[Webkit-unassigned] [Bug 194335] New: Extension style sheet mutation in middle of style resolution because animation code triggers a resource load

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 6 01:58:49 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=194335

            Bug ID: 194335
           Summary: Extension style sheet mutation in middle of style
                    resolution because animation code triggers a resource
                    load
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: koivisto at iki.fi

This stack shows we are triggering a resource load from ImplicitAnimation::reset and then mutating an extension stylesheet via ExtensionStyleSheets::addDisplayNoneSelector.

0   WebCore                             0x00000001a0245d08 WTFCrashWithInfo(int, char const*, char const*, int) + 20
1   WebCore                             0x00000001a0ef3178 WebCore::StyleResolver::~StyleResolver() + 796 (Assertions.h:578)
2   WebCore                             0x00000001a1904074 WebCore::Style::Scope::scheduleUpdate(WebCore::Style::Scope::UpdateType) + 168 (memory:2321)
3   WebCore                             0x00000001a10107a4 WebCore::ExtensionStyleSheets::addDisplayNoneSelector(WTF::String const&, WTF::String const&, unsigned int) + 348 (ExtensionStyleSheets.cpp:172)
4   WebCore                             0x00000001a0e11f20 WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad(WTF::URL const&, WebCore::ResourceType, WebCore::DocumentLoader&) + 872 (ContentExtensionsBackend.cpp:190)
5   WebCore                             0x00000001a14176e4 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&&, WebCore::CachedResourceLoader::ForPreload, WebCore::CachedResourceLoader::DeferOption) + 880 (CachedResourceLoader.cpp:814)
6   WebCore                             0x00000001a1416f68 WebCore::CachedResourceLoader::requestImage(WebCore::CachedResourceRequest&&) + 268 (CachedResourceLoader.cpp:213)
7   WebCore                             0x00000001a0e98d10 WebCore::CSSImageValue::loadImage(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 492 (CSSImageValue.cpp:78)
8   WebCore                             0x00000001a18a8884 WebCore::StyleCachedImage::load(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 80 (StyleCachedImage.cpp:91)
9   WebCore                             0x00000001a18ffc74 WebCore::Style::loadPendingImage(WebCore::Document&, WebCore::StyleImage const*, WebCore::Element const*, WebCore::Style::LoadPolicy) + 460 (StylePendingResources.cpp:62)
10  WebCore                             0x00000001a18ff930 WebCore::Style::loadPendingResources(WebCore::RenderStyle&, WebCore::Document&, WebCore::Element const*) + 64 (StylePendingResources.cpp:68)
11  WebCore                             0x00000001a14e9484 WebCore::ImplicitAnimation::reset(WebCore::RenderStyle const&, WebCore::CompositeAnimation&) + 112 (ImplicitAnimation.cpp:206)
12  WebCore                             0x00000001a14e9350 WebCore::ImplicitAnimation::animate(WebCore::CompositeAnimation&, WebCore::RenderStyle const&, std::__1::unique_ptr<WebCore::RenderStyle, std::__1::default_delete<WebCore::RenderStyle> >&, bool&) + 88 (ImplicitAnimation.cpp:75)
13  WebCore                             0x00000001a14d3724 WebCore::CompositeAnimation::animate(WebCore::Element&, WebCore::RenderStyle const*, WebCore::RenderStyle const&) + 252 (CompositeAnimation.cpp:300)
14  WebCore                             0x00000001a14d359c WebCore::CSSAnimationController::updateAnimations(WebCore::Element&, WebCore::RenderStyle const&, WebCore::RenderStyle const*) + 220 (CSSAnimationController.cpp:633)
15  WebCore                             0x00000001a1906aac WebCore::Style::TreeResolver::createAnimatedElementUpdate(std::__1::unique_ptr<WebCore::RenderStyle, std::__1::default_delete<WebCore::RenderStyle> >, WebCore::Element&, WebCore::Style::Change) + 416 (StyleTreeResolver.cpp:312)
16  WebCore                             0x00000001a19065dc WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) + 344 (StyleTreeResolver.cpp:208)
17  WebCore                             0x00000001a19073dc WebCore::Style::TreeResolver::resolveComposedTree() + 1204 (StyleTreeResolver.cpp:493)
18  WebCore                             0x00000001a19080cc WebCore::Style::TreeResolver::resolve() + 720 (StyleTreeResolver.cpp:551)
19  WebCore                             0x00000001a0fbcee8 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 920 (Document.cpp:1935)
20  WebCore                             0x00000001a0fbd924 WebCore::Document::updateStyleIfNeeded() + 436 (Document.cpp:2064)
21  WebCore                             0x00000001a0279e2c WebCore::Timer::fired() + 32 (Function.h:56)
22  WebCore                             0x00000001a15388c8 WebCore::ThreadTimers::sharedTimerFiredInternal() + 196 (ThreadTimers.cpp:129)
23  WebCore                             0x00000001a1522308 WebCore::MainThreadSharedTimer::fired() + 32 (Function.h:56)
24  WebCore                             0x00000001a1557ba8 WebCore::timerFired(__CFRunLoopTimer*, void*) + 32 (MainThreadSharedTimerCF.cpp:74)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190206/315dca4e/attachment-0001.html>

More information about the webkit-unassigned mailing list