<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - WebContent crash due to checked unsigned overflow in WebCore: WebCore::RenderLayerCompositor::requiresCompositingLayer const + 1104"
href="https://bugs.webkit.org/show_bug.cgi?id=164702">164702</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>WebContent crash due to checked unsigned overflow in WebCore: WebCore::RenderLayerCompositor::requiresCompositingLayer const + 1104
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Safari 10
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Keywords</th>
<td>InRadar
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Layout and Rendering
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ddkilzer@webkit.org
</td>
</tr>
<tr>
<th>CC</th>
<td>bfulgham@webkit.org, simon.fraser@apple.com, zalan@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x0000000188bb4798
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [0]
Triggered by Thread: 0
Filtered syslog:
None found
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 WebCore 0x0000000188bb4798 WTF::CrashOnOverflow::crash() + 0 (CheckedArithmetic.h:85)
1 WebCore 0x0000000188bb4798 WTF::CrashOnOverflow::overflowed() + 12 (CheckedArithmetic.h:78)
2 WebCore 0x0000000188c531f4 WTF::Checked<unsigned int, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) + 16 (CheckedArithmetic.h:462)
3 WebCore 0x0000000188c531e4 WTF::Checked<unsigned int, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) + 12 (CheckedArithmetic.h:461)
4 WebCore 0x00000001896143a4 WebCore::RenderLayerCompositor::requiresCompositingLayer(WebCore::RenderLayer const&, WebCore::RenderLayer::ViewportConstrainedNotCompositedReason*) const + 1104 (CheckedArithmetic.h:745)
5 WebCore 0x0000000189612d3c WebCore::RenderLayerCompositor::updateBacking(WebCore::RenderLayer&, WebCore::RenderLayerCompositor::CompositingChangeRepaint, WebCore::RenderLayerCompositor::BackingRequired) + 188 (RenderLayerCompositor.cpp:2161)
6 WebCore 0x0000000189612c04 WebCore::RenderLayerCompositor::updateLayerCompositingState(WebCore::RenderLayer&, WebCore::RenderLayerCompositor::CompositingChangeRepaint) + 24 (RenderLayerCompositor.cpp:1100)
7 WebCore 0x0000000188b71d70 WebCore::RenderLayer::contentChanged(WebCore::ContentChangeType) + 84 (RenderLayer.cpp:424)
8 WebCore 0x0000000188b95968 WebCore::HTMLCanvasElement::reset() + 904 (HTMLCanvasElement.cpp:368)
9 WebCore 0x0000000188b955c4 WebCore::HTMLCanvasElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 76 (HTMLCanvasElement.cpp:130)
10 WebCore 0x0000000188e6d7a8 WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 888 (Element.cpp:1276)
11 WebCore 0x0000000188a163f4 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 820 (Element.cpp:3229)
12 WebCore 0x0000000188f88afc WebCore::HTMLCanvasElement::setHeight(unsigned int) + 60 (HTMLCanvasElement.cpp:164)
13 WebCore 0x00000001892387f4 WebCore::setJSHTMLCanvasElementHeight(JSC::ExecState*, long long, long long) + 340 (JSHTMLCanvasElement.cpp:206)
14 ??? 0x00000001088ec0e4 0 + 4438540516
15 ??? 0x0000000108967ff4 0 + 4439048180
16 JavaScriptCore 0x00000001885af3b8 vmEntryToJavaScript + 264
17 JavaScriptCore 0x0000000188481b04 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 168 (JITCode.cpp:80)
18 JavaScriptCore 0x0000000187ed2984 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 352 (Interpreter.cpp:1018)
19 JavaScriptCore 0x0000000188145b9c JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 164 (CallData.cpp:40)
20 WebCore 0x0000000188b51350 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 992 (JSMainThreadExecState.h:75)
21 WebCore 0x0000000188e8629c WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 620 (EventTarget.cpp:291)
22 WebCore 0x0000000188e85f4c WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 328 (EventTarget.cpp:235)
23 WebCore 0x0000000188e3c930 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 280 (DOMWindow.cpp:1920)
24 WebCore 0x0000000188b28e5c WebCore::DocumentEventQueue::pendingEventTimerFired() + 216 (DocumentEventQueue.cpp:150)
25 WebCore 0x0000000188a14d2c WebCore::ThreadTimers::sharedTimerFiredInternal() + 148 (ThreadTimers.cpp:121)
26 WebCore 0x0000000188a14c84 WebCore::timerFired(__CFRunLoopTimer*, void*) + 28 (MainThreadSharedTimerCF.cpp:74)
27 CoreFoundation 0x0000000183e911d8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 (CFRunLoop.c:1810)
28 CoreFoundation 0x0000000183e90eec __CFRunLoopDoTimer + 872 (CFRunLoop.c:2349)
29 CoreFoundation 0x0000000183e907a8 __CFRunLoopDoTimers + 244 (CFRunLoop.c:2488)
30 CoreFoundation 0x0000000183e8e3a4 __CFRunLoopRun + 1572 (CFRunLoop.c:2973)
31 CoreFoundation 0x0000000183dbc2b8 CFRunLoopRunSpecific + 444 (CFRunLoop.c:3113)
32 Foundation 0x00000001848f926c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:367)
33 Foundation 0x000000018494daa0 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:389)
34 libxpc.dylib 0x0000000182fbfc4c _xpc_objc_main + 660 (main.m:186)
35 libxpc.dylib 0x0000000182fc1944 xpc_main + 200 (init.c:1447)
36 com.apple.WebKit.WebContent 0x00000001000d35bc main + 376 (XPCServiceMain.mm:130)
37 libdyld.dylib 0x0000000182d9d5b8 start + 4</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>