167878 – CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle

Bug 167878 - CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle

Summary: CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidat...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-02-06 06:16 PST by Antti Koivisto
Modified:	2019-05-02 16:18 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
patch (1.85 KB, patch) 2017-02-06 06:23 PST, Antti Koivisto	kling: review+	Details \| Formatted Diff \| Diff
patch (1.85 KB, patch) 2017-02-06 07:13 PST, Antti Koivisto	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Antti Koivisto 2017-02-06 06:16:57 PST

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000014
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread:  0

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0   WebCore                       	0x000000018aa657d4 WebCore::Node::invalidateStyle(WebCore::Style::Validity, WebCore::Style::InvalidationMode) + 0 (Node.cpp:796)
1   WebCore                       	0x000000018ad35af8 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() + 104 (Function.h:50)
2   WebCore                       	0x000000018a1ff23c WebCore::Document::recalcStyle(WebCore::Style::Change) + 752 (Document.cpp:1844)
3   WebCore                       	0x0000000189f0a56c WebCore::Document::updateLayout() + 236 (Document.cpp:1893)
4   WebCore                       	0x000000018a1ff470 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 132 (Document.cpp:1951)
5   WebCore                       	0x0000000189f10cd4 WebCore::Element::getBoundingClientRect() + 44 (Element.cpp:1167)
6   WebCore                       	0x0000000189f10c20 WebCore::jsElementPrototypeFunctionGetBoundingClientRect(JSC::ExecState*) + 132 (JSElement.cpp:2931)
7   ???                           	0x0000000280530030 0 + 10742857776
8   JavaScriptCore                	0x00000001899a3608 llint_entry + 26408
9   JavaScriptCore                	0x00000001899a3608 llint_entry + 26408
10  JavaScriptCore                	0x00000001899a3608 llint_entry + 26408
11  JavaScriptCore                	0x00000001899a3608 llint_entry + 26408
12  JavaScriptCore                	0x00000001899a39a0 llint_entry + 27328
13  JavaScriptCore                	0x000000018999cd18 vmEntryToJavaScript + 264
14  JavaScriptCore                	0x0000000189885068 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 212 (JITCode.cpp:81)
15  JavaScriptCore                	0x0000000189218534 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 416 (Interpreter.cpp:927)
16  WebCore                       	0x000000018a3ed3bc WebCore::HTMLMediaElement::didAddUserAgentShadowRoot(WebCore::ShadowRoot*) + 1072 (HTMLMediaElement.cpp:6642)
17  WebCore                       	0x000000018a2749ec WebCore::Element::addShadowRoot(WTF::Ref<WebCore::ShadowRoot>&&) + 260 (Element.cpp:1763)
18  WebCore                       	0x0000000189ea4040 WebCore::Element::ensureUserAgentShadowRoot() + 92 (Element.cpp:1856)
19  WebCore                       	0x000000018a3db9fc WebCore::HTMLMediaElement::configureMediaControls() + 304 (HTMLMediaElement.cpp:3891)
20  WebCore                       	0x000000018a0c461c WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 284 (ContainerNode.cpp:349)
21  WebCore                       	0x000000018a0c41a8 WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 36 (ContainerNode.cpp:802)
22  WebCore                       	0x000000018a0c3f68 WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&) + 320 (ContainerNode.cpp:691)
23  WebCore                       	0x000000018a0c3c3c WebCore::ContainerNode::insertBefore(WebCore::Node&, WebCore::Node*) + 332 (ContainerNode.cpp:254)
24  WebCore                       	0x000000018a7c3ed4 WebCore::JSNode::insertBefore(JSC::ExecState&) + 112 (JSNodeCustom.cpp:126)
25  WebCore                       	0x0000000189e7ca70 WebCore::jsNodePrototypeFunctionInsertBefore(JSC::ExecState*) + 108 (JSNode.cpp:674)

Comment 1 Antti Koivisto 2017-02-06 06:17:15 PST

rdar://problem/30251840

Comment 2 Antti Koivisto 2017-02-06 06:23:45 PST

Created attachment 300715 [details]
patch

Comment 3 Antti Koivisto 2017-02-06 07:13:50 PST

Created attachment 300720 [details]
patch

Comment 4 WebKit Commit Bot 2017-02-06 09:36:42 PST

Comment on attachment 300720 [details]
patch

Clearing flags on attachment: 300720

Committed r211730: <http://trac.webkit.org/changeset/211730>

Comment 5 WebKit Commit Bot 2017-02-06 09:36:47 PST

All reviewed patches have been landed.  Closing bug.