[Webkit-unassigned] [Bug 207241] New: Nullptr crash in WebCore::findPlaceForCounter with pseudo element that has display:contents host.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 4 16:59:54 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=207241

            Bug ID: 207241
           Summary: Nullptr crash in WebCore::findPlaceForCounter with
                    pseudo element that has display:contents host.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: shihchieh_lee at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

#0 0x6cd809ff6 in WTF::CompactPointerTuple<WebCore::RenderObject*, unsigned char>::pointer() const (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x1b1ff6)
    #1 0x6cd808158 in WebCore::ContainerNode::renderer() const (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x1b0158)
    #2 0x6d212a27c in WebCore::findPlaceForCounter(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4ad227c)
    #3 0x6d20e4232 in WebCore::makeCounterNode(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4a8c232)
    #4 0x6d212a238 in WebCore::findPlaceForCounter(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4ad2238)
    #5 0x6d20e4232 in WebCore::makeCounterNode(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4a8c232)
    #6 0x6d212a238 in WebCore::findPlaceForCounter(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4ad2238)
    #7 0x6d20e4232 in WebCore::makeCounterNode(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4a8c232)
    #8 0x6d212a238 in WebCore::findPlaceForCounter(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4ad2238)
    #9 0x6d20e4232 in WebCore::makeCounterNode(WebCore::RenderElement&, WTF::AtomString const&, bool) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4a8c232)
    #10 0x6d20e6b6d in WebCore::RenderCounter::rendererStyleChanged(WebCore::RenderElement&, WebCore::RenderStyle const*, WebCore::RenderStyle const*) (Safari_ASAN_253172_f531ec5cc151748b9076fdeddffd01afaa1fa5e4.app/Contents/Frameworks/WebCore.framework/Versions/A/WebCore:x86_64+0x4a8eb6d)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200205/89d0ce3c/attachment.htm>

More information about the webkit-unassigned mailing list