WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
164084
ASSERTION FAILED: m_templateInsertionModes.isEmpty() in WebCore::HTMLTreeBuilder::finished
https://bugs.webkit.org/show_bug.cgi?id=164084
Summary
ASSERTION FAILED: m_templateInsertionModes.isEmpty() in WebCore::HTMLTreeBuil...
Renata Hodovan
Reported
2016-10-27 14:56:57 PDT
Load the attached test with debug WebKitTestRunner: Checked version: e15d4df OS: Darwin-15.6.0-x86_64-i386-64bit <template><svg><image onload="history.back()"></image> Backtrace: ASSERTION FAILED: m_templateInsertionModes.isEmpty() WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp(2847) : void WebCore::HTMLTreeBuilder::finished() 1 0x1128d6d41 WTFCrash 2 0x118e10b33 WebCore::HTMLTreeBuilder::finished() 3 0x118b7ee7c WebCore::HTMLDocumentParser::end() 4 0x118b7ab67 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 5 0x118b7a7ce WebCore::HTMLDocumentParser::prepareToStopParsing() 6 0x118b7ef1c WebCore::HTMLDocumentParser::attemptToEnd() 7 0x118b7ef74 WebCore::HTMLDocumentParser::finish() 8 0x118031a30 WebCore::DocumentWriter::end() 9 0x117f8abc7 WebCore::DocumentLoader::finishedLoading(double) 10 0x117f8a6fb WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) 11 0x1172c1014 WebCore::CachedResource::checkNotify() 12 0x1172c1204 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) 13 0x1172b6de5 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) 14 0x11d0d6d5f WebCore::SubresourceLoader::didFinishLoading(double) 15 0x10a97f82f WebKit::WebResourceLoader::didFinishResourceLoad(double) 16 0x10a98dabf void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) 17 0x10a98d765 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) 18 0x10a98aa71 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) 19 0x10a988e01 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) 20 0x10967a6da WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 21 0x10908ce0b IPC::Connection::dispatchMessage(IPC::Decoder&) 22 0x1090755f5 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 23 0x10908daf6 IPC::Connection::dispatchOneMessage() 24 0x10909e0ad IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() 25 0x10909dfd9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() 26 0x11295b361 WTF::Function<void ()>::operator()() const 27 0x1129a5027 WTF::RunLoop::performWork() 28 0x1129a5ef2 WTF::RunLoop::performWork(void*) 29 0x7fff8eaad7e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 30 0x7fff8ea8cf1c __CFRunLoopDoSources0 31 0x7fff8ea8c43f __CFRunLoopRun ASAN:DEADLYSIGNAL ================================================================= ==6483==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001128d6d79 bp 0x7fff56d5c8a0 sp 0x7fff56d5c890 T0) #0 0x1128d6d78 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) #1 0x118e10b32 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x212cb32) #2 0x118b7ee7b in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9ae7b) #3 0x118b7ab66 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e96b66) #4 0x118b7a7cd in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e967cd) #5 0x118b7ef1b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9af1b) #6 0x118b7ef73 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e9af73) #7 0x118031a2f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x134da2f) #8 0x117f8abc6 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a6bc6) #9 0x117f8a6fa in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a66fa) #10 0x1172c1013 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd013) #11 0x1172c1203 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd203) #12 0x1172b6de4 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d2de4) #13 0x11d0d6d5e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63f2d5e) #14 0x10a97f82e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1acb82e) #15 0x10a98dabe in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9abe) #16 0x10a98d764 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9764) #17 0x10a98aa70 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad6a70) #18 0x10a988e00 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad4e00) #19 0x10967a6d9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c66d9) #20 0x10908ce0a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8e0a) #21 0x1090755f4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c15f4) #22 0x10908daf5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d9af5) #23 0x10909e0ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ea0ac) #24 0x10909dfd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9fd8) #25 0x11295b360 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e2d360) #26 0x1129a5026 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77026) #27 0x1129a5ef1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77ef1) #28 0x7fff8eaad7e0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa7e0) #29 0x7fff8ea8cf1b in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89f1b) #30 0x7fff8ea8c43e in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8943e) #31 0x7fff8ea8be37 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e37) #32 0x7fff94359934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #33 0x7fff9435976e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #34 0x7fff943595ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #35 0x7fff8fc63df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #36 0x7fff8fc63225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #37 0x7fff8fc57d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #38 0x7fff8fc21367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #39 0x7fff9a10e193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #40 0x7fff9a10cbbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #41 0x108ea0f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #42 0x7fff914ac5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #43 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) in WTFCrash ==6483==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 6483)
Attachments
Test
(54 bytes, application/octet-stream)
2016-10-27 14:57 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2016-10-27 14:57:01 PDT
Created
attachment 293064
[details]
Test
Ahmad Saleem
Comment 2
2023-01-20 10:09:40 PST
I downloaded this file and used file:// to load the test file in MiniBrowser Debug WK2 instance of the testcase based of
259136@main
and I am not getting any assert failed. If I am not following steps correctly please guide, else I think it is not reproducing and we can close this. Thanks!
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug