[Webkit-unassigned] [Bug 267686] New: [Windows] WebCore::MicrotaskQueue::append Crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 18 03:41:46 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=267686
Bug ID: 267686
Summary: [Windows] WebCore::MicrotaskQueue::append Crash
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Windows 10
Status: NEW
Severity: Normal
Priority: P2
Component: Platform
Assignee: webkit-unassigned at lists.webkit.org
Reporter: max at schmitt.mx
Created attachment 469440
--> https://bugs.webkit.org/attachment.cgi?id=469440&action=review
test.html
When navigating to the html file attached (with the JS attached) WebKit is crashing. Make sure to serve the HTML file from a http server (e.g. npx http-server .) otherwise the JS won't load.
Stack:
```
ntdll.dll!00007ffa605abe8d()
ntdll.dll!00007ffa605aab11()
ucrtbase.dll!00007ffa5d8c37eb()
[Inline Frame] WebCore.dll!WTF::FastMalloc::free(void * p) Line 272
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\FastMalloc.h(272)
[Inline Frame] WebCore.dll!WTF::VectorBufferBase<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,WTF::FastMalloc>::deallocateBuffer(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> * bufferToDeallocate) Line 361
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(361)
[Inline Frame] WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::reserveCapacity(unsigned __int64 newCapacity) Line 1375
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(1375)
[Inline Frame] WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::expandCapacity(unsigned __int64 newMinCapacity) Line 1211
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(1211)
WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::expandCapacity<0>(unsigned __int64 newMinCapacity, std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> * ptr) Line 1236
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(1236)
[Inline Frame] WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::appendSlowCase(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> && value) Line 1522
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(1522)
[Inline Frame] WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::append(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> && value) Line 1497
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(1497)
[Inline Frame] WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::append(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> && u) Line 866
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(866)
[Inline Frame] WebCore.dll!WTF::Vector<std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::append(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> && value) Line 866
at C:\Users\maxschmitt\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h(866)
WebCore.dll!WebCore::MicrotaskQueue::append(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> && task) Line 48
at C:\Users\maxschmitt\webkit\Source\WebCore\dom\Microtasks.cpp(48)
[Inline Frame] WebCore.dll!WebCore::EventLoop::queueMicrotask(std::unique_ptr<WebCore::EventLoopTask,std::default_delete<WebCore::EventLoopTask>> && microtask) Line 247
at C:\Users\maxschmitt\webkit\Source\WebCore\dom\EventLoop.cpp(247)
WebCore.dll!WebCore::EventLoopTaskGroup::queueMicrotask(WTF::Function<void ()> && function) Line 484
at C:\Users\maxschmitt\webkit\Source\WebCore\dom\EventLoop.cpp(484)
WebCore.dll!WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject & object, WTF::Ref<JSC::Microtask,WTF::RawPtrTraits<JSC::Microtask>> && task) Line 249
at C:\Users\maxschmitt\webkit\Source\WebCore\bindings\js\JSDOMWindowBase.cpp(249)
[Inline Frame] JavaScriptCore.dll!JSC::JSGlobalObject::queueMicrotask(WTF::Ref<JSC::Microtask,WTF::RawPtrTraits<JSC::Microtask>> && task) Line 3100
at C:\Users\maxschmitt\webkit\Source\JavaScriptCore\runtime\JSGlobalObject.cpp(3100)
JavaScriptCore.dll!JSC::JSGlobalObject::queueMicrotask(JSC::JSValue job, JSC::JSValue argument0, JSC::JSValue argument1, JSC::JSValue argument2, JSC::JSValue argument3) Line 3109
at C:\Users\maxschmitt\webkit\Source\JavaScriptCore\runtime\JSGlobalObject.cpp(3109)
JavaScriptCore.dll!JSC::enqueueJob(JSC::JSGlobalObject * globalObject, JSC::CallFrame * callFrame) Line 676
at C:\Users\maxschmitt\webkit\Source\JavaScriptCore\runtime\JSGlobalObject.cpp(676)
[External Code]
JavaScriptCore.dll!JSC::NumericStrings::addJSString(JSC::VM & vm, int i) Line 505
at C:\Users\maxschmitt\webkit\Source\JavaScriptCore\runtime\NumberPrototype.cpp(505)
[External Code]
```
Downstream code: https://github.com/microsoft/playwright/issues/29025
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240118/3228a9ba/attachment.htm>
More information about the webkit-unassigned
mailing list