WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
156715
Crash in ElementDescendantIterator::operator--() when calling m_ancestorSiblingStack.last()
https://bugs.webkit.org/show_bug.cgi?id=156715
Summary
Crash in ElementDescendantIterator::operator--() when calling m_ancestorSibli...
Chris Dumez
Reported
2016-04-18 13:43:03 PDT
Crash in ElementDescendantIterator::operator--() when calling m_ancestorSiblingStack.last(): Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010f369b57 WTFCrash + 39 (Assertions.cpp:322) 1 com.apple.WebCore 0x000000011158a7d9 WTF::CrashOnOverflow::crash() + 9 2 com.apple.WebCore 0x000000011158a7c9 WTF::CrashOnOverflow::overflowed() + 9 3 com.apple.WebCore 0x00000001115a6f9b WTF::Vector<WebCore::Element*, 16ul, WTF::CrashOnOverflow, 16ul>::at(unsigned long) + 75 (Vector.h:660) 4 com.apple.WebCore 0x00000001115a6e1b WTF::Vector<WebCore::Element*, 16ul, WTF::CrashOnOverflow, 16ul>::last() + 43 (Vector.h:700) 5 com.apple.WebCore 0x00000001115a68c4 WebCore::ElementDescendantIterator::operator--() + 244 (ElementDescendantIterator.h:174) 6 com.apple.WebCore 0x000000011391a674 void WebCore::CollectionTraversal<(WebCore::CollectionTraversalType)0>::traverseBackward<WebCore::HTMLTagCollection>(WebCore::HTMLTagCollection const&, WebCore::ElementDescendantIterator&, unsigned int) + 148 (CollectionTraversal.h:108) 7 com.apple.WebCore 0x000000011391a45b WebCore::CachedHTMLCollection<WebCore::HTMLTagCollection, (WebCore::CollectionTraversalType)0>::collectionTraverseBackward(WebCore::ElementDescendantIterator&, unsigned int) const + 43 (CachedHTMLCollection.h:53) 8 com.apple.WebCore 0x000000011391a30a WebCore::CollectionIndexCache<WebCore::HTMLTagCollection, WebCore::ElementDescendantIterator>::traverseBackwardTo(WebCore::HTMLTagCollection const&, unsigned int) + 586 (CollectionIndexCache.h:125) 9 com.apple.WebCore 0x00000001139197fe WebCore::CollectionIndexCache<WebCore::HTMLTagCollection, WebCore::ElementDescendantIterator>::nodeAt(WebCore::HTMLTagCollection const&, unsigned int) + 302 (CollectionIndexCache.h:181) 10 com.apple.WebCore 0x0000000113916654 WebCore::CachedHTMLCollection<WebCore::HTMLTagCollection, (WebCore::CollectionTraversalType)0>::item(unsigned int) const + 52 (CachedHTMLCollection.h:43) 11 com.apple.WebCore 0x0000000112814009 WebCore::jsHTMLCollectionPrototypeFunctionItem(JSC::ExecState*) + 537 (JSHTMLCollection.cpp:239) 12 ??? 0x0000304244001028 0 + 53061166829608
Attachments
Patch
(4.75 KB, patch)
2016-04-18 14:32 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2016-04-18 13:43:29 PDT
rdar://problem/25750864
Chris Dumez
Comment 2
2016-04-18 14:32:49 PDT
Created
attachment 276671
[details]
Patch
WebKit Commit Bot
Comment 3
2016-04-18 15:36:03 PDT
Comment on
attachment 276671
[details]
Patch Clearing flags on attachment: 276671 Committed
r199693
: <
http://trac.webkit.org/changeset/199693
>
WebKit Commit Bot
Comment 4
2016-04-18 15:36:09 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug