.registeredElements.remove(&element)
./dom/TreeScopeOrderedMap.cpp(84) : void WebCore::TreeScopeOrderedMap::remove(const WTF::AtomicStringImpl &, WebCore::Element &)
1   0x6477df959 WTFCrash
2   0x6477df979 WTFCrashWithSecurityImplication
3   0x639fc81f8 WebCore::TreeScopeOrderedMap::remove(WTF::AtomicStringImpl const&, WebCore::Element&)
4   0x639fc996d WebCore::TreeScope::removeImageElementByUsemap(WTF::AtomicStringImpl const&, WebCore::HTMLImageElement&)
5   0x63a1c9ef4 WebCore::HTMLImageElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&)
6   0x639daa3cb WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&)
7   0x639daa498 WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&)
8   0x639daa2b1 WebCore::notifyChildNodeRemoved(WebCore::ContainerNode&, WebCore::Node&)
9   0x639da6879 WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource)
10  0x639da619e WebCore::ContainerNode::removeChild(WebCore::Node&)
11  0x63a090b0e WebCore::ReplacementFragment::removeNode(WebCore::Node&)
12  0x63a090543 WebCore::ReplacementFragment::removeUnrenderedNodes(WebCore::Node*)
13  0x63a08ff05 WebCore::ReplacementFragment::ReplacementFragment(WebCore::Document&, WebCore::DocumentFragment*, WebCore::VisibleSelection const&)
14  0x63a09085d WebCore::ReplacementFragment::ReplacementFragment(WebCore::Document&, WebCore::DocumentFragment*, WebCore::VisibleSelection const&)
15  0x63a093bfc WebCore::ReplaceSelectionCommand::ensureReplacementFragment()
16  0x63a093a19 WebCore::ReplaceSelectionCommand::willApplyCommand()
17  0x639ffaef6 WebCore::CompositeEditCommand::apply()

<rdar://problem/38362600>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180509/8fe80619/attachment.html>

More information about the webkit-unassigned mailing list