[Webkit-unassigned] [Bug 270851] New: REGRESSION(275922 at main) fast/css/cssom-mutation-stylerule.html is a constant crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 12 06:32:21 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=270851

            Bug ID: 270851
           Summary: REGRESSION(275922 at main)
                    fast/css/cssom-mutation-stylerule.html is a constant
                    crash
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: vitaly at igalia.com

#0  0x00007f4c854a7a88 in WebCore::StyleSheetContents::setHasNestingRules() (this=0x0) at /home/vitaly/WebKit/Source/WebCore/css/StyleSheetContents.h:149
#1  0x00007f4c856eb6f3 in operator()() const (__closure=0x7fff02ff3e70) at /home/vitaly/WebKit/Source/WebCore/css/parser/CSSParserImpl.cpp:1359
#2  0x00007f4c856eff69 in WebCore::CSSParserImpl::runInNewNestingContext<WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange)::<lambda()> >(struct {...} &&) (this=0x7fff02ff3fa0, run=...) at /home/vitaly/WebKit/Source/WebCore/css/parser/CSSParserImpl.cpp:642
#3  0x00007f4c856eb9fa in WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange) (this=0x7fff02ff3fa0, prelude=..., block=...) at /home/vitaly/WebKit/Source/WebCore/css/parser/CSSParserImpl.cpp:1343
#4  0x00007f4c856e5582 in WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType) (this=0x7fff02ff3fa0, range=..., allowedRules=WebCore::CSSParserImpl::AllowImportRules) at /home/vitaly/WebKit/Source/WebCore/css/parser/CSSParserImpl.cpp:507
#5  0x00007f4c856e3d6a in WebCore::CSSParserImpl::parseRule(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParserImpl::AllowedRulesType, WebCore::CSSParserEnum::IsNestedContext) (string=..., context=..., styleSheet=0x0, allowedRules=WebCore::CSSParserImpl::AllowImportRules, isNestedContext=WebCore::CSSParserEnum::IsNestedContext::Yes) at /home/vitaly/WebKit/Source/WebCore/css/parser/CSSParserImpl.cpp:234
#6  0x00007f4c856df18a in WebCore::CSSParser::parseRule(WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WTF::String const&, WebCore::CSSParserEnum::IsNestedContext) (context=..., sheet=0x0, string=..., isNestedContext=WebCore::CSSParserEnum::IsNestedContext::Yes) at /home/vitaly/WebKit/Source/WebCore/css/parser/CSSParser.cpp:76
#7  0x00007f4c854dfdf0 in WebCore::CSSStyleRule::insertRule(WTF::String const&, unsigned int) (this=0x7f4c6325e880, ruleString=..., index=0) at /home/vitaly/WebKit/Source/WebCore/css/CSSStyleRule.cpp:239
#8  0x00007f4c82b40c54 in WebCore::jsCSSStyleRulePrototypeFunction_insertRuleBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::IDLOperation<WebCore::JSCSSStyleRule>::ClassParameter) (lexicalGlobalObject=0x7f4c1a01d088, callFrame=0x7fff02ff42d0, castedThis=0x7f4c63069348) at /home/vitaly/WebKit/WebKitBuild/WPE/Debug/WebCore/DerivedSources/JSCSSStyleRule.cpp:307
#9  0x00007f4c82b4e889 in WebCore::IDLOperation<WebCore::JSCSSStyleRule>::call<WebCore::jsCSSStyleRulePrototypeFunction_insertRuleBody>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=..., callFrame=..., operationName=0x7f4c8b747b96 "insertRule") at /home/vitaly/WebKit/Source/WebCore/bindings/js/JSDOMOperation.h:63
#10 0x00007f4c82b40d0a in WebCore::jsCSSStyleRulePrototypeFunction_insertRule(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7f4c1a01d088, callFrame=0x7fff02ff42d0) at /home/vitaly/WebKit/WebKitBuild/WPE/Debug/WebCore/DerivedSources/JSCSSStyleRule.cpp:312
#11 0x00007f4c22a0c038 in  ()
#12 0x00007fff02ff4350 in  ()
#13 0x00007f4c8881601b in op_call_ignore_result_return_location () at /home/vitaly/WebKit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1172
#14 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240312/0741983a/attachment.htm>

More information about the webkit-unassigned mailing list