[Webkit-unassigned] [Bug 270477] New: REGRESSION (274876 at main?): [ iOS Debug ] accessibility/text-marker/text-marker-range-stale-node-crash.html is a constant crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 4 13:20:42 PST 2024 

https://bugs.webkit.org/show_bug.cgi?id=270477

            Bug ID: 270477
           Summary: REGRESSION (274876 at main?): [ iOS Debug ]
                    accessibility/text-marker/text-marker-range-stale-node
                    -crash.html is a constant crash
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: j_stfleur at apple.com

Description:
accessibility/text-marker/text-marker-range-stale-node-crash.html 

Is a constant crash on iOS Debug.


History:
https://results.webkit.org/?suite=layout-tests&test=accessibility%2Ftext-marker%2Ftext-marker-range-stale-node-crash.html

Diff/Image Diff/Crash Log:
stderr:
ASSERTION FAILED: !deletionHasBegun()
/Volumes/Data/worker/Apple-iOS-17-Simulator-Debug-Build/build/Source/WebCore/dom/Node.h(821) : void WebCore::Node::ref() const
1   0x10f77e7b8 WTFCrash
2   0x2cb7ed140 WebCore::BaseAudioContext::currentSampleFrame() const
3   0x2cb801fac WebCore::Node::ref() const
4   0x2c951c234 WTF::DefaultRefDerefTraits<WebCore::Node>::refIfNotNull(WebCore::Node*)
5   0x2c951c1f0 WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node>>::RefPtr(WebCore::Node*)
6   0x2c951c124 WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node>>::RefPtr(WebCore::Node*)
7   0x2cb9e6bb8 WebCore::AXObjectCache::characterOffsetForTextMarkerData(WebCore::TextMarkerData&)
8   0x2c94aaa84 -[WebAccessibilityTextMarker characterOffset]
9   0x2c94ba54c -[WebAccessibilityObjectWrapper rangeForTextMarkers:]
10  0x2c94ba8e8 -[WebAccessibilityObjectWrapper textMarkerRangeForMarkers:]
11  0x13accc7dc WTR::AccessibilityUIElement::textMarkerRangeForMarkers(WTR::AccessibilityTextMarker*, WTR::AccessibilityTextMarker*)
12  0x13ad120b8 WTR::JSAccessibilityUIElement::textMarkerRangeForMarkers(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**)
13  0x1100a4884 long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*)
14  0x11009cf44 JSC::callJSCallbackFunction(JSC::JSGlobalObject*, JSC::CallFrame*)
15  0x2900103b0 14  ???                                 0x00000002900103b0 0x0 + 11005920176
16  0x111e7bc64 llint_entry
17  0x111e55eb4 vmEntryToJavaScript
18  0x110fb2314 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
19  0x111278a9c JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
20  0x111278be8 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
21  0x2cbd39254 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
22  0x2cbd38d2c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
23  0x2cbd38b60 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
24  0x2cbd39510 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
25  0x2cc79467c WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
26  0x2cc792410 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&)
27  0x2ccdb5968 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)
28  0x2ccdb5798 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&)
29  0x2ccd77e64 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
30  0x2ccd78370 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
31  0x2ccd776e4 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
com.apple.WebKit.WebContent.Development terminated (pid 2919) for reason: crash
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240304/28d65632/attachment-0001.htm>

More information about the webkit-unassigned mailing list