Bug 185493

Summary: Release assert in TreeScopeOrderedMap::remove via HTMLImageElement::removedFromAncestor
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: DOMAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, cdumez, esprehn+autocc, ews-watchlist, gyuyoung.kim, koivisto, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug bfulgham: review+

Ryosuke Niwa
Reported 2018-05-09 14:46:16 PDT
e.g. ASSERTION FAILED: entry.registeredElements.remove(&element) ./dom/TreeScopeOrderedMap.cpp(84) : void WebCore::TreeScopeOrderedMap::remove(const WTF::AtomicStringImpl &, WebCore::Element &) 1 0x6477df959 WTFCrash 2 0x6477df979 WTFCrashWithSecurityImplication 3 0x639fc81f8 WebCore::TreeScopeOrderedMap::remove(WTF::AtomicStringImpl const&, WebCore::Element&) 4 0x639fc996d WebCore::TreeScope::removeImageElementByUsemap(WTF::AtomicStringImpl const&, WebCore::HTMLImageElement&) 5 0x63a1c9ef4 WebCore::HTMLImageElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) 6 0x639daa3cb WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) 7 0x639daa498 WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) 8 0x639daa2b1 WebCore::notifyChildNodeRemoved(WebCore::ContainerNode&, WebCore::Node&) 9 0x639da6879 WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) 10 0x639da619e WebCore::ContainerNode::removeChild(WebCore::Node&) 11 0x63a090b0e WebCore::ReplacementFragment::removeNode(WebCore::Node&) 12 0x63a090543 WebCore::ReplacementFragment::removeUnrenderedNodes(WebCore::Node*) 13 0x63a08ff05 WebCore::ReplacementFragment::ReplacementFragment(WebCore::Document&, WebCore::DocumentFragment*, WebCore::VisibleSelection const&) 14 0x63a09085d WebCore::ReplacementFragment::ReplacementFragment(WebCore::Document&, WebCore::DocumentFragment*, WebCore::VisibleSelection const&) 15 0x63a093bfc WebCore::ReplaceSelectionCommand::ensureReplacementFragment() 16 0x63a093a19 WebCore::ReplaceSelectionCommand::willApplyCommand() 17 0x639ffaef6 WebCore::CompositeEditCommand::apply() <rdar://problem/38362600>
Attachments
Fixes the bug (4.76 KB, patch)
2018-05-09 14:49 PDT, Ryosuke Niwa 		bfulgham: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2018-05-09 14:49:55 PDT
Created attachment 340034 [details] Fixes the bug
Brent Fulgham
Comment 2 2018-05-09 14:52:53 PDT
Comment on attachment 340034 [details] Fixes the bug r=me
Ryosuke Niwa
Comment 3 2018-05-09 17:08:42 PDT
Committed r231621: <https://trac.webkit.org/changeset/231621>
Note You need to log in before you can comment on or make changes to this bug.