[Webkit-unassigned] [Bug 272543] New: Crash in Style::commitRelations

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 11 12:25:49 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=272543

            Bug ID: 272543
           Summary: Crash in Style::commitRelations
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org

e.g.

hread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                          0x7ff90bcc3402     WTF::CompactPointerTuple<WebCore::RenderObject*, unsigned short>::setType(unsigned short) + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.5.Internal.sdk/usr/local/include/wtf/CompactPointerTuple.h:96) [inlined]
1   com.apple.WebCore                          0x7ff90bcc3402     WebCore::Node::setStyleBitfields(WebCore::Node::StyleBitfields) + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Node.h:708) [inlined]
2   com.apple.WebCore                          0x7ff90bcc3402     WebCore::Node::setStyleFlag(WebCore::Node::NodeStyleFlag) + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Node.h:864) [inlined]
3   com.apple.WebCore                          0x7ff90bcc3402     WebCore::Element::setStyleAffectedByEmpty() + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Element.h:441) [inlined]
4   com.apple.WebCore                          0x7ff90bcc3402     WebCore::Style::commitRelations(std::__1::unique_ptr<WTF::Vector<WebCore::Style::Relation, 8ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, std::__1::default_delete<WTF::Vector<WebCore::Style::Relation, 8ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>>>, WebCore::Style::Update&) + 98 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleRelations.cpp:94)
5   com.apple.WebCore                          0x7ff90bcdf4b4     WebCore::Style::TreeResolver::styleForStyleable(WebCore::Styleable const&, WebCore::Style::TreeResolver::ResolutionType, WebCore::Style::ResolutionContext const&) + 204 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:162) [inlined]
6   com.apple.WebCore                          0x7ff90bcdf4b4     WebCore::Style::TreeResolver::resolveElement(WebCore::Element&, WebCore::RenderStyle const*, WebCore::Style::TreeResolver::ResolutionType) + 460 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:247) [inlined]
7   com.apple.WebCore                          0x7ff90bcdf4b4     WebCore::Style::TreeResolver::resolveComposedTree() + 4052 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:943)
8   com.apple.WebCore                          0x7ff90bce4bb4     WebCore::Style::TreeResolver::resolve() + 548 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:1063)
9   com.apple.WebCore                          0x7ff90ae70b5e     WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 910 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2533)
10  com.apple.WebCore                          0x7ff9095fd0b0     WebCore::Document::updateStyleIfNeeded() + 176 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2662)
11  com.apple.WebCore                          0x7ff90ae6da90     WebCore::Document::updateLayout(WTF::OptionSet<WebCore::LayoutOptions>, WebCore::Element const*) + 176 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2706)
12  com.apple.WebCore                          0x7ff90aec07bc     WebCore::Document::updateLayoutIgnorePendingStylesheets(WTF::OptionSet<WebCore::LayoutOptions>, WebCore::Element const*) + 16 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2669) [inlined]
13  com.apple.WebCore                          0x7ff90aec07bc     WebCore::Element::boundingClientRect() + 44 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Element.cpp:1915)
14  com.apple.WebCore                          0x7ff909cce12c     WebCore::Element::getBoundingClientRect() + 4 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Element.cpp:1927) [inlined]
15  com.apple.WebCore                          0x7ff909cce12c     WebCore::jsElementPrototypeFunction_getBoundingClientRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*) + 32 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Binaries/WebCore/install/Symbols/BuiltProducts/DerivedSources/WebCore/JSElement.cpp:4125) [inlined]
16  com.apple.WebCore                          0x7ff909cce12c     long long WebCore::IDLOperation<WebCore::JSElement>::call<&WebCore::jsElementPrototypeFunction_getBoundingClientRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 74 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/bindings/js/JSDOMOperation.h:63) [inlined]
17  com.apple.WebCore                          0x7ff909cce12c     WebCore::jsElementPrototypeFunction_getBoundingClientRect(JSC::JSGlobalObject*, JSC::CallFrame*) + 92 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Binaries/WebCore/install/Symbols/BuiltProducts/DerivedSources/WebCore/JSElement.cpp:4130)
18                                             0x2b4d14e0c037

<rdar://126136602>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240411/b3902808/attachment.htm>

More information about the webkit-unassigned mailing list