[Webkit-unassigned] [Bug 238491] New: [WinCairo] REGRESSION(r291790) fast/editing/apply-relative-font-style-change-crash-004.html is crashing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 29 00:22:25 PDT 2022


https://bugs.webkit.org/show_bug.cgi?id=238491

            Bug ID: 238491
           Summary: [WinCairo] REGRESSION(r291790)
                    fast/editing/apply-relative-font-style-change-crash-00
                    4.html is crashing
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

Created attachment 456002

  --> https://bugs.webkit.org/attachment.cgi?id=456002&action=review

crash log

[WinCairo] REGRESSION(r291790) fast/editing/apply-relative-font-style-change-crash-004.html is crashing

Since r291790 (Bug 238247)

 # Child-SP          RetAddr           Call Site
00 000000fd`14837a38 00007ffa`4d59960a WebKit2!__chkstk(void)+0x37 [d:\a01\_work\12\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm @ 109]
01 000000fd`14837a50 00007ffa`4d5999df WebKit2!WebCore::Style::Resolver::applyMatchedProperties(class WebCore::Style::Resolver::State * state = 0x00007ffa`4d596f3e, struct WebCore::Style::MatchResult * matchResult = 0x000001fd`4de75aa0)+0x1a [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleResolver.cpp @ 575]
02 000000fd`14837a60 00007ffa`4d596f3e WebKit2!WebCore::Style::Resolver::applyMatchedProperties(class WebCore::Style::Resolver::State * state = 0x000000fd`1483ffb8, struct WebCore::Style::MatchResult * matchResult = 0x000000fd`148404a8)+0x3ef [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleResolver.cpp @ 628]
03 000000fd`1483ff80 00007ffa`4d619ff1 WebKit2!WebCore::Style::Resolver::styleForElement(class WebCore::Element * element = 0x000001fd`4cb9c050, struct WebCore::Style::ResolutionContext * context = 0x000000fd`14840838, WebCore::RuleMatchingBehavior matchingBehavior = MatchAllRules (0n0))+0x35e [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleResolver.cpp @ 269]
04 000000fd`148406b0 00007ffa`4d61ad0c WebKit2!WebCore::Style::TreeResolver::styleForStyleable(struct WebCore::Styleable * styleable = 0x000000fd`14840878, struct WebCore::Style::ResolutionContext * resolutionContext = 0x000000fd`14840838)+0x311 [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 148]
05 000000fd`14840800 00007ffa`4d61a73c WebKit2!WebCore::Style::TreeResolver::resolveElement(class WebCore::Element * element = 0x000001fd`4cb9c050)+0x13c [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 215]
06 000000fd`148409c0 00007ffa`4d619add WebKit2!WebCore::Style::TreeResolver::resolveComposedTree(void)+0x65c [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 720]
07 000000fd`14843340 00007ffa`4bde7797 WebKit2!WebCore::Style::TreeResolver::resolve(void)+0x3ad [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 819]
08 000000fd`14843490 00007ffa`4bde7d86 WebKit2!WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType type = Normal (0n0))+0x517 [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2095]
09 000000fd`14843b30 00007ffa`4bde8058 WebKit2!WebCore::Document::updateStyleIfNeeded(void)+0x226 [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2213]
0a 000000fd`14843bb0 00007ffa`4bde824f WebKit2!WebCore::Document::updateLayout(void)+0x1f8 [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2235]
0b 000000fd`14843cb0 00007ffa`4c0a6f52 WebKit2!WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks runPostLayoutTasks = Asynchronously (0n0))+0x5f [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2268]
0c 000000fd`14843cf0 00007ffa`4c0a85e9 WebKit2!WebCore::ApplyStyleCommand::nodeFullySelected(class WebCore::Element * element = 0x000001fd`4cb9c050, class WebCore::Position * start = 0x000000fd`14843db8, class WebCore::Position * end = 0x000000fd`14843de8)+0x42 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\ApplyStyleCommand.cpp @ 1177]
0d 000000fd`14843d90 00007ffa`4c0a48a7 WebKit2!WebCore::ApplyStyleCommand::applyRelativeFontStyleChange(class WebCore::EditingStyle * style = 0x000001fd`4cab7090)+0xa99 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\ApplyStyleCommand.cpp @ 399]
0e 000000fd`14844200 00007ffa`4c0973b7 WebKit2!WebCore::ApplyStyleCommand::doApply(void)+0x117 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\ApplyStyleCommand.cpp @ 214]
0f 000000fd`14844270 00007ffa`4c0f11fc WebKit2!WebCore::CompositeEditCommand::apply(void)+0x2c7 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\CompositeEditCommand.cpp @ 399]
10 000000fd`14844340 00007ffa`4c111195 WebKit2!WebCore::Editor::applyStyle(class WTF::RefPtr<WebCore::EditingStyle,WTF::RawPtrTraits<WebCore::EditingStyle>,WTF::DefaultRefDerefTraits<WebCore::EditingStyle> > * style = 0x000000fd`148444d0, WebCore::EditAction editingAction = Unspecified (0n0), WebCore::Editor::ColorFilterMode colorFilterMode = UseOriginalColor (0n1))+0x42c [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\Editor.cpp @ 981]
11 000000fd`148444b0 00007ffa`4c111324 WebKit2!WebCore::applyCommandToFrame(class WebCore::Frame * frame = 0x000001fd`4820a580, WebCore::EditorCommandSource source = CommandFromDOM (0n1), WebCore::EditAction action = ChangeAttributes (0n17), class WTF::Ref<WebCore::EditingStyle,WTF::RawPtrTraits<WebCore::EditingStyle> > * style = 0x000000fd`14844538)+0xb5 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 112]
12 000000fd`14844510 00007ffa`4c112b59 WebKit2!WebCore::executeApplyStyle(class WebCore::Frame * frame = 0x000001fd`4820a580, WebCore::EditorCommandSource source = CommandFromDOM (0n1), WebCore::EditAction action = ChangeAttributes (0n17), WebCore::CSSPropertyID propertyID = CSSPropertyWebkitFontSizeDelta (0n457), class WTF::String * propertyValue = 0x000000fd`14844828)+0x44 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 131]
13 000000fd`14844550 00007ffa`4c0f3093 WebKit2!WebCore::executeFontSizeDelta(class WebCore::Frame * frame = 0x000001fd`4820a580, class WebCore::Event * __formal = 0x00000000`00000000, WebCore::EditorCommandSource source = CommandFromDOM (0n1), class WTF::String * value = 0x000000fd`14844828)+0x39 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 402]
14 000000fd`14844590 00007ffa`4bdf74be WebKit2!WebCore::Editor::Command::execute(class WTF::String * parameter = 0x000000fd`14844828, class WebCore::Event * triggeringEvent = 0x00000000`00000000)+0xf3 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 1885]
15 000000fd`148445f0 00007ffa`49f0dd51 WebKit2!WebCore::Document::execCommand(class WTF::String * commandName = 0x000000fd`148447a8, bool userInterface = false, class WTF::String * value = 0x000000fd`14844828)+0x10e [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 5883]
16 000000fd`148446a0 00007ffa`49f1e143 WebKit2!WebCore::jsDocumentPrototypeFunction_execCommandBody(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001fd`4dc49d20, class JSC::CallFrame * callFrame = 0x000000fd`14844b70, class WebCore::JSDocument * castedThis = 0x000001fd`4ccaba60)+0x7c1 [C:\jenkins_slave\WinCairo-master\WebKitBuild\Debug\WebCore\DerivedSources\JSDocument.cpp @ 5959]
17 000000fd`148449c0 00007ffa`49eeecc5 WebKit2!WebCore::IDLOperation<WebCore::JSDocument>::call<&WebCore::jsDocumentPrototypeFunction_execCommandBody,0>(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001fd`4dc49d20, class JSC::CallFrame * callFrame = 0x000000fd`14844b70, char * operationName = 0x00007ffa`55044d38 "execCommand")+0x313 [C:\jenkins_slave\WinCairo-master\Source\WebCore\bindings\js\JSDOMOperation.h @ 63]
18 000000fd`14844b20 000001fd`000011be WebKit2!WebCore::jsDocumentPrototypeFunction_execCommand(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001fd`4dc49d20, class JSC::CallFrame * callFrame = 0x000000fd`14844b70)+0x25 [C:\jenkins_slave\WinCairo-master\WebKitBuild\Debug\WebCore\DerivedSources\JSDocument.cpp @ 5965]
19 000000fd`14844b50 000001fd`4dc49d20 0x000001fd`000011be
1a 000000fd`14844b58 000000fd`14844b70 0x000001fd`4dc49d20
1b 000000fd`14844b60 00000000`00000000 0x000000fd`14844b70

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220329/020ca524/attachment-0001.htm>


More information about the webkit-unassigned mailing list