[Webkit-unassigned] [Bug 250365] New: Nullptr crash in effectiveAssignedNodes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 10 00:15:31 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=250365

            Bug ID: 250365
           Summary: Nullptr crash in effectiveAssignedNodes
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
            Blocks: 148695

e.g.

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                                    0x8094adc90 WebCore::Node::parentNode() const + 112 (Node.h:858)
1   WebCore                                    0x80cb94548 std::__1::optional<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData> > WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7::operator()<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData> const>(WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData> const&) const + 56 (SlotAssignment.cpp:437)
2   WebCore                                    0x80cb94447 WTF::CompactMapper<WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, void>::compactMap(WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7 const&) + 119 (Vector.h:1848)
3   WebCore                                    0x80cb943c5 WTF::Vector<WTF::CompactMapper<WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, void>::DestinationItemType, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> WTF::compactMap<WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&>(WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7&&) + 69 (Vector.h:1879)
4   WebCore                                    0x80cb8f073 WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 51 (SlotAssignment.cpp:436)
5   WebCore                                    0x80cb8ede8 WebCore::ManualSlotAssignment::assignedNodesForSlot(WebCore::HTMLSlotElement const&, WebCore::ShadowRoot&) + 200 (SlotAssignment.cpp:449)
6   WebCore                                    0x80cb8f210 WebCore::ManualSlotAssignment::addSlotElementByName(WTF::AtomString const&, WebCore::HTMLSlotElement&, WebCore::ShadowRoot&) + 128 (SlotAssignment.cpp:470)
7   WebCore                                    0x80cb75121 WebCore::ShadowRoot::addSlotElementByName(WTF::AtomString const&, WebCore::HTMLSlotElement&) + 289 (ShadowRoot.cpp:276)
8   WebCore                                    0x80ceebb9d WebCore::HTMLSlotElement::insertedIntoAncestor(WebCore::Node::InsertionType, WebCore::ContainerNode&) + 285 (HTMLSlotElement.cpp:67)


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=148695
[Bug 148695] Implement v1 shadow DOM API
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230110/fe25e8bf/attachment.htm>

More information about the webkit-unassigned mailing list