RESOLVED FIXED 167878
CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle 
https://bugs.webkit.org/show_bug.cgi?id=167878
Summary CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidat...
Antti Koivisto
Reported 2017-02-06 06:16:57 PST
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000014 Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebCore 0x000000018aa657d4 WebCore::Node::invalidateStyle(WebCore::Style::Validity, WebCore::Style::InvalidationMode) + 0 (Node.cpp:796) 1 WebCore 0x000000018ad35af8 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() + 104 (Function.h:50) 2 WebCore 0x000000018a1ff23c WebCore::Document::recalcStyle(WebCore::Style::Change) + 752 (Document.cpp:1844) 3 WebCore 0x0000000189f0a56c WebCore::Document::updateLayout() + 236 (Document.cpp:1893) 4 WebCore 0x000000018a1ff470 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 132 (Document.cpp:1951) 5 WebCore 0x0000000189f10cd4 WebCore::Element::getBoundingClientRect() + 44 (Element.cpp:1167) 6 WebCore 0x0000000189f10c20 WebCore::jsElementPrototypeFunctionGetBoundingClientRect(JSC::ExecState*) + 132 (JSElement.cpp:2931) 7 ??? 0x0000000280530030 0 + 10742857776 8 JavaScriptCore 0x00000001899a3608 llint_entry + 26408 9 JavaScriptCore 0x00000001899a3608 llint_entry + 26408 10 JavaScriptCore 0x00000001899a3608 llint_entry + 26408 11 JavaScriptCore 0x00000001899a3608 llint_entry + 26408 12 JavaScriptCore 0x00000001899a39a0 llint_entry + 27328 13 JavaScriptCore 0x000000018999cd18 vmEntryToJavaScript + 264 14 JavaScriptCore 0x0000000189885068 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 212 (JITCode.cpp:81) 15 JavaScriptCore 0x0000000189218534 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 416 (Interpreter.cpp:927) 16 WebCore 0x000000018a3ed3bc WebCore::HTMLMediaElement::didAddUserAgentShadowRoot(WebCore::ShadowRoot*) + 1072 (HTMLMediaElement.cpp:6642) 17 WebCore 0x000000018a2749ec WebCore::Element::addShadowRoot(WTF::Ref<WebCore::ShadowRoot>&&) + 260 (Element.cpp:1763) 18 WebCore 0x0000000189ea4040 WebCore::Element::ensureUserAgentShadowRoot() + 92 (Element.cpp:1856) 19 WebCore 0x000000018a3db9fc WebCore::HTMLMediaElement::configureMediaControls() + 304 (HTMLMediaElement.cpp:3891) 20 WebCore 0x000000018a0c461c WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 284 (ContainerNode.cpp:349) 21 WebCore 0x000000018a0c41a8 WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 36 (ContainerNode.cpp:802) 22 WebCore 0x000000018a0c3f68 WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&) + 320 (ContainerNode.cpp:691) 23 WebCore 0x000000018a0c3c3c WebCore::ContainerNode::insertBefore(WebCore::Node&, WebCore::Node*) + 332 (ContainerNode.cpp:254) 24 WebCore 0x000000018a7c3ed4 WebCore::JSNode::insertBefore(JSC::ExecState&) + 112 (JSNodeCustom.cpp:126) 25 WebCore 0x0000000189e7ca70 WebCore::jsNodePrototypeFunctionInsertBefore(JSC::ExecState*) + 108 (JSNode.cpp:674)
Attachments
patch (1.85 KB, patch)
2017-02-06 06:23 PST, Antti Koivisto 		kling: review+
DetailsFormatted DiffDiff
patch (1.85 KB, patch)
2017-02-06 07:13 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2017-02-06 06:17:15 PST
rdar://problem/30251840
Antti Koivisto
Comment 2 2017-02-06 06:23:45 PST
Created attachment 300715 [details] patch
Antti Koivisto
Comment 3 2017-02-06 07:13:50 PST
Created attachment 300720 [details] patch
WebKit Commit Bot
Comment 4 2017-02-06 09:36:42 PST
Comment on attachment 300720 [details] patch Clearing flags on attachment: 300720 Committed r211730: <http://trac.webkit.org/changeset/211730>
WebKit Commit Bot
Comment 5 2017-02-06 09:36:47 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.