224992 2021-04-23 13:51:17 -0700 Crash in constructCustomElementSynchronously 2021-04-23 16:46:03 -0700 1 1 1 Unclassified WebKit DOM WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa cdumez ddkilzer ggaren tzagallo wenson_hsieh oldest_to_newest 1753709 0 rniwa 2021-04-23 13:51:17 -0700 e.g. Thread 0 Crashed: 0 JavaScriptCore 0x00000001af960020 JSC::construct(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::ArgList const&, JSC::JSValue) + 20 (JSGlobalObject.h:1041) 1 WebCore 0x00000001b342a918 WebCore::JSCustomElementInterface::tryToConstructCustomElement(WebCore::Document&, WTF::AtomString const&) + 512 (ConstructData.h:45) 2 WebCore 0x00000001b342a518 WebCore::JSCustomElementInterface::constructElementWithFallback(WebCore::Document&, WTF::AtomString const&) + 48 (JSCustomElementInterface.cpp:62) 3 WebCore 0x00000001b3afc954 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 2372 (HTMLDocumentParser.cpp:233) 4 WebCore 0x00000001b3afd008 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString&&) + 196 (HTMLDocumentParser.cpp:196) 5 WebCore 0x00000001b36e857c WebCore::Document::write(WebCore::Document*, WebCore::SegmentedString&&) + 220 (Document.cpp:3308) 6 WebCore 0x00000001b36e8708 WebCore::Document::write(WebCore::Document*, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 324 (Document.cpp:3321) 7 WebCore 0x00000001b29b5d00 WebCore::jsDocumentPrototypeFunction_write(JSC::JSGlobalObject*, JSC::CallFrame*) + 176 (JSDocument.cpp:5826) 8 ??? 0x0000000e8df14c04 0 + 62510943236 <rdar://66988026> 1753713 1 426940 rniwa 2021-04-23 14:03:40 -0700 Created attachment 426940 Fixes the bug 1753725 2 426940 tzagallo 2021-04-23 14:19:52 -0700 Comment on attachment 426940 Fixes the bug r=me 1753796 3 426940 rniwa 2021-04-23 16:46:01 -0700 Comment on attachment 426940 Fixes the bug Clearing flags on attachment: 426940 Committed r276530 (236982@main): <https://commits.webkit.org/236982@main> 1753797 4 rniwa 2021-04-23 16:46:03 -0700 All reviewed patches have been landed. Closing bug. 426940 2021-04-23 14:03:40 -0700 2021-04-23 16:46:01 -0700 Fixes the bug fix224992.patch text/plain 2032 rniwa ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBjYTk0MWRiZTI1ZjEuLjNjZDMwNTc1ODMxMiAxMDA2NDQKLS0tIGEvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAt MSwzICsxLDE4IEBACisyMDIxLTA0LTIzICBSeW9zdWtlIE5pd2EgIDxybml3YUB3ZWJraXQub3Jn PgorCisgICAgICAgIENyYXNoIGluIGNvbnN0cnVjdEN1c3RvbUVsZW1lbnRTeW5jaHJvbm91c2x5 CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMjQ5OTIK KyAgICAgICAgPHJkYXI6Ly82Njk4ODAyNj4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBFeGl0IGVhcmx5IHdoZW4gdGhlIGdsb2JhbCBvYmplY3QgaXMg bnVsbHB0ciBhbHRob3VnaCB0aGlzIHNob3VsZG4ndCBoYXBwZW4uCisKKyAgICAgICAgTm8gbmV3 IHRlc3RzIHNpbmNlIHdlIGhhdmUgbm8gcmVwcm9kdWN0aW9ucy4KKworICAgICAgICAqIGJpbmRp bmdzL2pzL0pTQ3VzdG9tRWxlbWVudEludGVyZmFjZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpK U0N1c3RvbUVsZW1lbnRJbnRlcmZhY2U6OnRyeVRvQ29uc3RydWN0Q3VzdG9tRWxlbWVudCk6IEFk ZGVkIGEgbnVsbCBjaGVjay4KKwogMjAyMS0wNC0yMiAgQ29tbWl0IFF1ZXVlICA8Y29tbWl0LXF1 ZXVlQHdlYmtpdC5vcmc+CiAKICAgICAgICAgVW5yZXZpZXdlZCwgcmV2ZXJ0aW5nIHIyNzE2NDQu CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0N1c3RvbUVsZW1lbnRJ bnRlcmZhY2UuY3BwIGIvU291cmNlL1dlYkNvcmUvYmluZGluZ3MvanMvSlNDdXN0b21FbGVtZW50 SW50ZXJmYWNlLmNwcAppbmRleCAzMmQ4OGIxODZhZWYuLmE5OGE5NzcwN2M2NCAxMDA2NDQKLS0t IGEvU291cmNlL1dlYkNvcmUvYmluZGluZ3MvanMvSlNDdXN0b21FbGVtZW50SW50ZXJmYWNlLmNw cAorKysgYi9Tb3VyY2UvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0N1c3RvbUVsZW1lbnRJbnRlcmZh Y2UuY3BwCkBAIC05OSwxMyArOTksMTYgQEAgUmVmUHRyPEVsZW1lbnQ+IEpTQ3VzdG9tRWxlbWVu dEludGVyZmFjZTo6dHJ5VG9Db25zdHJ1Y3RDdXN0b21FbGVtZW50KERvY3VtZW50JgogICAgICAg ICByZXR1cm4gbnVsbHB0cjsKIAogICAgIEFTU0VSVCgmZG9jdW1lbnQgPT0gc2NyaXB0RXhlY3V0 aW9uQ29udGV4dCgpKTsKLSAgICBhdXRvJiBsZXhpY2FsR2xvYmFsT2JqZWN0ID0gKmRvY3VtZW50 Lmdsb2JhbE9iamVjdCgpOwotICAgIGF1dG8gZWxlbWVudCA9IGNvbnN0cnVjdEN1c3RvbUVsZW1l bnRTeW5jaHJvbm91c2x5KGRvY3VtZW50LCB2bSwgbGV4aWNhbEdsb2JhbE9iamVjdCwgbV9jb25z dHJ1Y3Rvci5nZXQoKSwgbG9jYWxOYW1lKTsKKyAgICBhdXRvKiBsZXhpY2FsR2xvYmFsT2JqZWN0 ID0gZG9jdW1lbnQuZ2xvYmFsT2JqZWN0KCk7CisgICAgQVNTRVJUKGxleGljYWxHbG9iYWxPYmpl Y3QpOworICAgIGlmICghbGV4aWNhbEdsb2JhbE9iamVjdCkKKyAgICAgICAgcmV0dXJuIG51bGxw dHI7CisgICAgYXV0byBlbGVtZW50ID0gY29uc3RydWN0Q3VzdG9tRWxlbWVudFN5bmNocm9ub3Vz bHkoZG9jdW1lbnQsIHZtLCAqbGV4aWNhbEdsb2JhbE9iamVjdCwgbV9jb25zdHJ1Y3Rvci5nZXQo KSwgbG9jYWxOYW1lKTsKICAgICBFWENFUFRJT05fQVNTRVJUKCEhc2NvcGUuZXhjZXB0aW9uKCkg PT0gIWVsZW1lbnQpOwogICAgIGlmICghZWxlbWVudCkgewogICAgICAgICBhdXRvKiBleGNlcHRp b24gPSBzY29wZS5leGNlcHRpb24oKTsKICAgICAgICAgc2NvcGUuY2xlYXJFeGNlcHRpb24oKTsK LSAgICAgICAgcmVwb3J0RXhjZXB0aW9uKCZsZXhpY2FsR2xvYmFsT2JqZWN0LCBleGNlcHRpb24p OworICAgICAgICByZXBvcnRFeGNlcHRpb24obGV4aWNhbEdsb2JhbE9iamVjdCwgZXhjZXB0aW9u KTsKICAgICAgICAgcmV0dXJuIG51bGxwdHI7CiAgICAgfQogCg==