180619 2017-12-08 21:01:01 -0800 iOS: Crash in Document::updateLayout() via Document::processViewport 2017-12-09 17:59:54 -0800 1 1 1 Unclassified WebKit Layout and Rendering WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa bfulgham commit-queue darin dino koivisto simon.fraser zalan oldest_to_newest 1379933 0 rniwa 2017-12-08 21:01:01 -0800 When the viewport configuration is updated via meta element, the modern media controls can end up updating the layout and cause a crash. This is a real bug since updateLayout can execute arbitrary author scripts. 1379934 1 rniwa 2017-12-08 21:01:25 -0800 <rdar://problem/35717575> 1379947 2 328904 rniwa 2017-12-08 21:47:38 -0800 Created attachment 328904 Fixes the crash 1379960 3 328904 commit-queue 2017-12-09 02:41:35 -0800 Comment on attachment 328904 Fixes the crash Clearing flags on attachment: 328904 Committed r225723: <https://trac.webkit.org/changeset/225723> 1379961 4 commit-queue 2017-12-09 02:41:37 -0800 All reviewed patches have been landed. Closing bug. 1379973 5 simon.fraser 2017-12-09 10:08:05 -0800 Can we stop calling these crashes please. 1380017 6 rniwa 2017-12-09 15:13:24 -0800 (In reply to Simon Fraser (smfr) from comment #5) > Can we stop calling these crashes please. These are crashes. If we don't crash it here, it would later down the line as a security bug. 1380026 7 328904 darin 2017-12-09 16:28:22 -0800 Comment on attachment 328904 Fixes the crash View in context: https://bugs.webkit.org/attachment.cgi?id=328904&action=review > Source/WebCore/html/HTMLMetaElement.h:43 > + void didFinishInsertingNode(); This is missing the "final" keyword. I guess this is a downside of us using "final" instead of "override", because I think we would have gotten a warning about this if we were using "override" on any other function in this class. 328904 2017-12-08 21:47:38 -0800 2017-12-09 02:41:35 -0800 Fixes the crash bug-180619-20171208214737.patch text/plain 4935 rniwa U3VidmVyc2lvbiBSZXZpc2lvbjogMjI1NjQyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggODQ4NDAxMGQ5YzE2YjI5 YjNhODgwMDI2NjE3NzcwODYxMTE1NmRjYi4uZjBmZTJkNWRiMmQ3YzY4NjAxZThhZmUzMzM2YTZj YjI2MTkxOGI3YiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI2IEBACisyMDE3LTEyLTA4ICBSeW9z dWtlIE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIGlPUzogQ3Jhc2ggaW4gRG9j dW1lbnQ6OnVwZGF0ZUxheW91dCgpIHZpYSBEb2N1bWVudDo6cHJvY2Vzc1ZpZXdwb3J0CisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODA2MTkKKyAgICAg ICAgPHJkYXI6Ly9wcm9ibGVtLzM1NzE3NTc1PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFRoZSBjcmFzaCBpcyBjYXVzZWQgYnkgbW9kZXJuIG1lZGlh IGNvbnRyb2xzIHVwZGF0aW5nIHRoZSBsYXlvdXQgaW4gdGhlIG1pZGRsZSBvZiBpbnNlcnRlZElu dG9BbmNlc3RvcgorICAgICAgICB2aWEgSFRNTE1lZGlhRWxlbWVudDo6c2V0Q29udHJvbGxlckpT UHJvcGVydHkgaW5zaWRlIERvY3VtZW50OjpwYWdlU2NhbGVGYWN0b3JDaGFuZ2VkQW5kU3RhYmxl LgorCisgICAgICAgIEZpeGVkIHRoZSBjcmFzaCBieSBkZWxheWluZyB0aGUgd29yayB0byB1cGRh dGUgdGhlIHZpZXdwb3J0IGNvbmZpZ3VyYXRpb24gdW50aWwgZGlkRmluaXNoSW5zZXJ0aW5nTm9k ZQorICAgICAgICBzaW5jZSB1cGRhdGluZyB0aGUgdmlld3BvcnQgY29uZmlndXJhdGlvbiByZXN1 bHRzIGluIGEgbG90IG9mIHJlbGF0ZWQgY29kZSBydW5uaW5nIGluIHJlc3BvbnNlLAorICAgICAg ICBhbmQgbWFraW5nIHN1cmUgYWxsIHRoYXQgY29kZSBuZXZlciB0cmllcyB0byBleGVjdXRlIGFu IGF1dGhvciBzY3JpcHQgaXMgbm90IGF0dGFpbmFibGUgaW4gdGhlIHNob3J0IHRlcm0sCisgICAg ICAgIGFuZCBhIG1haW50ZW5hbmNlIG5pZ2h0bWFyZSBpbiB0aGUgbG9uZyB0ZXJtLgorCisgICAg ICAgIFRlc3Q6IG1lZGlhL2lvcy92aWV3cG9ydC1jaGFuZ2Utd2l0aC12aWRlby5odG1sCisKKyAg ICAgICAgKiBodG1sL0hUTUxNZXRhRWxlbWVudC5jcHA6CisgICAgICAgIChXZWJDb3JlOjpIVE1M TWV0YUVsZW1lbnQ6Omluc2VydGVkSW50b0FuY2VzdG9yKToKKyAgICAgICAgKFdlYkNvcmU6OkhU TUxNZXRhRWxlbWVudDo6ZGlkRmluaXNoSW5zZXJ0aW5nTm9kZSk6IEFkZGVkLgorICAgICAgICAq IGh0bWwvSFRNTE1ldGFFbGVtZW50Lmg6CisKIDIwMTctMTItMDcgIEplciBOb2JsZSAgPGplci5u b2JsZUBhcHBsZS5jb20+CiAKICAgICAgICAgW0VNRV0gU3VwcG9ydCB0aGUgJ2VuY3J5cHRlZCcg ZXZlbnQgZm9yIEZQUyBlbmNyeXB0ZWQgc3RyZWFtcwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNv cmUvaHRtbC9IVE1MTWV0YUVsZW1lbnQuY3BwIGIvU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MTWV0 YUVsZW1lbnQuY3BwCmluZGV4IDMxMDZkYzM0ZGU4NzM4OWVhNDJlYmQ4MzM3ZjE5ZmQ0ZThjNzk5 MTUuLjU3ZmM5NTEyYmMyMWZmMTdmMzkzNzNjNmMxZWFhZWViMjdjYmMzMmIgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9XZWJDb3JlL2h0bWwvSFRNTE1ldGFFbGVtZW50LmNwcAorKysgYi9Tb3VyY2UvV2Vi Q29yZS9odG1sL0hUTUxNZXRhRWxlbWVudC5jcHAKQEAgLTY0LDEwICs2NCwxNSBAQCBOb2RlOjpJ bnNlcnRlZEludG9BbmNlc3RvclJlc3VsdCBIVE1MTWV0YUVsZW1lbnQ6Omluc2VydGVkSW50b0Fu Y2VzdG9yKEluc2VydGlvbgogewogICAgIEhUTUxFbGVtZW50OjppbnNlcnRlZEludG9BbmNlc3Rv cihpbnNlcnRpb25UeXBlLCBwYXJlbnRPZkluc2VydGVkVHJlZSk7CiAgICAgaWYgKGluc2VydGlv blR5cGUuY29ubmVjdGVkVG9Eb2N1bWVudCkKLSAgICAgICAgcHJvY2VzcygpOworICAgICAgICBy ZXR1cm4gSW5zZXJ0ZWRJbnRvQW5jZXN0b3JSZXN1bHQ6Ok5lZWRzUG9zdEluc2VydGlvbkNhbGxi YWNrOwogICAgIHJldHVybiBJbnNlcnRlZEludG9BbmNlc3RvclJlc3VsdDo6RG9uZTsKIH0KIAor dm9pZCBIVE1MTWV0YUVsZW1lbnQ6OmRpZEZpbmlzaEluc2VydGluZ05vZGUoKQoreworICAgIHBy b2Nlc3MoKTsKK30KKwogdm9pZCBIVE1MTWV0YUVsZW1lbnQ6OnByb2Nlc3MoKQogewogICAgIC8v IENoYW5naW5nIGEgbWV0YSB0YWcgd2hpbGUgaXQncyBub3QgaW4gdGhlIHRyZWUgc2hvdWxkbid0 IGhhdmUgYW55IGVmZmVjdCBvbiB0aGUgZG9jdW1lbnQuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi Q29yZS9odG1sL0hUTUxNZXRhRWxlbWVudC5oIGIvU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MTWV0 YUVsZW1lbnQuaAppbmRleCA0MDg2ZTU0NmY5M2Y2ZGRiMWU4MGI2YTkzNmIxNGJkOWI4NGY5YmI3 Li5jOGFkYzVjMTY2NTk2N2MzYTA2MTBhMzNhMzYzOWU5NzVkYTU4NjA5IDEwMDY0NAotLS0gYS9T b3VyY2UvV2ViQ29yZS9odG1sL0hUTUxNZXRhRWxlbWVudC5oCisrKyBiL1NvdXJjZS9XZWJDb3Jl L2h0bWwvSFRNTE1ldGFFbGVtZW50LmgKQEAgLTQwLDYgKzQwLDcgQEAgcHJpdmF0ZToKIAogICAg IHZvaWQgcGFyc2VBdHRyaWJ1dGUoY29uc3QgUXVhbGlmaWVkTmFtZSYsIGNvbnN0IEF0b21pY1N0 cmluZyYpIGZpbmFsOwogICAgIEluc2VydGVkSW50b0FuY2VzdG9yUmVzdWx0IGluc2VydGVkSW50 b0FuY2VzdG9yKEluc2VydGlvblR5cGUsIENvbnRhaW5lck5vZGUmKSBmaW5hbDsKKyAgICB2b2lk IGRpZEZpbmlzaEluc2VydGluZ05vZGUoKTsKIAogICAgIHZvaWQgcHJvY2VzcygpOwogfTsKZGlm ZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwpp bmRleCA4YjcyN2VjOTdkODQ5YmJhNDg4NzVjNTRiNzdmYjJjYzQ3ODczNzY3Li43ZDIzOWYzZTAw OTViNWM5NzE3NGI1M2Y1MjgxYWFhMTEyNTU5YjhmIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9D aGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTYgQEAKKzIw MTctMTItMDggIFJ5b3N1a2UgTml3YSAgPHJuaXdhQHdlYmtpdC5vcmc+CisKKyAgICAgICAgaU9T OiBDcmFzaCBpbiBEb2N1bWVudDo6dXBkYXRlTGF5b3V0KCkgdmlhIERvY3VtZW50Ojpwcm9jZXNz Vmlld3BvcnQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE4MDYxOQorICAgICAgICA8cmRhcjovL3Byb2JsZW0vMzU3MTc1NzU+CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQWRkZWQgYSByZWdyZXNzaW9uIHRl c3QgZm9yIHRoZSBjcmFzaC4KKworICAgICAgICAqIG1lZGlhL2lvcy92aWV3cG9ydC1jaGFuZ2Ut d2l0aC12aWRlby1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIG1lZGlhL2lvcy92aWV3 cG9ydC1jaGFuZ2Utd2l0aC12aWRlby5odG1sOiBBZGRlZC4KKwogMjAxNy0xMi0wNyAgSmVyIE5v YmxlICA8amVyLm5vYmxlQGFwcGxlLmNvbT4KIAogICAgICAgICBbRU1FXSBTdXBwb3J0IHRoZSAn ZW5jcnlwdGVkJyBldmVudCBmb3IgRlBTIGVuY3J5cHRlZCBzdHJlYW1zCmRpZmYgLS1naXQgYS9M YXlvdXRUZXN0cy9tZWRpYS9pb3Mvdmlld3BvcnQtY2hhbmdlLXdpdGgtdmlkZW8tZXhwZWN0ZWQu dHh0IGIvTGF5b3V0VGVzdHMvbWVkaWEvaW9zL3ZpZXdwb3J0LWNoYW5nZS13aXRoLXZpZGVvLWV4 cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwLi42YjI3M2FkZGM0YjRjMDZiM2JmM2ExNTA1MDIxZjMyZDdk MTM4NmU2Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvbWVkaWEvaW9zL3ZpZXdwb3J0 LWNoYW5nZS13aXRoLXZpZGVvLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDQgQEAKK1RoaXMgdGVz dHMgY2hhbmdpbmcgdGhlIHZpZXdwb3J0IGFmdGVyIGEgdmlkZW8gZWxlbWVudC4gV2ViS2l0IHNo b3VsZCBub3QgY3Jhc2guCisKKworUEFTUy4gV2ViS2l0IGRpZG4ndCBjcmFzaApkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvbWVkaWEvaW9zL3ZpZXdwb3J0LWNoYW5nZS13aXRoLXZpZGVvLmh0bWwg Yi9MYXlvdXRUZXN0cy9tZWRpYS9pb3Mvdmlld3BvcnQtY2hhbmdlLXdpdGgtdmlkZW8uaHRtbApu ZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwLi5hNmNiZTFkYjMyZjU1MDVhZGJiYTMyZGIyNWVlY2Y1MzZjNjRjMGFkCi0tLSAv ZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvbWVkaWEvaW9zL3ZpZXdwb3J0LWNoYW5nZS13aXRo LXZpZGVvLmh0bWwKQEAgLTAsMCArMSwxMyBAQAorPCFET0NUWVBFIGh0bWw+PCEtLSB3ZWJraXQt dGVzdC1ydW5uZXIgWyBtb2Rlcm5NZWRpYUNvbnRyb2xzPXRydWUgdXNlRmxleGlibGVWaWV3cG9y dD10cnVlIF0gLS0+Cis8aHRtbD4KKzxib2R5PgorPHA+VGhpcyB0ZXN0cyBjaGFuZ2luZyB0aGUg dmlld3BvcnQgYWZ0ZXIgYSB2aWRlbyBlbGVtZW50LiBXZWJLaXQgc2hvdWxkIG5vdCBjcmFzaC48 L3A+Cis8dmlkZW8gc3JjPSJ0ZXN0Lm1wNCIgY29udHJvbHM+PC92aWRlbz4KKzxtZXRhIG5hbWU9 InZpZXdwb3J0IiBjb250ZW50PSJpbml0aWFsLXNjYWxlPTEsIG1heGltdW0tc2NhbGU9MSI+Cis8 c2NyaXB0PgoraWYgKHdpbmRvdy5pbnRlcm5hbHMpCisgICAgdGVzdFJ1bm5lci5kdW1wQXNUZXh0 KCk7Citkb2N1bWVudC53cml0ZSgiPGRpdj5QQVNTLiBXZWJLaXQgZGlkbid0IGNyYXNoPC9kaXY+ Iik7Cis8L3NjcmlwdD4KKzwvYm9keT4KKzwvaHRtbD4K