Bug 181742

Summary: REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator::evaluate const + 32
Product: WebKit Reporter: Antti Koivisto <koivisto>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, ddkilzer, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Antti Koivisto
Reported 2018-01-17 07:42:23 PST
> 1 com.apple.WebCore 0x00bf2440 WebCore::MediaQueryEvaluator::evaluate(WebCore::MediaQueryExpression const&) const + 32 2 com.apple.WebCore 0x00bf2278 WebCore::MediaQueryEvaluator::evaluate(WebCore::MediaQuerySet const&, WebCore::StyleResolver*) const + 344 3 com.apple.WebCore 0x00bfdcf9 WebCore::RuleSet::addChildRules(WTF::Vector<WTF::RefPtr<WebCore::StyleRuleBase, WTF::DumbPtrTraits<WebCore::StyleRuleBase> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::MediaQueryEvaluator const&, WebCore::StyleResolver*, bool) + 281 4 com.apple.WebCore 0x00bfde71 WebCore::RuleSet::addRulesFromSheet(WebCore::StyleSheetContents&, WebCore::MediaQueryEvaluator const&, WebCore::StyleResolver*) + 145 5 com.apple.WebCore 0x00be1fb7 WebCore::ElementRuleCollector::ElementRuleCollector(WebCore::Element const&, WebCore::DocumentRuleSets const&, WebCore::SelectorFilter const*) + 135 6 com.apple.WebCore 0x00c0df0e WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) + 798 7 com.apple.WebCore 0x00caa22e WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element&, WebCore::RenderStyle const*, WebCore::PseudoId) + 158 8 com.apple.WebCore 0x00cdaefb WebCore::Element::resolveComputedStyle() + 699 9 com.apple.WebCore 0x0007293a WebCore::Element::computedStyle(WebCore::PseudoId) + 186 10 com.apple.WebCore 0x00e57a91 WebCore::HTMLTitleElement::computedTextWithDirection() + 33 11 com.apple.WebCore 0x00e579ed WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) + 29 12 com.apple.WebCore 0x00c91d44 WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&) + 980 13 com.apple.WebCore 0x00c93a65 WebCore::ContainerNode::replaceAllChildren(WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) + 645 14 com.apple.WebCore 0x00df1949 WebCore::HTMLElement::setInnerText(WTF::String const&) + 265 15 com.apple.WebCore 0x0051b32e WebCore::setJSHTMLElementInnerText(JSC::ExecState*, long long, long long) + 334
Attachments
patch (5.93 KB, patch)
2018-01-17 08:00 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2018-01-17 07:42:56 PST
<rdar://problem/36334726>
Antti Koivisto
Comment 2 2018-01-17 08:00:14 PST
Created attachment 331494 [details] patch
David Kilzer (:ddkilzer)
Comment 3 2018-01-17 12:45:13 PST
Comment on attachment 331494 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=331494&action=review r=me, but maybe you want a review from Dean Jackson or another area expert. > Source/WebCore/css/MediaQueryEvaluator.cpp:778 > + if (!m_document) > + return m_fallbackResult; > + > + Document& document = *m_document; > + auto* frame = document.frame(); > + if (!frame || !frame->view() || !m_style) > return m_fallbackResult; You could move the "!m_style" check to the first if statement to avoid a small amount of work: if (!m_document || !m_style) return m_fallbackResult;
WebKit Commit Bot
Comment 4 2018-01-17 13:53:31 PST
Comment on attachment 331494 [details] patch Clearing flags on attachment: 331494 Committed r227082: <https://trac.webkit.org/changeset/227082>
WebKit Commit Bot
Comment 5 2018-01-17 13:53:32 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.