[Webkit-unassigned] [Bug 270548] New: WebContent crash in WebCore::Quirks::triggerOptionalStorageAccessQuirk()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 5 16:02:58 PST 2024 

https://bugs.webkit.org/show_bug.cgi?id=270548

            Bug ID: 270548
           Summary: WebContent crash in
                    WebCore::Quirks::triggerOptionalStorageAccessQuirk()
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Mac (Apple Silicon)
                OS: macOS 13
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: opendarwin at lapcatsoftware.com

Safari Technology Preview 189 (Safari 17.4, WebKit 18619.1.3.2) on macOS 13.6.4 (22G513)

The crash does not occur with Safari 17.3.1 (18617.2.4.11.12, 18617)

Steps to reproduce:
1) Open https://gizmodo.com/x-twitter-ceo-shares-ad-tweets-criticize-elon-musk-1850862068
2) On the video right below the article title, open the contextual menu and select Show Controls
3) Hover over the volume control (which is muted)
4) Click inside the volume slider

Below is the crashed thread. I can also provide full crash logs if necessary. This crash is reproducible every time.

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                                    0x116cc0614 WebCore::Quirks::triggerOptionalStorageAccessQuirk(WebCore::Element&, WebCore::PlatformMouseEvent const&, WTF::AtomString const&, int, WebCore::Element*, bool, WebCore::IsSyntheticClick) const + 4076
1   WebCore                                    0x116cc0598 WebCore::Quirks::triggerOptionalStorageAccessQuirk(WebCore::Element&, WebCore::PlatformMouseEvent const&, WTF::AtomString const&, int, WebCore::Element*, bool, WebCore::IsSyntheticClick) const + 3952
2   WebCore                                    0x1164deca0 WebCore::Element::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomString const&, int, WebCore::Element*, WebCore::IsSyntheticClick) + 1280
3   WebCore                                    0x116c079e8 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomString const&, WebCore::Node*, int, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) + 180
4   WebCore                                    0x114ce7ea4 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 2860
5   WebKit                                     0x10491acd4 WebKit::WebFrame::handleMouseEvent(WebKit::WebMouseEvent const&) + 672
6   WebKit                                     0x104a7dac0 WebKit::WebPage::mouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>>, WebKit::WebMouseEvent const&, std::__1::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>>&&, WTF::CompletionHandler<void (std::__1::optional<WebKit::WebEventType>, bool, std::__1::optional<WebCore::RemoteUserInputEventData>)>&&) + 552
7   WebKit                                     0x104a9cf20 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 12392
8   WebKit                                     0x104b85e60 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 256
9   WebKit                                     0x1047183c0 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 40
10  WebKit                                     0x104b8179c IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 600
11  WebKit                                     0x104b83fcc WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_12, void>::call() + 148
12  JavaScriptCore                             0x10a2a5bec WTF::RunLoop::performWork() + 200
13  JavaScriptCore                             0x10a2a6b14 WTF::RunLoop::performWork(void*) + 36
14  CoreFoundation                             0x1894525ac __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
15  CoreFoundation                             0x189452540 __CFRunLoopDoSource0 + 176
16  CoreFoundation                             0x1894522b0 __CFRunLoopDoSources0 + 244
17  CoreFoundation                             0x189450eb8 __CFRunLoopRun + 828
18  CoreFoundation                             0x189450428 CFRunLoopRunSpecific + 612
19  Foundation                                 0x18a3c9f7c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
20  Foundation                                 0x18a442c7c -[NSRunLoop(NSRunLoop) run] + 64
21  libxpc.dylib                               0x1890c2594 _xpc_objc_main + 860
22  libxpc.dylib                               0x1890c1eb4 xpc_main + 108
23  WebKit                                     0x104223b80 WebKit::XPCServiceMain(int, char const**) + 68
24  dyld                                       0x18901bf28 start + 2236

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240306/7b82d6e2/attachment.htm>

More information about the webkit-unassigned mailing list