Bug 269322
| Summary: | Crash under ~RenderMenuList due to CheckedPtr usage | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | Layout and Rendering | Assignee: | Chris Dumez <cdumez> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bfulgham, simon.fraser, webkit-bug-importer, zalan |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Chris Dumez
Crash under ~RenderMenuList due to CheckedPtr usage:
```
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 WebCore 0x1102c25d0 WTFCrashWithInfo(int, char const*, char const*, int) + 20
1 WebCore 0x11014882c WebCore::RenderLayerModelObject::~RenderLayerModelObject() + 604
2 WebCore 0x110280864 WebCore::RenderMenuList::~RenderMenuList() + 16
3 WebCore 0x1127bed30 WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 964
4 WebCore 0x1127c9c1c WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) + 344
5 WebCore 0x1127d7bc8 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) + 1460
6 WebCore 0x1127d8de8 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 84
7 WebCore 0x11198a924 WebCore::ContainerNode::removeBetween(WebCore::Node*, WebCore::Node*, WebCore::Node&) + 312
8 WebCore 0x111986530 WebCore::ContainerNode::removeChild(WebCore::Node&) + 552
9 WebCore 0x110bae9b0 WebCore::jsNodePrototypeFunction_removeChild(JSC::JSGlobalObject*, JSC::CallFrame*) + 504
```
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Chris Dumez
<rdar://119790256>
Chris Dumez
Pull request: https://github.com/WebKit/WebKit/pull/24372
EWS
Committed 274586@main (35318b4d5407): <https://commits.webkit.org/274586@main>
Reviewed commits have been landed. Closing PR #24372 and removing active labels.