[Webkit-unassigned] [Bug 216007] New: REGRESSION(r266350): WebCore::ImageLoader::updateFromElement(WebCore::RelevantMutation)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 31 09:46:49 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=216007

            Bug ID: 216007
           Summary: REGRESSION(r266350):
                    WebCore::ImageLoader::updateFromElement(WebCore::Relev
                    antMutation)
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: hector_i_lopez at apple.com

Created attachment 407606

  --> https://bugs.webkit.org/attachment.cgi?id=407606&action=review

Crash log

imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/image-loading-lazy-slow.html

Test is a constant crash according to history on macOS and iOS. The first occurrence of a crash is at r266350.

History:
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Fsemantics%2Fembedded-content%2Fthe-img-element%2Fimage-loading-lazy-slow.html

Crash log:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x00000001079c56be WebCore::ImageLoader::updateFromElement(WebCore::RelevantMutation) + 1086
1   com.apple.WebCore                   0x0000000107703464 WebCore::HTMLImageElement::selectImageSource(WebCore::RelevantMutation) + 1060
2   com.apple.WebCore                   0x000000010750a8df WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 1327
3   com.apple.WebCore                   0x000000010770354e WebCore::HTMLImageElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 126
4   com.apple.WebCore                   0x0000000107509af0 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 848
5   com.apple.WebCore                   0x00000001067c8130 WebCore::setJSHTMLImageElementSrc(JSC::JSGlobalObject*, long long, long long) + 448
6   com.apple.JavaScriptCore            0x0000000101230a6f JSC::callCustomSetter(JSC::JSGlobalObject*, JSC::JSValue, bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue) + 31
7   com.apple.JavaScriptCore            0x00000001012f90ae JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 1134
8   com.apple.JavaScriptCore            0x0000000100799b04 llint_slow_path_put_by_id + 1252
9   com.apple.JavaScriptCore            0x00000001009a564d llint_entry + 38921
10  com.apple.JavaScriptCore            0x000000010099bc4f vmEntryToJavaScript + 216
11  com.apple.JavaScriptCore            0x0000000100fd6e16 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 518
12  com.apple.JavaScriptCore            0x00000001011fe303 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 147

or see attached

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200831/66a7076e/attachment-0001.htm>

More information about the webkit-unassigned mailing list