Bug 299001

Summary: Crash in EventTarget::innerInvokeEventListeners
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: New BugsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   

Ryosuke Niwa
Reported 2025-09-16 23:54:21 PDT
e.g. #0 0x000159898398 in WebCore::ScriptExecutionContext::ref()+0x50 (WebCore:arm64e+0x836c398) #1 0x0001596bab28 in WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)+0x194 (WebCore:arm64e+0x818eb28) #2 0x000159682398 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)+0x414 (WebCore:arm64e+0x8156398) #3 0x0001596b9d1c in WebCore::EventTarget::dispatchEvent(WebCore::Event&)+0x37c (WebCore:arm64e+0x818dd1c) #4 0x00015a88987c in WTF::Detail::CallableWrapper<void WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::TrackListBase, WebCore::TrackListBase::scheduleChangeEvent()::$_0>(WebCore::TrackListBase&, WebCore::TaskSource, WebCore::TrackListBase::scheduleChangeEvent()::$_0&&)::'lambda'(), void>::call()+0x1ec (WebCore:arm64e+0x935d87c) #5 0x000159696580 in WebCore::EventLoop::run(std::__1::optional<WTF::ApproximateTime>)+0x4c4 (WebCore:arm64e+0x816a580) #6 0x0001599c3b00 in WebCore::WindowEventLoop::didReachTimeToRun()+0x13c (WebCore:arm64e+0x8497b00) #7 0x0001599ca2b8 in WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'(), void>::call()+0x1d4 (WebCore:arm64e+0x849e2b8) #8 0x000151555034 in WebCore::ThreadTimers::sharedTimerFiredInternal()+0x3f8 (WebCore:arm64e+0x29034) #9 0x000151554c00 in WebCore::timerFired(__CFRunLoopTimer*, void*)+0x8c (WebCore:arm64e+0x28c00) <rdar://160598447>
Attachments
Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2025-09-17 00:28:06 PDT
Pull request: https://github.com/WebKit/WebKit/pull/50843
Ryosuke Niwa
Comment 2 2025-09-17 09:18:21 PDT
Pull request: https://github.com/WebKit/WebKit/pull/50864
EWS
Comment 3 2025-09-17 12:36:01 PDT
Committed 300099@main (d370fee5140c): <https://commits.webkit.org/300099@main> Reviewed commits have been landed. Closing PR #50864 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.