[Webkit-unassigned] [Bug 202878] New: [iOS] Crash in WebCore::DOMWindow::incrementScrollEventListenersCount

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 11 23:18:09 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=202878

            Bug ID: 202878
           Summary: [iOS] Crash in
                    WebCore::DOMWindow::incrementScrollEventListenersCount
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org

e.g.
0   com.apple.WebCore                   0x0000000106a24527 WebCore::DOMWindow::incrementScrollEventListenersCount() + 7
1   com.apple.WebCore                   0x000000010656fa29 WebCore::Node::addEventListener(WTF::AtomString const&, WTF::Ref<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::EventTarget::AddEventListenerOptions const&) + 441
2   com.apple.WebCore                   0x000000010654c30a WebCore::EventTarget::setAttributeEventListener(WTF::AtomString const&, WTF::RefPtr<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::DOMWrapperWorld&) + 474
3   com.apple.WebCore                   0x0000000106277aed WebCore::setEventHandlerAttribute(JSC::ExecState&, JSC::JSObject&, WebCore::EventTarget&, WTF::AtomString const&, JSC::JSValue) + 285
4   com.apple.WebCore                   0x0000000105aa948b WebCore::setJSDocumentOnscroll(JSC::ExecState*, long long, long long) + 107
5   JavaScriptCore                      0x00000001050cf19f JSC::callCustomSetter(JSC::ExecState*, JSC::JSValue, bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue) + 31
6   JavaScriptCore                      0x000000010517f922 JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 994
7   JavaScriptCore                      0x0000000105170126 JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 486
8   JavaScriptCore                      0x0000000104f3ac4c llint_slow_path_put_by_val + 1772

<rdar://problem/55609133>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191012/45b0386a/attachment.html>

More information about the webkit-unassigned mailing list