[Webkit-unassigned] [Bug 224992] New: Crash in constructCustomElementSynchronously

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 23 13:51:17 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=224992

            Bug ID: 224992
           Summary: Crash in constructCustomElementSynchronously
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org

e.g.

Thread 0 Crashed:
0   JavaScriptCore                      0x00000001af960020 JSC::construct(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::ArgList const&, JSC::JSValue) + 20 (JSGlobalObject.h:1041)
1   WebCore                             0x00000001b342a918 WebCore::JSCustomElementInterface::tryToConstructCustomElement(WebCore::Document&, WTF::AtomString const&) + 512 (ConstructData.h:45)
2   WebCore                             0x00000001b342a518 WebCore::JSCustomElementInterface::constructElementWithFallback(WebCore::Document&, WTF::AtomString const&) + 48 (JSCustomElementInterface.cpp:62)
3   WebCore                             0x00000001b3afc954 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 2372 (HTMLDocumentParser.cpp:233)
4   WebCore                             0x00000001b3afd008 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString&&) + 196 (HTMLDocumentParser.cpp:196)
5   WebCore                             0x00000001b36e857c WebCore::Document::write(WebCore::Document*, WebCore::SegmentedString&&) + 220 (Document.cpp:3308)
6   WebCore                             0x00000001b36e8708 WebCore::Document::write(WebCore::Document*, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 324 (Document.cpp:3321)
7   WebCore                             0x00000001b29b5d00 WebCore::jsDocumentPrototypeFunction_write(JSC::JSGlobalObject*, JSC::CallFrame*) + 176 (JSDocument.cpp:5826)
8   ???                                 0x0000000e8df14c04 0 + 62510943236

<rdar://66988026>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210423/e3d65f6d/attachment-0001.htm>

More information about the webkit-unassigned mailing list