Bug 158445

Summary: Using requestAnimationFrame, rewriting a style node's textContent can cause WebKit to crash
Product: WebKit Reporter: Daniel Freedman <dfreedm>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Major CC: rmondello, sorvell, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 9   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Minimal Repro none

Daniel Freedman
Reported 2016-06-06 16:04:40 PDT
Created attachment 280641 [details] Minimal Repro Using requestAnimationFrame, rewriting a style node's textContent can cause WebKit to crash This reproduction seems to take between 1 and 10 loads to see the issue Steps to reproduce 1. Open Safari 2. Open Inspector (no real need here, just more obvious when a crash occurs as the inspector will close) 3. Load attached `minimal.html` 4. Reload as necessary
Attachments
Minimal Repro (286 bytes, text/html)
2016-06-06 16:04 PDT, Daniel Freedman 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-06-06 23:13:10 PDT
<rdar://problem/26667512>
Alexey Proskuryakov
Comment 2 2022-08-30 19:02:30 PDT
I cannot reproduce this with Safari 15.6.1 any more.
Note You need to log in before you can comment on or make changes to this bug.