252302 2023-02-15 00:32:47 -0800 ASSERT_NOT_REACHED in ImageOverlay updateSubtree() 2024-08-31 19:18:15 -0700 1 1 1 Unclassified WebKit Platform WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar, Regression P2 Normal --- 235598 1 jean-yves.avenard wenson_hsieh webkit-bug-importer wenson_hsieh oldest_to_newest 1933752 0 jean-yves.avenard 2023-02-15 00:32:47 -0800 STR: In a debug build, Create a video element, don't have the controls showing. Right click on the video element to show the control menu. Result: Assertion ASSERT_NOT_REACHED in updateSubTree https://searchfox.org/wubkat/rev/6312ca8a662145d355274780bbf68b6ce735d8e8/Source/WebCore/dom/ImageOverlay.cpp#266 ``` (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x00000001300a8aa0 JavaScriptCore`::WTFCrash() at Assertions.cpp:327:35 frame #1: 0x00000001460f48d4 WebCore`WTFCrashWithInfo((null)=266, (null)="/Users/jyavenard/Work/webkit/OpenSource/Source/WebCore/dom/ImageOverlay.cpp", (null)="auto WebCore::ImageOverlay::updateSubtree(WebCore::HTMLElement &, const WebCore::TextRecognitionResult &)::(anonymous class)::operator()() const", (null)=2340) at Assertions.h:758:5 * frame #2: 0x000000014932dee4 WebCore`WebCore::ImageOverlay::updateSubtree(this=0x000000016fa9d660)::$_11::operator()() const at ImageOverlay.cpp:266:13 frame #3: 0x00000001493290d4 WebCore`WebCore::ImageOverlay::updateSubtree(element=0x000000013b004720, result=0x000000016fa9dda0) at ImageOverlay.cpp:258:30 frame #4: 0x0000000149327ef0 WebCore`WebCore::ImageOverlay::updateWithTextRecognitionResult(element=0x000000013b004720, result=0x000000016fa9dda0, cacheTextRecognitionResults=Yes) at ImageOverlay.cpp:494:21 frame #5: 0x00000001165691e8 WebKit`auto WebKit::WebPage::requestTextRecognition(this=0x00000001030d8428, result=0x000000016fa9dda0)>&&)::$_26::operator()<WebCore::TextRecognitionResult>(WebCore::TextRecognitionResult&&) const at WebPage.cpp:8036:9 frame #6: 0x00000001165690f0 WebKit`decltype(__f=0x00000001030d8428, __args=0x000000016fa9dda0)>&&)::$_26>()(std::declval<WebCore::TextRecognitionResult>())) std::__1::__invoke[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, WebCore::TextRecognitionResult>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, WebCore::TextRecognitionResult&&) at invoke.h:394:23 frame #7: 0x00000001165690c0 WebKit`decltype(__f=0x00000001030d8428, __t=size=1, (null)=__tuple_indices<0UL> @ 0x000000016fa9dd3f) std::__1::__apply_tuple_impl[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, std::__1::tuple<WebCore::TextRecognitionResult>, 0ul>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, std::__1::tuple<WebCore::TextRecognitionResult>&&, std::__1::__tuple_indices<0ul>) at tuple:1789:1 frame #8: 0x0000000116568a88 WebKit`decltype(__f=0x00000001030d8428, __t=size=1) std::__1::apply[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, std::__1::tuple<WebCore::TextRecognitionResult> >(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, std::__1::tuple<WebCore::TextRecognitionResult>&&) at tuple:1798:1 frame #9: 0x00000001165688f4 WebKit`void IPC::Connection::callReply<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(decoder=0x0000000103064180, completionHandler=0x00000001030d8428)>&&)::$_26&&) at Connection.h:704:13 frame #10: 0x0000000116568884 WebKit`IPC::Connection::AsyncReplyHandler IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(this=0x00000001030d8428, decoder=0x0000000103064180)>&&)::$_26&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Decoder*)::operator()(IPC::Decoder*) at Connection.h:687:21 frame #11: 0x0000000116568794 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::AsyncReplyHandler IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(this=0x00000001030d8420, in=0x0000000103064180) at Function.h:53:39 frame #12: 0x000000011539b7cc WebKit`WTF::Function<void (IPC::Decoder*)>::operator(this=0x000000016fa9dea8, in=0x0000000103064180)(IPC::Decoder*) const at Function.h:82:35 frame #13: 0x00000001153848e0 WebKit`WTF::CompletionHandler<void (IPC::Decoder*)>::operator(this=0x000000016fa9df20, in=0x0000000103064180)(IPC::Decoder*) at CompletionHandler.h:75:16 frame #14: 0x0000000116a7b434 WebKit`IPC::Connection::dispatchMessage(this=0x000000010303c840, decoder=0x0000000103064180) at Connection.cpp:1179:9 frame #15: 0x0000000116a7ba3c WebKit`IPC::Connection::dispatchMessage(this=0x000000010303c840, message=IPC::Decoder @ 0x0000000103064180) at Connection.cpp:1245:9 frame #16: 0x0000000116a7bd78 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000010303c840) at Connection.cpp:1310:5 frame #17: 0x0000000116a99a54 WebKit`IPC::Connection::enqueueIncomingMessage(this=0x0000000103068348)::$_17::operator()() const at Connection.cpp:1159:28 frame #18: 0x0000000116a99994 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_17, void>::call(this=0x0000000103068340) at Function.h:53:39 frame #19: 0x00000001300d1128 JavaScriptCore`WTF::Function<void ()>::operator(this=0x000000016fa9e0c0)() const at Function.h:82:35 frame #20: 0x0000000130169850 JavaScriptCore`WTF::RunLoop::performWork(this=0x0000000103010100) at RunLoop.cpp:147:9 frame #21: 0x000000013016ded4 JavaScriptCore`WTF::RunLoop::performWork(context=0x0000000103010100) at RunLoopCF.cpp:46:37 frame #22: 0x000000018821a884 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 frame #23: 0x000000018821a818 CoreFoundation`__CFRunLoopDoSource0 + 176 frame #24: 0x000000018821a588 CoreFoundation`__CFRunLoopDoSources0 + 244 frame #25: 0x0000000188219190 CoreFoundation`__CFRunLoopRun + 828 frame #26: 0x0000000188218700 CoreFoundation`CFRunLoopRunSpecific + 612 frame #27: 0x00000001891929bc Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #28: 0x000000018920b37c Foundation`-[NSRunLoop(NSRunLoop) run] + 64 frame #29: 0x0000000187e8a5a0 libxpc.dylib`_xpc_objc_main + 860 frame #30: 0x0000000187e89ec0 libxpc.dylib`xpc_main + 108 frame #31: 0x00000001149fbde8 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016fa9f588) at XPCServiceMain.mm:207:5 frame #32: 0x0000000116a4c2f4 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016fa9f588) at WKMain.mm:35:12 frame #33: 0x0000000100363f9c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016fa9f588) at AuxiliaryProcessMain.cpp:30:12 frame #34: 0x0000000187de3f28 dyld`start + 2236 ``` 1933753 1 webkit-bug-importer 2023-02-15 00:33:12 -0800 <rdar://problem/105486027> 1933754 2 webkit-bug-importer 2023-02-15 00:34:33 -0800 <rdar://problem/105486068> 1933755 3 jean-yves.avenard 2023-02-15 00:39:16 -0800 Test case added: https://jyavenard.github.io/htmltests/tests/252302/index.html 2056836 4 wenson_hsieh 2024-08-31 17:04:42 -0700 Pull request: https://github.com/WebKit/WebKit/pull/32995 2056842 5 ews-feeder 2024-08-31 19:18:13 -0700 Committed 283030@main (416adec17dd1): <https://commits.webkit.org/283030@main> Reviewed commits have been landed. Closing PR #32995 and removing active labels.