WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
158273
Crash under eventTargetRespectingTargetRules()
https://bugs.webkit.org/show_bug.cgi?id=158273
Summary
Crash under eventTargetRespectingTargetRules()
Chris Dumez
Reported
2016-06-01 14:03:49 PDT
Crash under eventTargetRespectingTargetRules(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000014) [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WebCore::Node::getFlag(WebCore::Node::NodeFlags) const at Node.h:625:49 621 622 DefaultNodeFlags = IsParsingChildrenFinishedFlag 623 }; 624 -> 625 bool getFlag(NodeFlags mask) const { return m_nodeFlags & mask; } 626 void setFlag(bool f, NodeFlags mask) const { m_nodeFlags = (m_nodeFlags & ~mask) | (-(int32_t)f & mask); } 627 void setFlag(NodeFlags mask) const { m_nodeFlags |= mask; } 628 void clearFlag(NodeFlags mask) const { m_nodeFlags &= ~mask; } 629 0x00007fff8b85798a: testb %al, %al 0x00007fff8b85798c: movq %r15, %r14 0x00007fff8b85798f: je 0x5b3995 ; <+117> [inlined] WebCore::Node::getFlag(WebCore::Node::NodeFlags) const at Node.h:217 0x00007fff8b857991: movq 0x60(%r15), %r14 -> 0x00007fff8b857995: movl 0x14(%r14), %eax 0x00007fff8b857999: movl %eax, %ecx 0x00007fff8b85799b: andl $0x100004, %ecx ; imm = 0x100004 0x00007fff8b8579a1: cmpl $0x100004, %ecx ; imm = 0x100004 0x00007fff8b8579a7: jne 0x5b39cf ; <+175> [inlined] WebCore::Node::getFlag(WebCore::Node::NodeFlags) const + 4 at Node.h:221 [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WebCore::Node::isElementNode() const at Node.h:217 213 WEBCORE_EXPORT void remove(ExceptionCode&); 214 215 // Other methods (not part of DOM) 216 -> 217 bool isElementNode() const { return getFlag(IsElementFlag); } 218 bool isContainerNode() const { return getFlag(IsContainerFlag); } 219 bool isTextNode() const { return getFlag(IsTextFlag); } 220 bool isHTMLElement() const { return getFlag(IsHTMLFlag); } 221 bool isSVGElement() const { return getFlag(IsSVGFlag); } [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WebCore::Node::pseudoId() const at Node.h:227 223 224 bool isPseudoElement() const { return pseudoId() != NOPSEUDO; } 225 bool isBeforePseudoElement() const { return pseudoId() == BEFORE; } 226 bool isAfterPseudoElement() const { return pseudoId() == AFTER; } -> 227 PseudoId pseudoId() const { return (isElementNode() && hasCustomStyleResolveCallbacks()) ? customPseudoId() : NOPSEUDO; } 228 229 virtual bool isMediaControlElement() const { return false; } 230 virtual bool isMediaControls() const { return false; } 231 #if ENABLE(VIDEO_TRACK) [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WebCore::Node::isPseudoElement() const at Node.h:224 220 bool isHTMLElement() const { return getFlag(IsHTMLFlag); } 221 bool isSVGElement() const { return getFlag(IsSVGFlag); } 222 bool isMathMLElement() const { return getFlag(IsMathMLFlag); } 223 -> 224 bool isPseudoElement() const { return pseudoId() != NOPSEUDO; } 225 bool isBeforePseudoElement() const { return pseudoId() == BEFORE; } 226 bool isAfterPseudoElement() const { return pseudoId() == AFTER; } 227 PseudoId pseudoId() const { return (isElementNode() && hasCustomStyleResolveCallbacks()) ? customPseudoId() : NOPSEUDO; } 228 [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WTF::TypeCastTraits<WebCore::PseudoElement const, WebCore::Node const, false>::isType(WebCore::Node const&) at PseudoElement.h:83 [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WTF::TypeCastTraits<WebCore::PseudoElement const, WebCore::Node const, false>::isOfType(WebCore::Node const&) at PseudoElement.h:82 [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] bool WTF::is<WebCore::PseudoElement, WebCore::Node>(WebCore::Node&) at TypeCasts.h:59 [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) [inlined] WebCore::EventPath::eventTargetRespectingTargetRules(WebCore::Node&) at EventPath.h:55 [ 0] 0x00007fff8b857995 WebCore`WebCore::EventPath::EventPath(WebCore::Node&, WebCore::Event&) + 117 at EventPath.cpp:94 [ 1] 0x00007fff8b84f47d WebCore`WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::Event&) + 77 at EventDispatcher.cpp:157:15 [ 2] 0x00007fff8b40cad3 WebCore`WebCore::AnimationControllerPrivate::fireEventsAndUpdateStyle() + 355 at AnimationController.cpp:208:13 [ 3] 0x00007fff8b581e66 WebCore`WebCore::AnimationControllerPrivate::animationTimerFired() + 182 at AnimationController.cpp:272:5 [ 4] 0x00007fff8b2b760f WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal() + 175 at ThreadTimers.cpp:121:9 [ 5] 0x00007fff8b2b754e WebCore`WebCore::timerFired(__CFRunLoopTimer*, void*) + 30 at MainThreadSharedTimerCF.cpp:74:5
Attachments
Patch
(1.76 KB, patch)
2016-06-01 14:07 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2016-06-01 14:04:08 PDT
<
rdar://problem/26343998
>
Chris Dumez
Comment 2
2016-06-01 14:07:53 PDT
Created
attachment 280266
[details]
Patch
Chris Dumez
Comment 3
2016-06-01 14:41:50 PDT
Comment on
attachment 280266
[details]
Patch Clearing flags on attachment: 280266 Committed
r201571
: <
http://trac.webkit.org/changeset/201571
>
Chris Dumez
Comment 4
2016-06-01 14:41:57 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug