184950 2018-04-24 19:21:51 -0700 Release assert in ScriptController::canExecuteScripts via CachedSVGFont::ensureCustomFontData during Document::updateStyleIfNeeded 2018-04-24 20:43:16 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa bfulgham cdumez dbates ddkilzer esprehn+autocc ews-watchlist japhet kangil.han koivisto webkit-bug-importer zalan oldest_to_newest 1417388 0 rniwa 2018-04-24 19:21:51 -0700 e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000002e0025651 WebCore::ScriptController::canExecuteScripts(WebCore::ReasonForCallingCanExecuteScripts) + 529 1 com.apple.WebCore 0x00000002e0ae15ba WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 346 2 com.apple.WebCore 0x00000002e0d108d1 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>) + 801 3 com.apple.WebCore 0x00000002e0d0d31d WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 525 4 com.apple.WebCore 0x00000002e0d0d0f8 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const + 104 5 com.apple.WebCore 0x00000002e0d0ddad WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 93 6 com.apple.WebCore 0x00000002e0d0da88 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 792 7 com.apple.WebCore 0x00000002e007021f WebCore::Node::dispatchBeforeLoadEvent(WTF::String const&) + 127 8 com.apple.WebCore 0x00000002e00c57e6 WebCore::ImageLoader::dispatchPendingBeforeLoadEvent() + 118 9 com.apple.WebCore 0x00000002e00c962d WebCore::ImageLoader::dispatchPendingEvent(WebCore::EventSender<WebCore::ImageLoader>*) + 45 10 com.apple.WebCore 0x00000002e005f107 WebCore::EventSender<WebCore::ImageLoader>::dispatchPendingEvents() + 151 11 com.apple.WebCore 0x00000002e15057df WebCore::XMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >&&) + 127 12 com.apple.WebCore 0x00000002e0138a3b WebCore::Document::setContent(WTF::String const&) + 59 13 com.apple.WebCore 0x00000002e0fea0bc WebCore::CachedSVGFont::ensureCustomFontData(WTF::AtomicString const&) + 364 14 com.apple.WebCore 0x00000002e0bdbfd6 WebCore::CSSFontFaceSource::fontLoaded(WebCore::CachedFont&) + 86 15 com.apple.WebCore 0x00000002e0bdbad7 WebCore::CSSFontFaceSource::CSSFontFaceSource(WebCore::CSSFontFace&, WTF::String const&, WebCore::CachedFont*, WebCore::SVGFontFaceElement*, WTF::RefPtr<JSC::ArrayBufferView, WTF::DumbPtrTraits<JSC::ArrayBufferView> >&&) + 183 16 com.apple.WebCore 0x00000002e0bd2b68 WebCore::CSSFontFace::appendSources(WebCore::CSSFontFace&, WebCore::CSSValueList&, WebCore::Document*, bool) + 376 17 com.apple.WebCore 0x00000002e0bdd5d3 WebCore::CSSFontSelector::addFontFaceRule(WebCore::StyleRuleFontFace&, bool) + 899 18 com.apple.WebCore 0x00000002e0c2a498 WebCore::RuleSet::addChildRules(WTF::Vector<WTF::RefPtr<WebCore::StyleRuleBase, WTF::DumbPtrTraits<WebCore::StyleRuleBase> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::MediaQueryEvaluator const&, WebCore::StyleResolver*, bool) + 392 19 com.apple.WebCore 0x00000002e0c2a5c1 WebCore::RuleSet::addRulesFromSheet(WebCore::StyleSheetContents&, WebCore::MediaQueryEvaluator const&, WebCore::StyleResolver*) + 145 20 com.apple.WebCore 0x00000002e0c0db81 WebCore::DocumentRuleSets::appendAuthorStyleSheets(WTF::Vector<WTF::RefPtr<WebCore::CSSStyleSheet, WTF::DumbPtrTraits<WebCore::CSSStyleSheet> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::MediaQueryEvaluator*, WebCore::InspectorCSSOMWrappers&, WebCore::StyleResolver*) + 97 21 com.apple.WebCore 0x00000002e0c3a58f WebCore::StyleResolver::appendAuthorStyleSheets(WTF::Vector<WTF::RefPtr<WebCore::CSSStyleSheet, WTF::DumbPtrTraits<WebCore::CSSStyleSheet> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 31 22 com.apple.WebCore 0x00000002e13ef0d0 WebCore::Style::Scope::updateStyleResolver(WTF::Vector<WTF::RefPtr<WebCore::CSSStyleSheet, WTF::DumbPtrTraits<WebCore::CSSStyleSheet> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::Style::Scope::StyleResolverUpdateType) + 208 23 com.apple.WebCore 0x00000002e13eecb8 WebCore::Style::Scope::updateActiveStyleSheets(WebCore::Style::Scope::UpdateType) + 1320 24 com.apple.WebCore 0x00000002e003012e WebCore::Document::updateStyleIfNeeded() + 126 25 com.apple.WebCore 0x00000002e000d590 WebCore::ThreadTimers::sharedTimerFiredInternal() + 176 26 com.apple.WebCore 0x00000002e000d4cf WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 27 com.apple.CoreFoundation 0x00007fff27de5064 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 28 com.apple.CoreFoundation 0x00007fff27de4cd7 __CFRunLoopDoTimer + 1095 29 com.apple.CoreFoundation 0x00007fff27de47da __CFRunLoopDoTimers + 346 30 com.apple.CoreFoundation 0x00007fff27ddbdab __CFRunLoopRun + 2427 31 com.apple.CoreFoundation 0x00007fff27ddb1a3 CFRunLoopRunSpecific + 483 32 com.apple.HIToolbox 0x00007fff270c3d96 RunCurrentEventLoopInMode + 286 33 com.apple.HIToolbox 0x00007fff270c3b06 ReceiveNextEventCommon + 613 34 com.apple.HIToolbox 0x00007fff270c3884 _BlockUntilNextEventMatchingListInModeWithFilter + 64 35 com.apple.AppKit 0x00007fff25376a73 _DPSNextEvent + 2085 36 com.apple.AppKit 0x00007fff25b0ce34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 37 com.apple.AppKit 0x00007fff2536b885 -[NSApplication run] + 764 38 com.apple.AppKit 0x00007fff2533aa72 NSApplicationMain + 804 39 libxpc.dylib 0x00007fff5042cf57 _xpc_objc_main + 580 40 libxpc.dylib 0x00007fff5042bbaa xpc_main + 417 <rdar://problem/39578592> 1417393 1 338697 rniwa 2018-04-24 19:34:03 -0700 Created attachment 338697 Fixes the crash 1417412 2 rniwa 2018-04-24 20:42:08 -0700 Committed r230983: <https://trac.webkit.org/changeset/230983> 1417413 3 webkit-bug-importer 2018-04-24 20:43:16 -0700 <rdar://problem/39709331> 338697 2018-04-24 19:34:03 -0700 2018-04-24 19:35:25 -0700 Fixes the crash bug-184950-20180424193402.patch text/plain 3176 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIzMDk3OSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI2IEBACisyMDE4LTA0LTI0ICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIFJlbGVhc2UgYXNzZXJ0IGluIFNj cmlwdENvbnRyb2xsZXI6OmNhbkV4ZWN1dGVTY3JpcHRzIHZpYSBDYWNoZWRTVkdGb250OjplbnN1 cmVDdXN0b21Gb250RGF0YSBkdXJpbmcKKyAgICAgICAgRG9jdW1lbnQ6OnVwZGF0ZVN0eWxlSWZO ZWVkZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE4 NDk1MAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIENv bnZlcnQgYW4gZXhpc3RpbmcgU2NyaXB0RGlzYWxsb3dlZFNjb3BlOjpFdmVudEFsbG93ZWRTY29w ZSB3aGljaCBvbmx5IGRpc2FibGVzIHRoZSBkZWJ1ZyBhc3NlcnRpb25zCisgICAgICAgIGJ5IFNj cmlwdERpc2FsbG93ZWRTY29wZTo6RGlzYWJsZUFzc2VydGlvbnNJblNjb3BlIHdoaWNoIGFsc28g ZGlzYWJsZXMgdGhlIHJlbGVhc2UgYXNzZXJ0aW9uLgorCisgICAgICAgIEJlY2F1c2UgU1ZHIGZv bnQgaXMgbG9hZGVkIGluIGEgZG9jdW1lbnQgaXNvbGF0ZWQgZnJvbSB0aGUgcmVzdCBvZiB0aGUg cGFnZSAobV9leHRlcm5hbFNWR0RvY3VtZW50KSwKKyAgICAgICAgdGhlcmUgaXMgbm8gc2VjdXJp dHkgaW1wbGljYXRpb24gdG8gZXhlY3V0ZSBzY3JpcHRzIGluIHRoaXMgaXNvbGF0ZWQgZG9jdW1l bnQuCisKKyAgICAgICAgVW5mb3J0dW5hdGVseSwgbm8gbmV3IHRlc3RzLiBJIGNvdWxkIG5ldmVy IG1ha2UgQ2FjaGVkU1ZHRm9udDo6ZW5zdXJlQ3VzdG9tRm9udERhdGEgdG8gZ2V0IGNhbGxlZCBp bnNpZGUKKyAgICAgICAgc3R5bGUgcmVzb2x1dGlvbiB3aXRoIG1fZXh0ZXJuYWxTVkdEb2N1bWVu dCBzZXQgdG8gbnVsbHB0ciBhZnRlciBtYW55IGF0dGVtcHRzLiBFdmVuIEV2ZW50QWxsb3dlZFNj b3BlCisgICAgICAgIEkgYWRkZWQgMTMgbW9udGhzIGFnbyBpbiByMjExOTY1LCB3aGljaCB0aGlz IHBhdGNoIHJlcGxhY2VzIGJ5IERpc2FibGVBc3NlcnRpb25zSW5TY29wZSwgaXMgbm90IHV0aWxp emVkCisgICAgICAgIGJ5IHRoZSBleGlzdGluZyBsYXlvdXQgdGVzdHMgc2luY2UgcmVtb3Zpbmcg dGhlIGFzc2VydGlvbiBkb2Vzbid0IGNhdXNlIGFueSBsYXlvdXQgdGVzdCB0byBoaXQgYW4gYXNz ZXJ0aW9uLgorCisgICAgICAgICogZG9tL1NjcmlwdERpc2FsbG93ZWRTY29wZS5oOiBVcGRhdGVk IHRoZSBjb21tZW50LgorICAgICAgICAqIGxvYWRlci9jYWNoZS9DYWNoZWRTVkdGb250LmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OkNhY2hlZFNWR0ZvbnQ6OmVuc3VyZUN1c3RvbUZvbnREYXRhKTog UmVwbGFjZWQgdGhlIGFzc3NlcnRpb24uCisKIDIwMTgtMDQtMjQgIFNpbW9uIEZyYXNlciAgPHNp bW9uLmZyYXNlckBhcHBsZS5jb20+CiAKICAgICAgICAgdmlzaXRlZERlcGVuZGVudENvbG9yKCkg c2hvdWxkIHRha2UgYSBDU1NQcm9wZXJ0eUlECkluZGV4OiBTb3VyY2UvV2ViQ29yZS9kb20vU2Ny aXB0RGlzYWxsb3dlZFNjb3BlLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvZG9tL1Nj cmlwdERpc2FsbG93ZWRTY29wZS5oCShyZXZpc2lvbiAyMzA5NDIpCisrKyBTb3VyY2UvV2ViQ29y ZS9kb20vU2NyaXB0RGlzYWxsb3dlZFNjb3BlLmgJKHdvcmtpbmcgY29weSkKQEAgLTEyOSw3ICsx MjksOCBAQCBwdWJsaWM6CiAgICAgfTsKICNlbmRpZgogCi0gICAgLy8gRklYTUU6IFJlbW92ZSB0 aGlzIGNsYXNzIG9uY2UgdGhlIHN5bmMgbGF5b3V0IGluc2lkZSBTVkdJbWFnZTo6ZHJhdyBpcyBy ZW1vdmVkCisgICAgLy8gRklYTUU6IFJlbW92ZSB0aGlzIGNsYXNzIG9uY2UgdGhlIHN5bmMgbGF5 b3V0IGluc2lkZSBTVkdJbWFnZTo6ZHJhdyBpcyByZW1vdmVkLAorICAgIC8vIENhY2hlZFNWR0Zv bnQ6OmVuc3VyZUN1c3RvbUZvbnREYXRhIG5vIGxvbmdlciBzeW5jaHJvbm91c2x5IGNyZWF0ZXMg YSBkb2N1bWVudCBkdXJpbmcgc3R5bGUgcmVzb2x1dGlvbiwKICAgICAvLyBhbmQgcmVmYWN0b3Jl ZCB0aGUgY29kZSBpbiBSZW5kZXJGcmFtZUJhc2U6OnBlcmZvcm1MYXlvdXRXaXRoRmxhdHRlbmlu Zy4KICAgICBjbGFzcyBEaXNhYmxlQXNzZXJ0aW9uc0luU2NvcGUgewogICAgIHB1YmxpYzoKSW5k ZXg6IFNvdXJjZS9XZWJDb3JlL2xvYWRlci9jYWNoZS9DYWNoZWRTVkdGb250LmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9sb2FkZXIvY2FjaGUvQ2FjaGVkU1ZHRm9udC5jcHAJKHJl dmlzaW9uIDIzMDk0MikKKysrIFNvdXJjZS9XZWJDb3JlL2xvYWRlci9jYWNoZS9DYWNoZWRTVkdG b250LmNwcAkod29ya2luZyBjb3B5KQpAQCAtNzUsNyArNzUsNyBAQCBib29sIENhY2hlZFNWR0Zv bnQ6OmVuc3VyZUN1c3RvbUZvbnREYXRhCiAgICAgICAgICAgICBtX2V4dGVybmFsU1ZHRG9jdW1l bnQgPSBTVkdEb2N1bWVudDo6Y3JlYXRlKG51bGxwdHIsIFVSTCgpKTsKICAgICAgICAgICAgIGF1 dG8gZGVjb2RlciA9IFRleHRSZXNvdXJjZURlY29kZXI6OmNyZWF0ZSgiYXBwbGljYXRpb24veG1s Iik7CiAKLSAgICAgICAgICAgIFNjcmlwdERpc2FsbG93ZWRTY29wZTo6RXZlbnRBbGxvd2VkU2Nv cGUgYWxsb3dlZFNjb3BlKCptX2V4dGVybmFsU1ZHRG9jdW1lbnQpOworICAgICAgICAgICAgU2Ny aXB0RGlzYWxsb3dlZFNjb3BlOjpEaXNhYmxlQXNzZXJ0aW9uc0luU2NvcGUgZGlzYWJsZWRTY29w ZTsKIAogICAgICAgICAgICAgbV9leHRlcm5hbFNWR0RvY3VtZW50LT5zZXRDb250ZW50KGRlY29k ZXItPmRlY29kZUFuZEZsdXNoKG1fZGF0YS0+ZGF0YSgpLCBtX2RhdGEtPnNpemUoKSkpOwogICAg ICAgICAgICAgc2F3RXJyb3IgPSBkZWNvZGVyLT5zYXdFcnJvcigpOwo=