159307 – WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()

Bug 159307 - WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()

Summary: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolv...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	CSS (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2016-06-30 11:45 PDT by Antti Koivisto
Modified:	2016-06-30 16:12 PDT (History)
CC List:	0 users

See Also:

Attachments
Patch (1.80 KB, patch) 2016-06-30 15:58 PDT, Antti Koivisto	kling: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Antti Koivisto 2016-06-30 11:45:05 PDT

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0   WebCore                       	0x0000000188f8b830 WebCore::StyleResolver::~StyleResolver() + 364 (StyleResolver.cpp:309)
1   WebCore                       	0x0000000188f8b648 WebCore::Document::clearStyleResolver() + 32 (memory:2525)
2   WebCore                       	0x0000000188f8b648 WebCore::Document::clearStyleResolver() + 32 (memory:2525)
3   WebCore                       	0x0000000189179ac8 WebCore::AuthorStyleSheets::updateActiveStyleSheets(WebCore::AuthorStyleSheets::UpdateFlag) + 484 (AuthorStyleSheets.cpp:317)
4   WebCore                       	0x0000000188f8a574 WebCore::Document::styleResolverChanged(WebCore::StyleResolverUpdateFlag) + 116 (Document.cpp:3650)
5   WebKit                        	0x000000018d9949e4 WebKit::WebPage::viewportConfigurationChanged() + 196 (WebPageIOS.mm:2822)
6   WebKit                        	0x000000018d98a080 WebKit::WebPage::mainFrameDidLayout() + 156 (WebPage.cpp:3750)
7   WebCore                       	0x0000000188fd0598 WebCore::FrameView::performPostLayoutTasks() + 176 (FrameView.cpp:3183)
8   WebCore                       	0x0000000188fcc8e8 WebCore::FrameView::layout(bool) + 3544 (FrameView.cpp:1487)
9   WebCore                       	0x0000000188fc9528 WebCore::Document::implicitClose() + 788 (Document.cpp:2776)
10  WebCore                       	0x0000000188fc8928 WebCore::FrameLoader::checkCompleted() + 352 (FrameLoader.cpp:867)
11  WebCore                       	0x0000000188ffad54 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) + 612 (CachedResourceLoader.cpp:991)
12  WebCore                       	0x0000000188ffcdc8 WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) + 96 (SubresourceLoader.cpp:508)
13  WebCore                       	0x0000000188ffc7c8 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 484 (ResourceLoader.cpp:590)
14  WebCore                       	0x0000000188ffc558 WebCore::ResourceLoader::cancel() + 84 (ResourceLoader.cpp:546)
15  WebCore                       	0x0000000189cf039c WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 704 (SubresourceLoader.cpp:211)
16  WebCore                       	0x0000000188f6b990 WebCore::ResourceLoader::init(WebCore::ResourceRequest const&) + 288 (ResourceLoader.cpp:155)
17  WebCore                       	0x0000000188f6b724 WebCore::SubresourceLoader::init(WebCore::ResourceRequest const&) + 32 (SubresourceLoader.cpp:144)
18  WebCore                       	0x0000000188f6b178 WebCore::SubresourceLoader::create(WebCore::Frame*, WebCore::CachedResource*, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 188 (SubresourceLoader.cpp:112)
19  WebKit                        	0x000000018d979014 WebKit::WebLoaderStrategy::loadResource(WebCore::Frame*, WebCore::CachedResource*, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 52 (WebLoaderStrategy.cpp:76)
20  WebCore                       	0x00000001891acd20 WebCore::CachedResource::load(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 1184 (CachedResource.cpp:283)
21  WebCore                       	0x0000000188f68774 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 2160 (CachedResourceLoader.cpp:631)
22  WebCore                       	0x0000000189008750 WebCore::CachedResourceLoader::requestImage(WebCore::CachedResourceRequest&) + 260 (CachedResourceLoader.cpp:190)
23  WebCore                       	0x0000000189261bd0 WebCore::CSSImageValue::cachedImage(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 452 (CSSImageValue.cpp:88)
24  WebCore                       	0x0000000189ce27a4 WebCore::StyleResolver::loadPendingImage(WebCore::StylePendingImage const&, WebCore::ResourceLoaderOptions const&) + 76 (StyleResolver.cpp:2083)
25  WebCore                       	0x0000000188f54654 WebCore::StyleResolver::loadPendingImages() + 1172 (StyleResolver.cpp:2105)
26  WebCore                       	0x0000000189cdcf78 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const&, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) + 2076 (StyleResolver.cpp:2243)
27  WebCore                       	0x0000000189cdeb10 WebCore::StyleResolver::pseudoStyleForElement(WebCore::Element const&, WebCore::PseudoStyleRequest const&, WebCore::RenderStyle const&) + 596 (StyleResolver.cpp:596)
28  WebCore                       	0x0000000189af9138 WebCore::RenderElement::getCachedPseudoStyle(WebCore::PseudoId, WebCore::RenderStyle const*) const + 128 (RenderElement.cpp:1543)
29  WebCore                       	0x0000000189bc68ac WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement(WebCore::Element&, WebCore::PseudoId) + 320 (RenderTreeUpdater.cpp:459)
30  WebCore                       	0x0000000189bc6ab4 WebCore::RenderTreeUpdater::popParent() + 64 (RenderTreeUpdater.cpp:192)
31  WebCore                       	0x0000000189bc58dc WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) + 736 (RenderTreeUpdater.cpp:205)
32  WebCore                       	0x0000000189bc55a4 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update, std::__1::default_delete<WebCore::Style::Update> >) + 492 (RenderTreeUpdater.cpp:99)
33  WebCore                       	0x00000001892fa5b8 WebCore::Document::recalcStyle(WebCore::Style::Change) + 752 (Document.cpp:1891)
34  WebCore                       	0x0000000188fc7b08 WebCore::Document::finishedParsing() + 340 (Document.cpp:1937)
35  WebCore                       	0x0000000188fc5484 WebCore::HTMLDocumentParser::prepareToStopParsing() + 172 (HTMLDocumentParser.cpp:405)
36  WebCore                       	0x0000000188fc49c0 WebCore::DocumentWriter::end() + 92 (DocumentWriter.cpp:257)
37  WebCore                       	0x0000000188fbc180 WebCore::DocumentLoader::finishedLoading(double) + 256 (DocumentLoader.cpp:436)
38  WebCore                       	0x0000000188ffa468 WebCore::CachedResource::checkNotify() + 448 (CachedResource.cpp:299)
39  WebCore                       	0x00000001891ab4d8 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 224 (CachedRawResource.cpp:103)
40  WebCore                       	0x0000000188ffa148 WebCore::SubresourceLoader::didFinishLoading(double) + 988 (SubresourceLoader.cpp:429)
41  WebKit                        	0x000000018da1ff18 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 216 (WebResourceLoader.cpp:159)
42  WebKit                        	0x000000018da20958 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 540 (HandleMessage.h:16)
43  WebKit                        	0x000000018d85981c IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 160 (Connection.cpp:899)
44  WebKit                        	0x000000018d85c1d4 IPC::Connection::dispatchOneMessage() + 204 (Connection.cpp:961)
45  JavaScriptCore                	0x0000000188cad648 WTF::RunLoop::performWork() + 884 (functional:1817)
46  JavaScriptCore                	0x0000000188cad844 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
47  CoreFoundation                	0x00000001845863f0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1943)
48  CoreFoundation                	0x0000000184585d38 __CFRunLoopDoSources0 + 524 (CFRunLoop.c:1989)
49  CoreFoundation                	0x0000000184583938 __CFRunLoopRun + 804 (CFRunLoop.c:2821)
50  CoreFoundation                	0x00000001844b62e4 CFRunLoopRunSpecific + 292 (CFRunLoop.c:3103)
51  Foundation                    	0x0000000184f6093c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:367)
52  Foundation                    	0x0000000184fb5214 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:389)
53  libxpc.dylib                  	0x000000018426bf28 _xpc_objc_main + 660 (main.m:186)
54  libxpc.dylib                  	0x000000018426dc20 xpc_main + 200 (init.c:1438)
55  com.apple.WebKit.WebContent   	0x00000001000335e4 main + 376 (XPCServiceMain.mm:114)
56  libdyld.dylib                 	0x0000000184058600 start + 4

Comment 1 Antti Koivisto 2016-06-30 11:45:49 PDT

<rdar://problem/26184868>

Comment 2 Antti Koivisto 2016-06-30 15:58:42 PDT

Created attachment 282485 [details]
Patch

Comment 3 Andreas Kling 2016-06-30 16:00:11 PDT

Comment on attachment 282485 [details]
Patch

r=me

Comment 4 Antti Koivisto 2016-06-30 16:12:56 PDT

https://trac.webkit.org/r202716