RESOLVED FIXED 157282
CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::EditCommandComposition::unapply + 105 
https://bugs.webkit.org/show_bug.cgi?id=157282
Summary CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore...
Jiewen Tan
Reported 2016-05-02 14:51:02 PDT
Created attachment 277936 [details] crash_case Safari crashes while trying to load the crash case. Process: com.apple.WebKit.WebContent.Development [21294] Path: /Users/USER/Documents/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent.Development Version: 602+ (602.1.30+) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: Safari [21238] User ID: 501 Date/Time: 2016-04-26 23:09:01.128 -0700 OS Version: Mac OS X 10.11.5 (15F27) Report Version: 11 Anonymous UUID: 959E954D-4D93-D4D4-8B62-15433989F34D Sleep/Wake UUID: F80568B2-DB72-4992-9684-8EE57515334B Time Awake Since Boot: 140000 seconds Time Since Wake: 26000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0xbbadbeef: --> __TEXT 0000000105c90000-0000000105c92000 [ 8K] r-x/rwx SM=COW /Users/USER/Documents/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: Bundle controller class: BrowserBundleController Process Model: Multiple Web Processes Global Trace Buffer (reverse chronological seconds): 72.671026 CFNetwork 0x00007fff90425ddf Explicitly setting CF cookie storage singleton 72.671281 CFNetwork 0x00007fff9045c78d Explicitly setting cookie storage singleton Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010a2d1e77 WTFCrash + 39 (Assertions.cpp:322) 1 com.apple.WebCore 0x000000010c8fddfc WebCore::EditCommandComposition::unapply() + 188 (CompositeEditCommand.cpp:215) 2 com.apple.WebKit 0x00000001063cc9be WebKit::WebPage::unapplyEditCommand(unsigned long long) + 78 (WebPage.cpp:3420) 3 com.apple.WebKit 0x000000010643a3c2 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>&&, std::index_sequence<0ul>) + 162 (HandleMessage.h:17) 4 com.apple.WebKit 0x000000010643a318 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>, std::make_index_sequence<1ul> >(std::__1::tuple<unsigned long long>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long)) + 88 (HandleMessage.h:23) 5 com.apple.WebKit 0x000000010642e722 void IPC::handleMessage<Messages::WebPage::UnapplyEditCommand, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long)) + 226 (HandleMessage.h:93) 6 com.apple.WebKit 0x0000000106426064 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::MessageDecoder&) + 8676 (WebPageMessageReceiver.cpp:712) 7 com.apple.WebKit 0x00000001063ce0f0 WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 384 (WebPage.cpp:3842) 8 com.apple.WebKit 0x00000001063ce137 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 55 (WebPage.cpp:3812) 9 com.apple.WebKit 0x0000000105e8f6e4 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) + 468 (MessageReceiverMap.cpp:103) 10 com.apple.WebKit 0x00000001065645bd WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 61 (WebProcess.cpp:634) 11 com.apple.WebKit 0x0000000105d61a83 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896) 12 com.apple.WebKit 0x0000000105d588b1 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:928) 13 com.apple.WebKit 0x0000000105d5831b IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) + 811 (Connection.cpp:176) 14 com.apple.WebKit 0x0000000105d58b85 IPC::Connection::SyncMessageState::dispatchMessageAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 229 (Connection.cpp:196) 15 com.apple.WebKit 0x0000000105d63f8f IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1::operator()() const + 47 (Connection.cpp:142) 16 com.apple.WebKit 0x0000000105d63f4d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1&>(IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1&&&) + 45 (__functional_base:441) 17 com.apple.WebKit 0x0000000105d63d3c std::__1::__function::__func<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1, std::__1::allocator<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1>, void ()>::operator()() + 44 (functional:1407) 18 com.apple.JavaScriptCore 0x0000000109bc349a std::__1::function<void ()>::operator()() const + 26 (functional:1793) 19 com.apple.JavaScriptCore 0x000000010a31c8d2 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106) 20 com.apple.JavaScriptCore 0x000000010a31d0f4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 21 com.apple.CoreFoundation 0x00007fff8f671881 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 22 com.apple.CoreFoundation 0x00007fff8f650fbc __CFRunLoopDoSources0 + 556 23 com.apple.CoreFoundation 0x00007fff8f6504df __CFRunLoopRun + 927 24 com.apple.CoreFoundation 0x00007fff8f64fed8 CFRunLoopRunSpecific + 296 25 com.apple.HIToolbox 0x00007fff91639935 RunCurrentEventLoopInMode + 235 26 com.apple.HIToolbox 0x00007fff9163976f ReceiveNextEventCommon + 432 27 com.apple.HIToolbox 0x00007fff916395af _BlockUntilNextEventMatchingListInModeWithFilter + 71 28 com.apple.AppKit 0x00007fff94c6edf6 _DPSNextEvent + 1067 29 com.apple.AppKit 0x00007fff94c6e226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 30 com.apple.AppKit 0x00007fff94c62d80 -[NSApplication run] + 682 31 com.apple.AppKit 0x00007fff94c2c368 NSApplicationMain + 1176 32 libxpc.dylib 0x00007fff97c1a194 _xpc_objc_main + 795 33 libxpc.dylib 0x00007fff97c18bbe xpc_main + 494 34 com.apple.WebKit.WebContent.Development 0x0000000105c91100 main + 800 (XPCServiceMain.mm:114) 35 libdyld.dylib 0x00007fff8ab845ad start + 1
Attachments
crash_case (767 bytes, application/zip)
2016-05-02 14:51 PDT, Jiewen Tan 		no flags
Details
Patch (1.73 KB, patch)
2016-05-03 15:45 PDT, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jiewen Tan
Comment 1 2016-05-02 14:51:58 PDT
<rdar://problem/25391441>
Jiewen Tan
Comment 2 2016-05-03 15:45:30 PDT
Created attachment 278035 [details] Patch
WebKit Commit Bot
Comment 3 2016-05-04 00:44:03 PDT
Comment on attachment 278035 [details] Patch Clearing flags on attachment: 278035 Committed r200410: <http://trac.webkit.org/changeset/200410>
WebKit Commit Bot
Comment 4 2016-05-04 00:44:07 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.