Bug 224902

Summary: ASSERTION FAILED: m_ptr in JSHTMLScriptElement::createPrototype on imported/w3c/web-platform-tests/css/css-will-change/parsing/will-change-invalid.html
Product: WebKit Reporter: Tim Nguyen (:ntim) <ntim>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: cdumez, koivisto, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
crash-log.txt none

Tim Nguyen (:ntim)
Reported 2021-04-21 15:48:45 PDT
Created attachment 426749 [details] crash-log.txt Seems memory related. ASSERTION FAILED: m_ptr /Volumes/Data/Code/Safari/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h(79) : Ref<T> WTF::RefPtr<WebCore::CSSPrimitiveValue, WTF::RawPtrTraits<WebCore::CSSPrimitiveValue>, WTF::DefaultRefDerefTraits<WebCore::CSSPrimitiveValue>>::releaseNonNull() [T = WebCore::CSSPrimitiveValue, _PtrTraits = WTF::RawPtrTraits<WebCore::CSSPrimitiveValue>, _RefDerefTraits = WTF::DefaultRefDerefTraits<WebCore::CSSPrimitiveValue>] 1 0x13376adf8 WTFCrash 2 0x1164c09c4 WebCore::JSHTMLScriptElement::createPrototype(JSC::VM&, WebCore::JSDOMGlobalObject&) 3 0x118457608 WTF::RefPtr<WebCore::CSSPrimitiveValue, WTF::RawPtrTraits<WebCore::CSSPrimitiveValue>, WTF::DefaultRefDerefTraits<WebCore::CSSPrimitiveValue> >::releaseNonNull() 4 0x11864a1f0 WebCore::consumeWillChange(WebCore::CSSParserTokenRange&) 5 0x118643b94 WebCore::CSSPropertyParser::parseSingleValue(WebCore::CSSPropertyID, WebCore::CSSPropertyID) 6 0x118643548 WebCore::CSSPropertyParser::parseValueStart(WebCore::CSSPropertyID, bool) 7 0x118642e58 WebCore::CSSPropertyParser::parseValue(WebCore::CSSPropertyID, bool, WebCore::CSSParserTokenRange const&, WebCore::CSSParserContext const&, WTF::Vector<WebCore::CSSProperty, 256ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::StyleRuleType) 8 0x11862aa5c WebCore::CSSParserImpl::consumeDeclarationValue(WebCore::CSSParserTokenRange, WebCore::CSSPropertyID, bool, WebCore::StyleRuleType) 9 0x11862436c WebCore::CSSParserImpl::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserContext const&) 10 0x118624118 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties&, WebCore::CSSPropertyID, WTF::String const&, bool) 11 0x1186240a8 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties&, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserContext const&) 12 0x1185fb380 WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserContext) 13 0x1185d9b50 WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool) 14 0x11853d0f0 WebCore::CSSStyleDeclaration::setPropertyValueForDashedIDLAttribute(WTF::AtomString const&, WTF::String const&) 15 0x115e9fb48 WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)::'lambda'()::operator()() const 16 0x115e9fa64 void WebCore::invokeFunctorPropagatingExceptionIfNecessary<WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)::'lambda'()&&) 17 0x115e9f9e8 WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName) 18 0x115e0d9b4 bool WebCore::IDLAttribute<WebCore::JSCSSStyleDeclaration>::setPassingPropertyName<&(WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttributeSetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::JSValue, JSC::PropertyName)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, long long, long long, JSC::PropertyName) 19 0x115e0d870 WebCore::setJSCSSStyleDeclaration_propertyValueForDashedIDLAttribute(JSC::JSGlobalObject*, long long, long long, JSC::PropertyName) 20 0x134fe5b7c JSC::callCustomSetter(JSC::JSGlobalObject*, bool (*)(JSC::JSGlobalObject*, long long, long long, JSC::PropertyName), bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue, JSC::PropertyName) 21 0x1351cf0e4 JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 22 0x1352cf5d4 JSC::JSObject::putInlineForJSObject(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 23 0x1351c1340 JSC::JSObject::put(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 24 0x134b9e7e4 JSC::JSValue::put(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 25 0x134d259f8 llint_slow_path_put_by_val 26 0x133cfa58c llint_function_for_construct_arity_checkTagGateAfter 27 0x280004308 28 0x280004008 29 0x280004008 30 0x2800041e8 31 0x280004728 LEAK: 1 WebPageProxy
Attachments
crash-log.txt (101.91 KB, text/plain)
2021-04-21 15:48 PDT, Tim Nguyen (:ntim) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-04-28 15:49:16 PDT
<rdar://problem/77289385>
Note You need to log in before you can comment on or make changes to this bug.