Bug 308214
| Summary: | Nullptr crash accessing settings when tearing down render tree | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Antti Koivisto <koivisto> |
| Component: | Layout and Rendering | Assignee: | Antti Koivisto <koivisto> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bfulgham, simon.fraser, webkit-bug-importer, zalan |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Antti Koivisto
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread:
0 WebCore 0x1ac2295e4 WebCore::Page::WeakValueType* WTF::WeakPtrImplBase<WTF::DefaultWeakPtrImpl>::get<WebCore::Page>() + 0 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/WeakPtrImpl.h:46) [inlined]
1 WebCore 0x1ac2295e4 WTF::WeakPtr<WebCore::Page, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl>>::get() const + 4 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/WeakPtr.h:118) [inlined]
2 WebCore 0x1ac2295e4 WebCore::Frame::page() const + 4 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/dom/DocumentPage.h:36) [inlined]
3 WebCore 0x1ac2295e4 WebCore::RenderObject::page() const + 32 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/RenderObjectInlines.h:72) [inlined]
4 WebCore 0x1ac2295e4 WebCore::RenderObject::settings() const + 32 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/RenderObjectInlines.h:82) [inlined]
5 WebCore 0x1ac2295e4 WebCore::RenderTreeBuilder::Inline::Inline(WebCore::RenderTreeBuilder&) + 40 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilderInline.cpp:110) [inlined]
6 WebCore 0x1ac2295e4 WebCore::RenderTreeBuilder::Inline::Inline(WebCore::RenderTreeBuilder&) + 40 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilderInline.cpp:111) [inlined]
7 WebCore 0x1ac2295e4 WTF::UniqueRef<WebCore::RenderTreeBuilder::Inline> WTF::makeUniqueRefWithoutFastMallocCheck<WebCore::RenderTreeBuilder::Inline, WebCore::RenderTreeBuilder&>(WebCore::RenderTreeBuilder&) + 56 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/UniqueRef.h:42) [inlined]
8 WebCore 0x1ac2295e4 WTF::UniqueRef<WebCore::RenderTreeBuilder::Inline> WTF::makeUniqueRef<WebCore::RenderTreeBuilder::Inline, WebCore::RenderTreeBuilder&>(WebCore::RenderTreeBuilder&) + 56 (/AppleInternal/Library/BuildRoots/4~CIZWugBYXeZLeWH4t2eGm4-6SY8vc0gCKXJcSRU/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS26.4.Internal.sdk/usr/local/include/wtf/UniqueRef.h:57) [inlined]
9 WebCore 0x1ac2295e4 WebCore::RenderTreeBuilder::RenderTreeBuilder(WebCore::RenderView&) + 292 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:184)
10 WebCore 0x1ac24c9cc WebCore::RenderTreeBuilder::RenderTreeBuilder(WebCore::RenderView&) + 8 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:190) [inlined]
11 WebCore 0x1ac24c9cc WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType) + 84 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:719)
12 WebCore 0x1ab029d78 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 12 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:726) [inlined]
13 WebCore 0x1ab029d78 WebCore::Document::destroyRenderTree() + 324 (/Library/Caches/com.apple.xbs/AF95AA3D-C0F5-4E77-A831-8BBF0C398EB5/TemporaryDirectory.8rjDBy/Sources/WebCore/Source/WebCore/dom/Document.cpp:3622)
14 WebCore 0x1ab02a384 WebCore::Document::willBeRemovedFromFrame() + 628 (/Library/Caches/c
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Antti Koivisto
rdar://117839253
Antti Koivisto
Pull request: https://github.com/WebKit/WebKit/pull/59004
EWS
Committed 307833@main (0ce1f258ce6e): <https://commits.webkit.org/307833@main>
Reviewed commits have been landed. Closing PR #59004 and removing active labels.
EWS
Committed 305413.321@safari-7624-branch (74f911b7e16f): <https://commits.webkit.org/305413.321@safari-7624-branch>
Reviewed commits have been landed. Closing PR #4513 and removing active labels.