[Webkit-unassigned] [Bug 211159] Specific dom node order of Shadow DOM (re)projection causes crash

Wed Apr 29 17:57:52 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=211159

Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |webkit-bug-importer at group.a
                   |                            |pple.com
            Summary|Specific dom node order of  |Specific dom node order of
                   |Shadow DOM (re)projection   |Shadow DOM (re)projection
                   |causes segfault             |causes crash

--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x00007fff40c872a3 WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation(WebCore::RenderBlock&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 67
1   com.apple.WebCore                   0x00007fff40c86f56 WebCore::RenderTreeBuilder::Block::attach(WebCore::RenderBlock&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 86
2   com.apple.WebCore                   0x00007fff40c8ae4a WebCore::RenderTreeBuilder::BlockFlow::attach(WebCore::RenderBlockFlow&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 298
3   com.apple.WebCore                   0x00007fff40c86d7b WebCore::RenderTreeBuilder::attach(WebCore::RenderElement&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 1739
4   com.apple.WebCore                   0x00007fff40c96d08 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) + 5912
5   com.apple.WebCore                   0x00007fff4024f89c WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 1468
6   com.apple.WebCore                   0x00007fff3ef6d044 WebCore::Document::updateStyleIfNeeded() + 468
7   com.apple.WebCore                   0x00007fff3ef6cb0b WebCore::Document::finishedParsing() + 539
8   com.apple.WebCore                   0x00007fff3ef641b4 WebCore::HTMLDocumentParser::prepareToStopParsing() + 196
9   com.apple.WebCore                   0x00007fff3ef63ed4 WebCore::HTMLDocumentParser::finish() + 388
10  com.apple.WebCore                   0x00007fff406eff21 WebCore::DocumentLoader::finishedLoading() + 545
11  com.apple.WebCore                   0x00007fff3efce24c WebCore::CachedResource::checkNotify() + 92
12  com.apple.WebCore                   0x00007fff4077d099 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 1241

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200430/46314b71/attachment.htm>