Bug 164086

Summary: ASSERTION FAILED: node.inDocument() in &WebCore::Style::Scope::forNode
Product: WebKit Reporter: Renata Hodovan <hodovan>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal    
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test none

Renata Hodovan
Reported 2016-10-27 15:00:41 PDT
Load the attached test with debug WebKitTestRunner: Checked version: e15d4df OS: Darwin-15.6.0-x86_64-i386-64bit <svg onerror='alert(String.fromCharCode())'><font FACE><p><marquee><link onbeforeload==><summary></marquee></font> Backtrace: WebKit/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm(232) : static bool WebKit::SandboxExtension::createHandle(const WTF::String &, WebKit::SandboxExtension::Type, WebKit::SandboxExtension::Handle &) ASSERTION FAILED: node.inDocument() WebKit/Source/WebCore/style/StyleScope.cpp(120) : static WebCore::Style::Scope &WebCore::Style::Scope::forNode(WebCore::Node &) 1 0x110e1ed41 WTFCrash 2 0x11b5a7906 WebCore::Style::Scope::forNode(WebCore::Node&) 3 0x116779a2b WebCore::ElementRuleCollector::matchAuthorShadowPseudoElementRules(WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) 4 0x11677886d WebCore::ElementRuleCollector::matchAuthorRules(bool) 5 0x11677be6d WebCore::ElementRuleCollector::matchAllRules(bool, bool) 6 0x11b540964 WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*, WebCore::SelectorFilter const*) 7 0x11b5e2f52 WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) 8 0x11b5e3b8f WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) 9 0x11b5e73e4 WebCore::Style::TreeResolver::resolveComposedTree() 10 0x11b5e8f1a WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) 11 0x116382c53 WebCore::Document::recalcStyle(WebCore::Style::Change) 12 0x11636d63b WebCore::Document::updateStyleIfNeeded() 13 0x1165fe2e9 WebCore::DOMWindow::alert(WTF::String const&) 14 0x118180c0d WebCore::jsDOMWindowInstanceFunctionAlert2Caller(JSC::ExecState*, WebCore::JSDOMWindow*, JSC::ThrowScope&) 15 0x1181807bc long long WebCore::BindingCaller<WebCore::JSDOMWindow>::callOperation<&(WebCore::jsDOMWindowInstanceFunctionAlert2Caller(JSC::ExecState*, WebCore::JSDOMWindow*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, char const*) 16 0x118175cec WebCore::jsDOMWindowInstanceFunctionAlert2(JSC::ExecState*) 17 0x118175bb8 WebCore::jsDOMWindowInstanceFunctionAlert(JSC::ExecState*) 18 0x5b159ba01028 19 0x11047d5aa llint_entry 20 0x11047613e vmEntryToJavaScript 21 0x10fe957be JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 22 0x10fd62d61 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 23 0x10e7da9cb JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 24 0x10e7daee8 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 25 0x10e7db95e JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 26 0x117be24d1 WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 27 0x1183739cd WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 28 0x116827a79 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) 29 0x1168272c6 WebCore::EventTarget::fireEventListeners(WebCore::Event&) 30 0x116826f3a WebCore::EventTarget::dispatchEvent(WebCore::Event&) 31 0x11aea6328 WebCore::ScriptExecutionContext::dispatchErrorEvent(WTF::String const&, int, int, WTF::String const&, JSC::Exception*, WebCore::CachedScript*) ASAN:DEADLYSIGNAL ================================================================= ==10957==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000110e1ed79 bp 0x7fff58811da0 sp 0x7fff58811d90 T0) #0 0x110e1ed78 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) #1 0x11b5a7905 in WebCore::Style::Scope::forNode(WebCore::Node&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x637f905) #2 0x116779a2a in WebCore::ElementRuleCollector::matchAuthorShadowPseudoElementRules(WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1551a2a) #3 0x11677886c in WebCore::ElementRuleCollector::matchAuthorRules(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x155086c) #4 0x11677be6c in WebCore::ElementRuleCollector::matchAllRules(bool, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1553e6c) #5 0x11b540963 in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*, WebCore::SelectorFilter const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6318963) #6 0x11b5e2f51 in WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63baf51) #7 0x11b5e3b8e in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63bbb8e) #8 0x11b5e73e3 in WebCore::Style::TreeResolver::resolveComposedTree() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63bf3e3) #9 0x11b5e8f19 in WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63c0f19) #10 0x116382c52 in WebCore::Document::recalcStyle(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x115ac52) #11 0x11636d63a in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x114563a) #12 0x1165fe2e8 in WebCore::DOMWindow::alert(WTF::String const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13d62e8) #13 0x118180c0c in WebCore::jsDOMWindowInstanceFunctionAlert2Caller(JSC::ExecState*, WebCore::JSDOMWindow*, JSC::ThrowScope&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f58c0c) #14 0x1181807bb in long long WebCore::BindingCaller<WebCore::JSDOMWindow>::callOperation<&(WebCore::jsDOMWindowInstanceFunctionAlert2Caller(JSC::ExecState*, WebCore::JSDOMWindow*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, char const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f587bb) #15 0x118175ceb in WebCore::jsDOMWindowInstanceFunctionAlert2(JSC::ExecState*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f4dceb) #16 0x118175bb7 in WebCore::jsDOMWindowInstanceFunctionAlert(JSC::ExecState*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f4dbb7) #17 0x5b159ba01027 (<unknown module>) #18 0x11047d5a9 in llint_entry (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x24075a9) #19 0x11047613d in vmEntryToJavaScript (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x240013d) #20 0x10fe957bd in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1e1f7bd) #21 0x10fd62d60 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1cecd60) #22 0x10e7da9ca in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x7649ca) #23 0x10e7daee7 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x764ee7) #24 0x10e7db95d in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x76595d) #25 0x117be24d0 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x29ba4d0) #26 0x1183739cc in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x314b9cc) #27 0x116827a78 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15ffa78) #28 0x1168272c5 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15ff2c5) #29 0x116826f39 in WebCore::EventTarget::dispatchEvent(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15fef39) #30 0x11aea6327 in WebCore::ScriptExecutionContext::dispatchErrorEvent(WTF::String const&, int, int, WTF::String const&, JSC::Exception*, WebCore::CachedScript*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5c7e327) #31 0x11aea4f5a in WebCore::ScriptExecutionContext::reportException(WTF::String const&, int, int, WTF::String const&, JSC::Exception*, WTF::RefPtr<Inspector::ScriptCallStack>&&, WebCore::CachedScript*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5c7cf5a) #32 0x117ec6271 in WebCore::reportException(JSC::ExecState*, JSC::Exception*, WebCore::CachedScript*, WebCore::ExceptionDetails*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2c9e271) #33 0x118373d26 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x314bd26) #34 0x116827a78 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15ffa78) #35 0x1168272c5 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15ff2c5) #36 0x119e5a240 in WebCore::Node::handleLocalEvents(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c32240) #37 0x1167b43ef in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x158c3ef) #38 0x1167b6022 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x158e022) #39 0x1167b5b34 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x158db34) #40 0x119e5a29c in WebCore::Node::dispatchEvent(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c3229c) #41 0x119e5aa46 in WebCore::Node::dispatchBeforeLoadEvent(WTF::String const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c32a46) #42 0x11719c329 in WebCore::HTMLLinkElement::shouldLoadLink() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f74329) #43 0x119842e43 in WebCore::LinkLoader::loadLink(WebCore::LinkRelAttribute const&, WebCore::URL const&, WTF::String const&, WTF::String const&, WebCore::Document&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x461ae43) #44 0x11719afd7 in WebCore::HTMLLinkElement::process() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f72fd7) #45 0x11719c7a4 in WebCore::HTMLLinkElement::insertedInto(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f747a4) #46 0x115ac0b83 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898b83) #47 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #48 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #49 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #50 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #51 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #52 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #53 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #54 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #55 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #56 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #57 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #58 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #59 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #60 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #61 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #62 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #63 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #64 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #65 0x115ac0db4 in WebCore::notifyDescendantInsertedIntoDocument(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898db4) #66 0x115ac0bd3 in WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x898bd3) #67 0x115ac1443 in WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x899443) #68 0x115a9dba9 in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x875ba9) #69 0x115a9c10d in WebCore::ContainerNode::parserAppendChild(WebCore::Node&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x87410d) #70 0x11704f1f2 in WebCore::insert(WebCore::HTMLConstructionSiteTask&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e271f2) #71 0x11704eeae in WebCore::executeInsertAlreadyParsedChildTask(WebCore::HTMLConstructionSiteTask&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e26eae) #72 0x117047aff in WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e1faff) #73 0x1170479c8 in WebCore::HTMLConstructionSite::executeQueuedTasks() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e1f9c8) #74 0x117342c32 in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x211ac32) #75 0x1170c16f6 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e996f6) #76 0x1170c1452 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e99452) #77 0x1170bf032 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e97032) #78 0x1170be9ef in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e969ef) #79 0x1170c2c7b in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9ac7b) #80 0x11626505b in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x103d05b) #81 0x116576da1 in WebCore::DocumentWriter::addData(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x134eda1) #82 0x1164cfdb5 in WebCore::DocumentLoader::commitData(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a7db5) #83 0x1085098ed in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x11148ed) #84 0x1164d5546 in WebCore::DocumentLoader::commitLoad(char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12ad546) #85 0x1164d528a in WebCore::DocumentLoader::dataReceived(char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12ad28a) #86 0x1164d5928 in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12ad928) #87 0x1157fa9c1 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d29c1) #88 0x1157fa670 in WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d2670) #89 0x11b61d7ea in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63f57ea) #90 0x11b61d120 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63f5120) #91 0x108ec05ea in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1acb5ea) #92 0x108ece3f3 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad93f3) #93 0x108ecdef4 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad8ef4) #94 0x108ecb601 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad6601) #95 0x108ec9bb0 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad4bb0) #96 0x107bbb6d9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c66d9) #97 0x1075cde0a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8e0a) #98 0x1075b65f4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c15f4) #99 0x1075ceaf5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d9af5) #100 0x1075df0ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ea0ac) #101 0x1075defd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9fd8) #102 0x110ea3360 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e2d360) #103 0x110eed026 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77026) #104 0x110eedef1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77ef1) #105 0x7fff8eaad7e0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa7e0) #106 0x7fff8ea8cf1b in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89f1b) #107 0x7fff8ea8c43e in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8943e) #108 0x7fff8ea8be37 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e37) #109 0x7fff94359934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #110 0x7fff9435976e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #111 0x7fff943595ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #112 0x7fff8fc63df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #113 0x7fff8fc63225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #114 0x7fff8fc57d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #115 0x7fff8fc21367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #116 0x7fff9a10e193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #117 0x7fff9a10cbbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #118 0x1073dbf73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #119 0x7fff914ac5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #120 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) in WTFCrash ==10957==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 10957)
Attachments
Test (114 bytes, application/octet-stream)
2016-10-27 15:00 PDT, Renata Hodovan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Renata Hodovan
Comment 1 2016-10-27 15:00:44 PDT
Created attachment 293065 [details] Test
Note You need to log in before you can comment on or make changes to this bug.