[Webkit-unassigned] [Bug 222725] New: UAF in LibWebRTCMediaEndpoint::addTrack via RTCPeerConnection::addTrack

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 4 01:50:50 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=222725

            Bug ID: 222725
           Summary: UAF in LibWebRTCMediaEndpoint::addTrack via
                    RTCPeerConnection::addTrack
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: youennf at gmail.com

Created attachment 422203

  --> https://bugs.webkit.org/attachment.cgi?id=422203&action=review

Test

e.g.

==28284==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000d01b0 at pc 0x000118be20ce bp 0x7ffee82c0bd0 sp 0x7ffee82c0bc8
READ of size 8 at 0x6030000d01b0 thread T0
==28284==WARNING: invalid path to external symbolizer!
==28284==WARNING: Failed to use and restart external symbolizer!
    #0 0x118be20cd in WebCore::LibWebRTCMediaEndpoint::addTrack(WebCore::LibWebRTCRtpSenderBackend&, WebCore::MediaStreamTrack&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)+0x7cd (WebCore.framework/Versions/A/WebCore:x86_64+0x23a0cd)
    #1 0x118c0f81d in WebCore::LibWebRTCPeerConnectionBackend::addTrack(WebCore::MediaStreamTrack&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)+0x1bd (WebCore.framework/Versions/A/WebCore:x86_64+0x26781d)
    #2 0x11b23498f in WebCore::RTCPeerConnection::addTrack(WTF::Ref<WebCore::MediaStreamTrack, WTF::RawPtrTraits<WebCore::MediaStreamTrack> >&&, WTF::Vector<std::__1::reference_wrapper<WebCore::MediaStream>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)+0x67f (WebCore.framework/Versions/A/WebCore:x86_64+0x288c98f)
    #3 0x119def642 in WebCore::jsRTCPeerConnectionPrototypeFunction_addTrackBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSRTCPeerConnection*)+0x242 (WebCore.framework/Versions/A/WebCore:x86_64+0x1447642)
    #4 0x119def35b in long long WebCore::IDLOperation<WebCore::JSRTCPeerConnection>::call<&(WebCore::jsRTCPeerConnectionPrototypeFunction_addTrackBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSRTCPeerConnection*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)+0xfb (WebCore.framework/Versions/A/WebCore:x86_64+0x144735b)
    #5 0x119de49b8 in WebCore::jsRTCPeerConnectionPrototypeFunction_addTrack(JSC::JSGlobalObject*, JSC::CallFrame*)+0x8 (WebCore.framework/Versions/A/WebCore:x86_64+0x143c9b8)
    #6 0x5781f5a011d7  (<unknown module>)
    #7 0x13947b0fa in llint_entry+0x1ad52 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xc530fa)
    #8 0x1394601a8 in vmEntryToJavaScript+0xd7 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xc381a8)
    #9 0x13aca8961 in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)+0x611 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2480961)
    #10 0x13b390af4 in JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)+0x64 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2b68af4)
    #11 0x13b390bef in JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)+0xdf (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2b68bef)
    #12 0x13b390fab in JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)+0x10b (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2b68fab)
    #13 0x11ba7c2e8 in WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)+0xe8 (WebCore.framework/Versions/A/WebCore:x86_64+0x30d42e8)
    #14 0x11baa88ca in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)+0xaaa (WebCore.framework/Versions/A/WebCore:x86_64+0x31008ca)
    #15 0x11c3a8992 in WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)+0x522 (WebCore.framework/Versions/A/WebCore:x86_64+0x3a00992)
    #16 0x11c3a8232 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)+0x1b2 (WebCore.framework/Versions/A/WebCore:x86_64+0x3a00232)
    #17 0x11d396454 in WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*)+0x304 (WebCore.framework/Versions/A/WebCore:x86_64+0x49ee454)
    #18 0x11d1a1227 in WebCore::FrameLoader::dispatchUnloadEvents(WebCore::UnloadEventPolicy)+0x627 (WebCore.framework/Versions/A/WebCore:x86_64+0x47f9227)
    #19 0x11d1a0a69 in WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy)+0xb9 (WebCore.framework/Versions/A/WebCore:x86_64+0x47f8a69)
    #20 0x11d1a1d91 in WebCore::FrameLoader::closeURL()+0x201 (WebCore.framework/Versions/A/WebCore:x86_64+0x47f9d91)
    #21 0x11d1ba211 in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*)+0x261 (WebCore.framework/Versions/A/WebCore:x86_64+0x4812211)
    #22 0x11d1b8e11 in WebCore::FrameLoader::commitProvisionalLoad()+0x4e1 (WebCore.framework/Versions/A/WebCore:x86_64+0x4810e11)
    #23 0x11d11d715 in WebCore::DocumentLoader::commitIfReady()+0x45 (WebCore.framework/Versions/A/WebCore:x86_64+0x4775715)
    #24 0x11d11dfd5 in WebCore::DocumentLoader::finishedLoading()+0x225 (WebCore.framework/Versions/A/WebCore:x86_64+0x4775fd5)
    #25 0x11d12cd2a in WebCore::DocumentLoader::maybeLoadEmpty()+0x6aa (WebCore.framework/Versions/A/WebCore:x86_64+0x4784d2a)
    #26 0x11d12d077 in WebCore::DocumentLoader::startLoadingMainResource()+0x1f7 (WebCore.framework/Versions/A/WebCore:x86_64+0x4785077)

0x6030000d01b0 is located 0 bytes inside of 32-byte region [0x6030000d01b0,0x6030000d01d0)
freed by thread T0 here:
    #0 0x116bb5c6d in wrap__ZdlPv+0x7d (/Volumes/Xcode12B5025c_m19A603010_m20D40_m20A2353_i18D42_FastSim_Boost_43GB/Xcode.app/Contents/Developer/Toolchains/OSX11.2.xctoolchain/usr/lib/clang/12.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x55c6d)
    #1 0x11dc927c5 in rtc::RefCountedObject<webrtc::PeerConnectionFactoryProxyWithInternal<webrtc::PeerConnectionFactoryInterface> >::~RefCountedObject()+0x15 (WebCore.framework/Versions/A/WebCore:x86_64+0x52ea7c5)
    #2 0x11dc92783 in rtc::RefCountedObject<webrtc::PeerConnectionFactoryProxyWithInternal<webrtc::PeerConnectionFactoryInterface> >::Release() const+0x53 (WebCore.framework/Versions/A/WebCore:x86_64+0x52ea783)
    #3 0x11dc91c6b in rtc::scoped_refptr<webrtc::PeerConnectionFactoryInterface>::~scoped_refptr()+0x4b (WebCore.framework/Versions/A/WebCore:x86_64+0x52e9c6b)
    #4 0x11dc78af8 in rtc::scoped_refptr<webrtc::PeerConnectionFactoryInterface>::~scoped_refptr()+0x8 (WebCore.framework/Versions/A/WebCore:x86_64+0x52d0af8)
    #5 0x11dc79030 in rtc::scoped_refptr<webrtc::PeerConnectionFactoryInterface>& rtc::scoped_refptr<webrtc::PeerConnectionFactoryInterface>::operator=<webrtc::PeerConnectionFactoryProxyWithInternal<webrtc::PeerConnectionFactoryInterface> >(rtc::scoped_refptr<webrtc::PeerConnectionFactoryProxyWithInternal<webrtc::PeerConnectionFactoryInterface> >&&)+0xd0 (WebCore.framework/Versions/A/WebCore:x86_64+0x52d1030)
    #6 0x11dc78d3e in WebCore::LibWebRTCProvider::setPeerConnectionFactory(rtc::scoped_refptr<webrtc::PeerConnectionFactoryInterface>&&)+0x10e (WebCore.framework/Versions/A/WebCore:x86_64+0x52d0d3e)
    #7 0x159ca6090 in WebCore::useRealRTCPeerConnectionFactory(WebCore::LibWebRTCProvider&)+0xe0 (libWebCoreTestSupport.dylib:x86_64+0x358090)
    #8 0x15995149a in WebCore::Internals::resetToConsistentState(WebCore::Page&)+0x57a (libWebCoreTestSupport.dylib:x86_64+0x349a)
    #9 0x159cea2a5 in WebCoreTestSupport::resetInternalsObject(OpaqueJSContext const*)+0xf5 (libWebCoreTestSupport.dylib:x86_64+0x39c2a5)
    #10 0x158469d18 in WTR::InjectedBundlePage::resetAfterTest()+0x48 (WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle:x86_64+0x59d18)
    #11 0x158459767 in WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundlePage const*, OpaqueWKString const*, void const*)+0x6d7 (WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle:x86_64+0x49767)
    #12 0x15845908b in WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundle const*, OpaqueWKBundlePage const*, OpaqueWKString const*, void const*, void const*)+0xb (WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle:x86_64+0x4908b)
    #13 0x10a9c2bf7 in WebKit::InjectedBundleClient::didReceiveMessageToPage(WebKit::InjectedBundle&, WebKit::WebPage&, WTF::String const&, API::Object*)+0x157 (WebKit.framework/Versions/A/WebKit:x86_64+0x222abf7)
    #14 0x10a9c1245 in WebKit::InjectedBundle::didReceiveMessageToPage(WebKit::WebPage*, WTF::String const&, API::Object*)+0x65 (WebKit.framework/Versions/A/WebKit:x86_64+0x2229245)
    #15 0x10ae67b95 in WebKit::WebPage::postInjectedBundleMessage(WTF::String const&, WebKit::UserData const&)+0x115 (WebKit.framework/Versions/A/WebKit:x86_64+0x26cfb95)
    #16 0x10af5798e in void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>)+0x7e (WebKit.framework/Versions/A/WebKit:x86_64+0x27bf98e)
    #17 0x10af578f8 in void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<WTF::String, WebKit::UserData>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&))+0x28 (WebKit.framework/Versions/A/WebKit:x86_64+0x27bf8f8)
    #18 0x10af01e7d in void IPC::handleMessage<Messages::WebPage::PostInjectedBundleMessage, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&))+0x10d (WebKit.framework/Versions/A/WebKit:x86_64+0x2769e7d)
    #19 0x10aef3bdc in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)+0x16dc (WebKit.framework/Versions/A/WebKit:x86_64+0x275bbdc)
    #20 0x10ae7bd3c in WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)+0xfc (WebKit.framework/Versions/A/WebKit:x86_64+0x26e3d3c)
    #21 0x108d7cc55 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)+0x2a5 (WebKit.framework/Versions/A/WebKit:x86_64+0x5e4c55)
    #22 0x10a6e9e55 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)+0x25 (WebKit.framework/Versions/A/WebKit:x86_64+0x1f51e55)
    #23 0x1088404f8 in IPC::Connection::dispatchMessage(IPC::Decoder&)+0x238 (WebKit.framework/Versions/A/WebKit:x86_64+0xa84f8)
    #24 0x108840f6f in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)+0x2df (WebKit.framework/Versions/A/WebKit:x86_64+0xa8f6f)
    #25 0x108841ae3 in IPC::Connection::dispatchOneIncomingMessage()+0x193 (WebKit.framework/Versions/A/WebKit:x86_64+0xa9ae3)
    #26 0x10885ff75 in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9::operator()()+0x35 (WebKit.framework/Versions/A/WebKit:x86_64+0xc7f75)
    #27 0x10885fedc in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9, void>::call()+0xc (WebKit.framework/Versions/A/WebKit:x86_64+0xc7edc)
    #28 0x1388617fe in WTF::Function<void ()>::operator()() const+0x3e (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x397fe)
    #29 0x1388fc3a8 in WTF::RunLoop::performWork()+0x228 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xd43a8)

previously allocated by thread T0 here:
    #0 0x116bb584d in wrap__Znwm+0x7d (/Volumes/Xcode12B5025c_m19A603010_m20D40_m20A2353_i18D42_FastSim_Boost_43GB/Xcode.app/Contents/Developer/Toolchains/OSX11.2.xctoolchain/usr/lib/clang/12.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5584d)
    #1 0x11dc78ebf in webrtc::PeerConnectionFactoryProxyWithInternal<webrtc::PeerConnectionFactoryInterface>::Create(rtc::Thread*, webrtc::PeerConnectionFactoryInterface*)+0xff (WebCore.framework/Versions/A/WebCore:x86_64+0x52d0ebf)
    #2 0x11dc78d2f in WebCore::LibWebRTCProvider::setPeerConnectionFactory(rtc::scoped_refptr<webrtc::PeerConnectionFactoryInterface>&&)+0xff (WebCore.framework/Versions/A/WebCore:x86_64+0x52d0d2f)
    #3 0x159ca62a1 in WebCore::useMockRTCPeerConnectionFactory(WebCore::LibWebRTCProvider*, WTF::String const&)+0xf1 (libWebCoreTestSupport.dylib:x86_64+0x3582a1)
    #4 0x15995a7c1 in WebCore::Internals::useMockRTCPeerConnectionFactory(WTF::String const&)+0x51 (libWebCoreTestSupport.dylib:x86_64+0xc7c1)
    #5 0x159b08245 in WebCore::jsInternalsPrototypeFunction_useMockRTCPeerConnectionFactoryBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSInternals*)+0x1b5 (libWebCoreTestSupport.dylib:x86_64+0x1ba245)
    #6 0x159b07feb in long long WebCore::IDLOperation<WebCore::JSInternals>::call<&(WebCore::jsInternalsPrototypeFunction_useMockRTCPeerConnectionFactoryBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSInternals*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)+0xfb (libWebCoreTestSupport.dylib:x86_64+0x1b9feb)
    #7 0x159a8c058 in WebCore::jsInternalsPrototypeFunction_useMockRTCPeerConnectionFactory(JSC::JSGlobalObject*, JSC::CallFrame*)+0x8 (libWebCoreTestSupport.dylib:x86_64+0x13e058)
    #8 0x5781f5a011d7  (<unknown module>)
    #9 0x13947b0fa in llint_entry+0x1ad52 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xc530fa)
    #10 0x1394601a8 in vmEntryToJavaScript+0xd7 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xc381a8)
    #11 0x13aca376a in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)+0x756a (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x247b76a)
    #12 0x13b43311e in JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0x21e (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2c0b11e)
    #13 0x13b4333d7 in JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0xe7 (JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2c0b3d7)
    #14 0x11bb55a49 in WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0xd9 (WebCore.framework/Versions/A/WebCore:x86_64+0x31ada49)
    #15 0x11bb55259 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)+0x2e9 (WebCore.framework/Versions/A/WebCore:x86_64+0x31ad259)
    #16 0x11bb54e4d in WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)+0xed (WebCore.framework/Versions/A/WebCore:x86_64+0x31ace4d)
    #17 0x11bb55c4f in WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)+0x1f (WebCore.framework/Versions/A/WebCore:x86_64+0x31adc4f)
    #18 0x11c4891fc in WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)+0x3bc (WebCore.framework/Versions/A/WebCore:x86_64+0x3ae11fc)
    #19 0x11c485dce in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)+0xb0e (WebCore.framework/Versions/A/WebCore:x86_64+0x3adddce)
    #20 0x11cc092c6 in WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)+0x206 (WebCore.framework/Versions/A/WebCore:x86_64+0x42612c6)
    #21 0x11cc08f94 in WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&)+0x84 (WebCore.framework/Versions/A/WebCore:x86_64+0x4260f94)
    #22 0x11cbdf952 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()+0x3f2 (WebCore.framework/Versions/A/WebCore:x86_64+0x4237952)
    #23 0x11cbdffdd in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)+0x32d (WebCore.framework/Versions/A/WebCore:x86_64+0x4237fdd)
    #24 0x11cbdef8e in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)+0x17e (WebCore.framework/Versions/A/WebCore:x86_64+0x4236f8e)
    #25 0x11cbdeb08 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)+0x38 (WebCore.framework/Versions/A/WebCore:x86_64+0x4236b08)
    #26 0x11cbe0f29 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >&&)+0x2d9 (WebCore.framework/Versions/A/WebCore:x86_64+0x4238f29)
    #27 0x11c24175f in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)+0x14f (WebCore.framework/Versions/A/WebCore:x86_64+0x389975f)
    #28 0x11d16ebbb in WebCore::DocumentWriter::end()+0x14b (WebCore.framework/Versions/A/WebCore:x86_64+0x47c6bbb)
    #29 0x11d11e08c in WebCore::DocumentLoader::finishedLoading()+0x2dc (WebCore.framework/Versions/A/WebCore:x86_64+0x477608c)

<rdar://problem/74640194>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210304/bebaa3a7/attachment-0001.htm>

More information about the webkit-unassigned mailing list