[Webkit-unassigned] [Bug 224902] New: imported/w3c/web-platform-tests/css/css-will-change/parsing/will-change-invalid.html crashes on debug build

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 21 15:48:45 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=224902

            Bug ID: 224902
           Summary: imported/w3c/web-platform-tests/css/css-will-change/pa
                    rsing/will-change-invalid.html crashes on debug build
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ntim at apple.com

Created attachment 426749

  --> https://bugs.webkit.org/attachment.cgi?id=426749&action=review

crash-log.txt

Seems memory related.

ASSERTION FAILED: m_ptr
/Volumes/Data/Code/Safari/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h(79) : Ref<T> WTF::RefPtr<WebCore::CSSPrimitiveValue, WTF::RawPtrTraits<WebCore::CSSPrimitiveValue>, WTF::DefaultRefDerefTraits<WebCore::CSSPrimitiveValue>>::releaseNonNull() [T = WebCore::CSSPrimitiveValue, _PtrTraits = WTF::RawPtrTraits<WebCore::CSSPrimitiveValue>, _RefDerefTraits = WTF::DefaultRefDerefTraits<WebCore::CSSPrimitiveValue>]
1   0x13376adf8 WTFCrash
2   0x1164c09c4 WebCore::JSHTMLScriptElement::createPrototype(JSC::VM&, WebCore::JSDOMGlobalObject&)
3   0x118457608 WTF::RefPtr<WebCore::CSSPrimitiveValue, WTF::RawPtrTraits<WebCore::CSSPrimitiveValue>, WTF::DefaultRefDerefTraits<WebCore::CSSPrimitiveValue> >::releaseNonNull()
4   0x11864a1f0 WebCore::consumeWillChange(WebCore::CSSParserTokenRange&)
5   0x118643b94 WebCore::CSSPropertyParser::parseSingleValue(WebCore::CSSPropertyID, WebCore::CSSPropertyID)
6   0x118643548 WebCore::CSSPropertyParser::parseValueStart(WebCore::CSSPropertyID, bool)
7   0x118642e58 WebCore::CSSPropertyParser::parseValue(WebCore::CSSPropertyID, bool, WebCore::CSSParserTokenRange const&, WebCore::CSSParserContext const&, WTF::Vector<WebCore::CSSProperty, 256ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::StyleRuleType)
8   0x11862aa5c WebCore::CSSParserImpl::consumeDeclarationValue(WebCore::CSSParserTokenRange, WebCore::CSSPropertyID, bool, WebCore::StyleRuleType)
9   0x11862436c WebCore::CSSParserImpl::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserContext const&)
10  0x118624118 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties&, WebCore::CSSPropertyID, WTF::String const&, bool)
11  0x1186240a8 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties&, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserContext const&)
12  0x1185fb380 WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserContext)
13  0x1185d9b50 WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool)
14  0x11853d0f0 WebCore::CSSStyleDeclaration::setPropertyValueForDashedIDLAttribute(WTF::AtomString const&, WTF::String const&)
15  0x115e9fb48 WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)::'lambda'()::operator()() const
16  0x115e9fa64 void WebCore::invokeFunctorPropagatingExceptionIfNecessary<WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)::'lambda'()&&)
17  0x115e9f9e8 WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)
18  0x115e0d9b4 bool WebCore::IDLAttribute<WebCore::JSCSSStyleDeclaration>::setPassingPropertyName<&(WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, long long, long long, JSC::PropertyName)
19  0x115e0d870 WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttribute(JSC::JSGlobalObject*, long long, long long, JSC::PropertyName)
20  0x134fe5b7c JSC::callCustomSetter(JSC::JSGlobalObject*, bool (*)(JSC::JSGlobalObject*, long long, long long, JSC::PropertyName), bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue, JSC::PropertyName)
21  0x1351cf0e4 JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
22  0x1352cf5d4 JSC::JSObject::putInlineForJSObject(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
23  0x1351c1340 JSC::JSObject::put(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
24  0x134b9e7e4 JSC::JSValue::put(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
25  0x134d259f8 llint_slow_path_put_by_val
26  0x133cfa58c llint_function_for_construct_arity_checkTagGateAfter
27  0x280004308
28  0x280004008
29  0x280004008
30  0x2800041e8
31  0x280004728
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210421/62588cf1/attachment.htm>

More information about the webkit-unassigned mailing list