Bug 187137

Summary: Release assert in ScriptController::canExecuteScripts via WebCore::SVGUseElement::insertedIntoAncestor
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: SVGAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, koivisto, rniwa, sabouhallawa, zalan, zimmermann
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug
none
Archive of layout-test-results from ews106 for mac-sierra-wk2 none

Ryosuke Niwa
Reported 2018-06-27 23:57:40 PDT
e.g. Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff3fb38d4d WebCore::ScriptController::canExecuteScripts(WebCore::ReasonForCallingCanExecuteScripts) + 509 1 com.apple.WebCore 0x00007fff406112b2 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 338 2 com.apple.WebCore 0x00007fff408433b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>) + 836 3 com.apple.WebCore 0x00007fff408411f0 WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 512 4 com.apple.WebCore 0x00007fff40b944c2 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 242 5 com.apple.WebCore 0x00007fff3fb74efa WebCore::DOMWindow::dispatchLoadEvent() + 154 6 com.apple.WebCore 0x00007fff3fb4671f WebCore::Document::implicitClose() + 399 7 com.apple.WebCore 0x00007fff3fb460fe WebCore::FrameLoader::checkCompleted() + 398 8 com.apple.WebCore 0x00007fff40b6cb14 WebCore::CachedResourceLoader::loadDone(bool) + 68 9 com.apple.WebCore 0x00007fff3fc57e0f WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) + 127 10 com.apple.WebCore 0x00007fff3fc57a34 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 468 11 com.apple.WebCore 0x00007fff3fc577d4 WebCore::ResourceLoader::cancel() + 68 12 com.apple.WebCore 0x00007fff40b663ae WebCore::CachedResource::removeClient(WebCore::CachedResourceClient&) + 574 13 com.apple.WebCore 0x00007fff40afff0b WebCore::DocumentThreadableLoader::clearResource() + 59 14 com.apple.WebCore 0x00007fff3fc5819c WebCore::DocumentThreadableLoader::cancel() + 412 15 com.apple.WebCore 0x00007fff3fbc3732 WebCore::XMLHttpRequest::internalAbort() + 130 16 com.apple.WebCore 0x00007fff3fb6a5ae WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 494 17 com.apple.WebCore 0x00007fff3fb69e4b WebCore::Document::prepareForDestruction() + 827 18 com.apple.WebCore 0x00007fff40bb5cd5 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) + 245 19 com.apple.WebCore 0x00007fff3fbb8d34 WebCore::FrameLoader::detachFromParent() + 436 20 com.apple.WebCore 0x00007fff3fb2c69f WebCore::FrameLoader::detachChildren() + 351 21 com.apple.WebCore 0x00007fff3fbb8c15 WebCore::FrameLoader::detachFromParent() + 149 22 com.apple.WebCore 0x00007fff3fb2c69f WebCore::FrameLoader::detachChildren() + 351 23 com.apple.WebCore 0x00007fff3fbb8c15 WebCore::FrameLoader::detachFromParent() + 149 24 com.apple.WebCore 0x00007fff3fbfe316 WebCore::FrameLoader::frameDetached() + 70 25 com.apple.WebCore 0x00007fff3fbfe283 WebCore::HTMLFrameOwnerElement::disconnectContentFrame() + 35 26 com.apple.WebCore 0x00007fff407f0048 WebCore::disconnectSubframes(WebCore::ContainerNode&, WebCore::SubframeDisconnectPolicy) + 216 27 com.apple.WebCore 0x00007fff407ec8f9 WebCore::ContainerNode::removeChild(WebCore::Node&) + 217 28 com.apple.WebCore 0x00007fff4085aabb WebCore::Node::removeChild(WebCore::Node&) + 43 29 com.apple.WebCore 0x00007fff3fbb2b2e WebCore::jsNodePrototypeFunctionRemoveChild(JSC::ExecState*) + 238
Attachments
Fixes the bug (4.34 KB, patch)
2018-06-28 00:20 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews106 for mac-sierra-wk2 (3.12 MB, application/zip)
2018-06-28 01:46 PDT, EWS Watchlist 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2018-06-27 23:57:52 PDT
<rdar://problem/41081885>
Ryosuke Niwa
Comment 2 2018-06-28 00:08:47 PDT
Oops, wrong stack trace :( Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff52eb9d4d WebCore::ScriptController::canExecuteScripts(WebCore::ReasonForCallingCanExecuteScripts) + 509 1 com.apple.WebCore 0x00007fff539922b2 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 338 2 com.apple.WebCore 0x00007fff53bc43b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>) + 836 3 com.apple.WebCore 0x00007fff53bc21f0 WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 512 4 com.apple.WebCore 0x00007fff53bc1196 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 86 5 com.apple.WebCore 0x00007fff53bc0e8a WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 602 6 com.apple.WebCore 0x00007fff543e25cd WebCore::SVGUseElement::notifyFinished(WebCore::CachedResource&) + 125 7 com.apple.WebCore 0x00007fff53ee0578 WebCore::CachedResource::didAddClient(WebCore::CachedResourceClient&) + 152 8 com.apple.WebCore 0x00007fff543dffbb WebCore::SVGUseElement::updateExternalDocument() + 1435 9 com.apple.WebCore 0x00007fff543df9c0 WebCore::SVGUseElement::insertedIntoAncestor(WebCore::Node::InsertionType, WebCore::ContainerNode&) + 128 10 com.apple.WebCore 0x00007fff53b7095d WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul>&) + 61 11 com.apple.WebCore 0x00007fff53b709d8 WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul>&) + 184 12 com.apple.WebCore 0x00007fff53b709d8 WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul>&) + 184 13 com.apple.WebCore 0x00007fff53b7087b WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&) + 107 14 com.apple.WebCore 0x00007fff53b6d397 WebCore::ContainerNode::replaceChild(WebCore::Node&, WebCore::Node&) + 1479 15 com.apple.WebCore 0x00007fff53bdba7b WebCore::Node::replaceChild(WebCore::Node&, WebCore::Node&) + 43 16 com.apple.WebCore 0x00007fff52fdf759 WebCore::jsNodePrototypeFunctionReplaceChild(JSC::ExecState*) + 361
Ryosuke Niwa
Comment 3 2018-06-28 00:20:22 PDT
Created attachment 343800 [details] Fixes the bug
EWS Watchlist
Comment 4 2018-06-28 01:46:38 PDT
Comment on attachment 343800 [details] Fixes the bug Attachment 343800 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/8367770 New failing tests: http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-window-open.html
EWS Watchlist
Comment 5 2018-06-28 01:46:40 PDT
Created attachment 343803 [details] Archive of layout-test-results from ews106 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
Ryosuke Niwa
Comment 6 2018-06-28 03:30:28 PDT
Hm... I don't think this test failure is related to my patch.
WebKit Commit Bot
Comment 7 2018-06-28 14:00:52 PDT
Comment on attachment 343800 [details] Fixes the bug Clearing flags on attachment: 343800 Committed r233324: <https://trac.webkit.org/changeset/233324>
WebKit Commit Bot
Comment 8 2018-06-28 14:00:54 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.