189917 2018-09-24 08:47:52 -0700 ASSERT_NOT_REACHED in RawDataDocumentParser::insert on imported/w3c/web-platform-tests/html/webappapis/dynamic-markup-insertion/document-write/contentType.window.html 2023-10-11 05:57:52 -0700 1 1 1 Unclassified WebKit DOM WebKit Nightly Build Unspecified Unspecified NEW https://bugs.webkit.org/show_bug.cgi?id=25397 WPTImpact P2 Normal --- 189863 1 cdumez webkit-unassigned ahmad.saleem792 ap cdumez oldest_to_newest 1462703 0 cdumez 2018-09-24 08:47:52 -0700 html/webappapis/dynamic-markup-insertion/document-write/contentType.window.html crashes in debug: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] VM Regions Near 0xbbadbeef: --> __TEXT 0000000101890000-000000010197f000 [ 956K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: CRASHING TEST: http://localhost:8800/html/webappapis/dynamic-markup-insertion/document-write/contentType.window.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000102246c40 WTFCrash + 16 (Assertions.cpp:255) 1 com.apple.WebCore 0x000000010f72108b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x0000000111bd0883 WebCore::RawDataDocumentParser::insert(WebCore::SegmentedString&&) + 83 3 com.apple.WebCore 0x00000001116a8c00 WebCore::Document::write(WebCore::Document*, WebCore::SegmentedString&&) + 512 (Document.cpp:3032) 4 com.apple.WebCore 0x00000001116a8e1b WebCore::Document::write(WebCore::Document*, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul>&&) + 379 (Document.cpp:3043) 5 com.apple.WebCore 0x000000010ff5ffd2 WebCore::jsDocumentPrototypeFunctionWriteBody(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&) + 226 (JSDocument.cpp:4890) 6 com.apple.WebCore 0x000000010ff402f6 long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunctionWriteBody(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) + 742 (JSDOMOperation.h:53) 7 com.apple.WebCore 0x000000010ff3fffc WebCore::jsDocumentPrototypeFunctionWrite(JSC::ExecState*) + 28 (JSDocument.cpp:4896) 8 ??? 0x000001812b642177 0 + 1654290391415 9 com.apple.JavaScriptCore 0x00000001026ef416 llint_entry + 33885 (LowLevelInterpreter.asm:831) 10 com.apple.JavaScriptCore 0x00000001026ef86a llint_entry + 34993 (LowLevelInterpreter.asm:831) 11 com.apple.JavaScriptCore 0x00000001026ef86a llint_entry + 34993 (LowLevelInterpreter.asm:831) 12 com.apple.JavaScriptCore 0x00000001026e6d42 vmEntryToJavaScript + 273 (LowLevelInterpreter64.asm:258) 13 com.apple.JavaScriptCore 0x0000000103294e6a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 186 (JITCodeInlines.h:38) 14 com.apple.JavaScriptCore 0x00000001032954e8 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1416 (Interpreter.cpp:893) 15 com.apple.JavaScriptCore 0x0000000103541d8c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 236 (CallData.cpp:41) 16 com.apple.JavaScriptCore 0x0000000103541e69 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 201 (CallData.cpp:48) 17 com.apple.JavaScriptCore 0x000000010354215e JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 142 (CallData.cpp:69) 18 com.apple.WebCore 0x000000011117c80b WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (JSExecState.h:74) 19 com.apple.WebCore 0x00000001111c1fd3 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1939 (JSEventListener.cpp:172) 20 com.apple.WebCore 0x000000011178ae8c WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase) + 1020 (EventTarget.cpp:297) 21 com.apple.WebCore 0x0000000111786792 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 354 (EventTarget.cpp:237) 22 com.apple.WebCore 0x00000001117eafca WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 186 (Node.cpp:2378) 23 com.apple.WebCore 0x000000011176bcd3 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 195 (EventContext.cpp:55) 24 com.apple.WebCore 0x00000001117823c1 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 385 (EventDispatcher.cpp:101) 25 com.apple.WebCore 0x0000000111781e51 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 561 (EventDispatcher.cpp:157) 26 com.apple.WebCore 0x00000001117eb01d WebCore::Node::dispatchEvent(WebCore::Event&) + 29 (Node.cpp:2388) 27 com.apple.WebCore 0x000000011206f6c3 WebCore::DOMWindow::dispatchLoadEvent() + 483 (DOMWindow.cpp:2014) 28 com.apple.WebCore 0x00000001116a84f8 WebCore::Document::dispatchWindowLoadEvent() + 136 (Document.cpp:4405) 29 com.apple.WebCore 0x00000001116a0b83 WebCore::Document::implicitClose() + 547 (Document.cpp:2899) 30 com.apple.WebCore 0x0000000111efd78b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:958) 31 com.apple.WebCore 0x0000000111efd244 WebCore::FrameLoader::checkCompleted() + 532 (FrameLoader.cpp:900) 32 com.apple.WebCore 0x0000000111efb065 WebCore::FrameLoader::finishedParsing() + 293 (FrameLoader.cpp:789) 33 com.apple.WebCore 0x00000001116ba68f WebCore::Document::finishedParsing() + 623 (Document.cpp:5509) 34 com.apple.WebCore 0x0000000111bc7f19 WebCore::ImageDocument::finishedParsing() + 601 (ImageDocument.cpp:179) 35 com.apple.WebCore 0x0000000111bc80ad WebCore::ImageDocumentParser::finish() + 29 (ImageDocument.cpp:196) 36 com.apple.WebCore 0x0000000111edecda WebCore::DocumentWriter::end() + 394 (DocumentWriter.cpp:284) 37 com.apple.WebCore 0x0000000111e9ef8f WebCore::DocumentLoader::finishedLoading() + 479 (DocumentLoader.cpp:434) 38 com.apple.WebCore 0x0000000111e9ed29 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) + 505 (DocumentLoader.cpp:384) 39 com.apple.WebCore 0x0000000111e9f11c non-virtual thunk to WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) + 44 40 com.apple.WebCore 0x0000000111fee65f WebCore::CachedResource::checkNotify() + 127 (CachedResource.cpp:348) 41 com.apple.WebCore 0x0000000111fe9551 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:366) 42 com.apple.WebCore 0x0000000111fe90dd WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 333 (CachedRawResource.cpp:121) 43 com.apple.WebCore 0x0000000111f7178f WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 799 (SubresourceLoader.cpp:636) 44 com.apple.WebCore 0x0000000111f57095 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 85 (ResourceLoader.cpp:682) 45 com.apple.WebCore 0x00000001101fd884 -[WebCoreResourceHandleAsOperationQueueDelegate connectionDidFinishLoading:]::$_7::operator()() + 132 46 com.apple.WebCore 0x00000001101fd769 WTF::Function<void ()>::CallableWrapper<-[WebCoreResourceHandleAsOperationQueueDelegate connectionDidFinishLoading:]::$_7>::call() + 25 (Function.h:101) 47 com.apple.JavaScriptCore 0x000000010226de3d WTF::Function<void ()>::operator()() const + 173 (Function.h:56) 48 com.apple.JavaScriptCore 0x000000010229c576 WTF::dispatchFunctionsFromMainThread() + 358 (MainThread.cpp:129) 49 com.apple.JavaScriptCore 0x000000010229f3a5 -[JSWTFMainThreadCaller call] + 21 (MainThreadMac.mm:55) 50 com.apple.Foundation 0x00007fff7af9852a __NSThreadPerformPerform + 326 51 com.apple.CoreFoundation 0x00007fff795383e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 52 com.apple.CoreFoundation 0x00007fff7951965c __CFRunLoopDoSources0 + 556 53 com.apple.CoreFoundation 0x00007fff79518b46 __CFRunLoopRun + 934 54 com.apple.CoreFoundation 0x00007fff79518544 CFRunLoopRunSpecific + 420 55 DumpRenderTree 0x00000001018b2b7c runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 7212 (DumpRenderTree.mm:2048) 56 DumpRenderTree 0x00000001018b0eab runTestingServerLoop() + 379 (DumpRenderTree.mm:1191) 57 DumpRenderTree 0x00000001018b03c4 dumpRenderTree(int, char const**) + 1636 (DumpRenderTree.mm:1293) 58 DumpRenderTree 0x00000001018b35ef DumpRenderTreeMain(int, char const**) + 111 (DumpRenderTree.mm:1412) 59 DumpRenderTree 0x000000010193d0c2 main + 34 (DumpRenderTreeMain.mm:34) 60 libdyld.dylib 0x00007fff8f0e1235 start + 1 1462918 1 cdumez 2018-09-24 15:16:43 -0700 void insert(SegmentedString&&) override { // <https://bugs.webkit.org/show_bug.cgi?id=25397>: JS code can always call document.write, we need to handle it. ASSERT_NOT_REACHED(); } 1984272 2 ahmad.saleem792 2023-10-11 05:57:52 -0700 This test is skipped with reference to this bug: https://searchfox.org/wubkat/source/LayoutTests/TestExpectations#3437