[Webkit-unassigned] [Bug 212067] New: STP crash in __NSFrozenArrayM objectAtIndexedSubscript: (twitter, layout?)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 19 03:03:25 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=212067

            Bug ID: 212067
           Summary: STP crash in __NSFrozenArrayM
                    objectAtIndexedSubscript: (twitter, layout?)
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: nigel at cherrybyte.me.uk
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 399726

  --> https://bugs.webkit.org/attachment.cgi?id=399726&action=review

text file of crash dump

Using STN 106 for regular browsing on MacOS 10.15.5 beta 19F83c.
Was viewing my twitter stream at the time.
Browser window suddenly disappears - crashed.

Stacktrace includes:

Crashing on exception: *** -[__NSFrozenArrayM objectAtIndexedSubscript:]: index 6 beyond bounds [0 .. 4]

Application Specific Backtrace 1:
0   CoreFoundation                      0x00007fff3644dbe7 __exceptionPreprocess + 250
1   libobjc.A.dylib                     0x00007fff6f2265bf objc_exception_throw + 48
2   CoreFoundation                      0x00007fff364fc60e -[__NSCFString characterAtIndex:].cold.1 + 0
3   CoreFoundation                      0x00007fff363e4c49 -[__NSFrozenArrayM objectAtIndexedSubscript:] + 116
4   Safari                              0x0000000105c43587 -[BrowserWindowTabViewController tabViewItemAtIndex:] + 55
5   Safari                              0x0000000105975a35 -[BrowserWindowController functionBarProvider:thumbnailProviderForTabAtIndex:] + 60
6   Safari                              0x0000000105d2cd95 -[WindowFunctionBarProvider visualScrubberViewController:contentViewProviderForItemAtIndex:] + 53
7   Safari                              0x0000000105ce4a80 -[VisualScrubberViewController _configureScrubberItemView:forUseAtIndex:] + 87
8   Safari                              0x0000000105ce452b -[VisualScrubberViewController scrubber:viewForItemAtIndex:] + 154
9   AppKit                              0x00007fff33ced25c -[NSScrubberDocumentView createItemViewForIndex:] + 115
10  AppKit                              0x00007fff3397dffd -[NSScrubberDocumentView viewForItemAtIndex:creatingIfNeeded:] + 104
11  AppKit                              0x00007fff33ce91c7 -[NSScrubberDocumentView applyItemAttributes:startingAttributes:withState:] + 701
12  AppKit                              0x00007fff33ce6e0f __57-[NSScrubberDocumentView layoutScrubberContentsAnimated:]_block_invoke.357 + 153
13  AppKit                              0x00007fff336774d0 +[NSAnimationContext runAnimationGroup:] + 55
14  AppKit                              0x00007fff33ce6b47 -[NSScrubberDocumentView layoutScrubberContentsAnimated:] + 873
15  AppKit                              0x00007fff33ce67b5 -[NSScrubberDocumentView layout] + 122
16  AppKit                              0x00007fff336b9b9a _NSViewLayout + 600
17  AppKit                              0x00007fff336b963e -[NSView _layoutSubtreeWithOldSize:] + 388

but will add full log as attachment.

Also opening as 'feedback' item (please advise if one or other is preferable, or if both is good practice - I'm unclear)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200519/bfda0349/attachment.htm>

More information about the webkit-unassigned mailing list