[Webkit-unassigned] [Bug 200635] New: Crash in Document::updateResizeObservations()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 12 11:29:27 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=200635

            Bug ID: 200635
           Summary: Crash in Document::updateResizeObservations()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com

We're getting reports of crashes in Resize Observer code:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000008
VM Region Info: 0x8 is not in any region.  Bytes before following region: 4331192312
      REGION TYPE                      START - END             [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                 000000010228c000-0000000102290000 [   16K] r-x/r-x SM=COW  ...it.WebContent

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [1353]
Triggered by Thread:  0

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebCore                             0x00000001c2abda8c WebCore::Document::updateResizeObservations(WebCore::Page&) + 156 (WeakPtr.h:64)
1   WebCore                             0x00000001c2abdaa4 WebCore::Document::updateResizeObservations(WebCore::Page&) + 180 (Document.cpp:7525)
2   WebCore                             0x00000001c2f82d68 WebCore::Page::updateRendering() + 364 (Page.cpp:1313)
3   WebKit                              0x00000001c1760318 WebKit::RemoteLayerTreeDrawingArea::flushLayers() + 132 (RemoteLayerTreeDrawingArea.mm:374)
4   WebCore                             0x00000001c302e6a4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 216 (ThreadTimers.cpp:129)
5   WebCore                             0x00000001c3051644 WebCore::timerFired(__CFRunLoopTimer*, void*) + 28 (MainThreadSharedTimerCF.cpp:74)
6   CoreFoundation                      0x00000001ba1bb5b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 (CFRunLoop.c:1757)
7   CoreFoundation                      0x00000001ba1bb2f0 __CFRunLoopDoTimer + 880 (CFRunLoop.c:2348)
8   CoreFoundation                      0x00000001ba1ba9c0 __CFRunLoopDoTimers + 276 (CFRunLoop.c:2503)
9   CoreFoundation                      0x00000001ba1b5afc __CFRunLoopRun + 1920 (CFRunLoop.c:0)
10  CoreFoundation                      0x00000001ba1b5054 CFRunLoopRunSpecific + 464 (CFRunLoop.c:3183)
11  Foundation                          0x00000001ba4f38c4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 228 (NSRunLoop.m:374)
12  Foundation                          0x00000001ba52d2d4 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:399)
13  libxpc.dylib                        0x00000001b9e15360 _xpc_objc_main + 304 (main.m:179)
14  libxpc.dylib                        0x00000001b9e17ca0 xpc_main + 148 (init.c:1568)
15  WebKit                              0x00000001c184dc6c WebKit::XPCServiceMain(int, char const**) + 360 (XPCServiceMain.mm:147)
16  libdyld.dylib                       0x00000001ba040c7c start + 4

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190812/d031e720/attachment.html>

More information about the webkit-unassigned mailing list