301610 2025-10-28 21:35:41 -0700 Fix editing/pasteboard/paste-noscript.html crash under Site Isolation 2025-10-29 14:50:58 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 sihui_liu sihui_liu webkit-bug-importer oldest_to_newest 2154903 0 sihui_liu 2025-10-28 21:35:41 -0700 ... 2154904 1 sihui_liu 2025-10-28 21:37:32 -0700 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebKit 0x1054822a0 WTFCrashWithInfo(int, char const*, char const*, int) + 8 (Assertions.h:969) [inlined] 1 WebKit 0x1054822a0 WebKit::collectFrameWebArchives(WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::HashMap<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>, WTF::DefaultHash<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>>, WTF::HashTableTraits, (WTF::ShouldValidateKey)1, WTF::FastMalloc>&, WTF::Vector<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 24 (WebPlatformStrategies.cpp:279) [inlined] 2 WebKit 0x1054822a0 WebKit::WebPlatformStrategies::writeWebArchive(WebCore::LegacyWebArchive&, WTF::String const&) (.cold.1) + 24 (WebPlatformStrategies.cpp:294) 3 WebKit 0x1051a2ea8 compilerFenceForCrash() + 4 (Assertions.h:1003) [inlined] 4 WebKit 0x1051a2ea8 WebKit::collectFrameWebArchives(WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::HashMap<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>, WTF::DefaultHash<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>>, WTF::HashTableTraits, (WTF::ShouldValidateKey)1, WTF::FastMalloc>&, WTF::Vector<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 4 (WebPlatformStrategies.cpp:279) [inlined] 5 WebKit 0x1051a2ea8 WebKit::WebPlatformStrategies::writeWebArchive(WebCore::LegacyWebArchive&, WTF::String const&) + 1040 (WebPlatformStrategies.cpp:294) 6 WebCore 0x11452c418 WebCore::Pasteboard::write(WebCore::PasteboardWebContent const&) + 1612 7 WebCore 0x113c2f788 WebCore::Editor::writeSelectionToPasteboard(WebCore::Pasteboard&) + 768 8 WebCore 0x114e9b128 WebCore::Editor::performCutOrCopy(WebCore::Editor::EditorActionSpecifier) + 732 9 WebCore 0x114eb972c WebCore::executeCopy(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 124 10 WebCore 0x11351ad44 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 164 11 WebCore 0x114d50cfc WebCore::Document::execCommand(WTF::String const&, bool, mpark::variant<WTF::String, WTF::RefPtr<WebCore::TrustedHTML, WTF::RawPtrTraits<WebCore::TrustedHTML>, WTF::DefaultRefDerefTraits<WebCore::TrustedHTML>>> const&) + 332 12 WebCore 0x113b80ff4 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 492 13 ??? 0x121718044 ??? 14 ??? 0x12170c008 ??? 15 ??? 0x12170c428 ??? 16 JavaScriptCore 0x10af8ece4 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) + 956 17 JavaScriptCore 0x10b16bed4 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 212 18 WebCore 0x11353756c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 368 19 WebCore 0x114a2b170 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) + 52 20 WebCore 0x114e0db2c WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 248 21 WebCore 0x114e0c114 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&) + 1380 22 WebCore 0x115116f20 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) + 140 23 WebCore 0x115116e14 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&) + 92 24 WebCore 0x1135371f8 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 104 25 WebCore 0x1134c9268 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 820 26 WebCore 0x1133fde14 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 108 27 WebCore 0x1150fcbe8 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&, WebCore::HTMLDocumentParser::SynchronousMode) + 324 28 WebCore 0x114d32208 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, std::__1::span<unsigned char const, 18446744073709551615ul>) + 200 29 WebCore 0x1152bca6c WebCore::DocumentWriter::addData(WebCore::SharedBuffer const&) + 108 30 WebCore 0x1152a4aac WebCore::DocumentLoader::commitData(WebCore::SharedBuffer const&) + 1308 31 WebKit 0x10518dfb8 WebKit::WebLocalFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, WebCore::SharedBuffer const&) + 60 (WebLocalFrameLoaderClient.cpp:1206) 32 WebCore 0x1152a72a4 WebCore::DocumentLoader::commitLoad(WebCore::SharedBuffer const&) + 200 33 WebCore 0x11533f0c0 WebCore::CachedRawResource::notifyClientsDataWasReceived(WebCore::SharedBuffer const&) + 112 34 WebCore 0x11533ee7c WebCore::CachedRawResource::updateBuffer(WebCore::FragmentedSharedBuffer const&) + 192 35 WebCore 0x115321d64 WebCore::SubresourceLoader::didReceiveBuffer(WebCore::FragmentedSharedBuffer const&, long long, WebCore::DataPayloadType) + 328 36 WebKit 0x10510c6a4 WebKit::WebResourceLoader::didReceiveData(IPC::SharedBufferReference&&, unsigned long long) + 268 (WebResourceLoader.cpp:251) 37 WebKit 0x1048decd0 auto void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...)::operator()<IPC::SharedBufferReference, unsigned long long>(auto&&...) const + 72 (HandleMessage.h:135) [inlined] 38 WebKit 0x1048decd0 std::__1::__invoke_result_impl<void, auto...>::type std::__1::__invoke[abi:sn210101]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...), IPC::SharedBufferReference, unsigned long long>(auto&&...) + 72 (invoke.h:87) [inlined] 39 WebKit 0x1048decd0 decltype(auto) std::__1::__apply_tuple_impl[abi:sn210101]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>, 0ul, 1ul>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&, std::__1::__tuple_indices<0ul, 1ul>) + 72 (tuple:1380) [inlined] 40 WebKit 0x1048decd0 decltype(auto) std::__1::apply[abi:sn210101]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&) + 72 (tuple:1384) [inlined] 41 WebKit 0x1048decd0 void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&) + 72 (HandleMessage.h:132) [inlined] 42 WebKit 0x1048decd0 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, IPC::Connection, WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long)) + 132 (HandleMessage.h:337) 43 WebKit 0x1048de7c4 WebKit::WebResourceLoader::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 232 (WebResourceLoaderMessageReceiver.cpp:84) 44 WebKit 0x105104ad8 WebKit::NetworkProcessConnection::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 188 (NetworkProcessConnection.cpp:106) 45 WebKit 0x104226468 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 108 (NetworkProcessConnectionMessageReceiver.cpp:132) 46 WebKit 0x1053402ec IPC::Connection::dispatchMessage(IPC::Decoder&) + 160 (Connection.cpp:1423) 47 WebKit 0x105340464 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 152 (Connection.cpp:1473) 48 WebKit 0x10423a1c0 IPC::Connection::dispatchOneIncomingMessage() + 124 (Connection.cpp:1546) 49 JavaScriptCore 0x10a5aa440 WTF::RunLoop::performWork() + 508 50 JavaScriptCore 0x10a5aa22c WTF::RunLoop::performWork(void*) + 40 51 CoreFoundation 0x1811c6544 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 52 CoreFoundation 0x1811c64d8 __CFRunLoopDoSource0 + 172 53 CoreFoundation 0x1811c6244 __CFRunLoopDoSources0 + 232 54 CoreFoundation 0x1811c4ed4 __CFRunLoopRun + 820 55 CoreFoundation 0x18127edac _CFRunLoopRunSpecificWithOptions + 532 56 Foundation 0x1833c7ae4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 57 Foundation 0x1829d5ea8 -[NSRunLoop(NSRunLoop) run] + 64 58 libxpc.dylib 0x180e16dc4 _xpc_objc_main + 668 59 libxpc.dylib 0x180e28d08 _xpc_main + 40 60 libxpc.dylib 0x180e16984 xpc_main + 64 61 WebKit 0x104217af4 WebKit::XPCServiceMain(int, char const**) + 44 (XPCServiceMain.mm:299) 62 dyld 0x180d79244 start + 7188 2154906 2 sihui_liu 2025-10-28 21:50:15 -0700 Pull request: https://github.com/WebKit/WebKit/pull/53124 2154907 3 webkit-bug-importer 2025-10-28 21:52:21 -0700 <rdar://problem/163618423> 2155106 4 ews-feeder 2025-10-29 14:50:56 -0700 Committed 302316@main (15cade05e54f): <https://commits.webkit.org/302316@main> Reviewed commits have been landed. Closing PR #53124 and removing active labels.