RESOLVED FIXED 170756
Crash in WebCore::StyleRuleKeyframes::findKeyframeIndex 
https://bugs.webkit.org/show_bug.cgi?id=170756
Summary Crash in WebCore::StyleRuleKeyframes::findKeyframeIndex
Ricci Adams
Reported 2017-04-11 16:27:35 PDT
Safari crashes (100% of the time) on this page on my site: http://ricciadams.com/projects/pixel-winch This occurs on both Safari 10.1 on macOS 10.12.4, Safari Technology Preview 27 on macOS 10.12.4, and iOS Mobile Safari on iOS 10.3. Top stack frames: 0 com.apple.WebCore 0x00007fffd42bd0f4 WebCore::StyleRuleKeyframes::findKeyframeIndex(WTF::String const&) const + 84 1 com.apple.WebCore 0x00007fffd42bd812 WebCore::CSSKeyframesRule::findRule(WTF::String const&) + 18 2 com.apple.WebCore 0x00007fffd46d9774 WebCore::jsCSSKeyframesRulePrototypeFunctionFindRule(JSC::ExecState*) + 356 Full crash logs are attached.
Attachments
Crash log (95.23 KB, text/plain)
2017-04-11 16:27 PDT, Ricci Adams 		no flags
Details
Reduction of crashing page into a single HTML file. (25.23 KB, text/html)
2017-04-12 02:59 PDT, Ricci Adams 		no flags
Details
patch (3.10 KB, patch)
2017-05-22 06:06 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (4.24 KB, patch)
2017-05-22 06:09 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews116 for mac-elcapitan (1.63 MB, application/zip)
2017-05-22 07:41 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (9.17 MB, application/zip)
2017-05-22 08:00 PDT, Build Bot 		no flags
Details
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Ricci Adams
Comment 1 2017-04-11 16:27:59 PDT
Created attachment 306872 [details] Crash log
Radar WebKit Bug Importer
Comment 2 2017-04-11 22:35:46 PDT
<rdar://problem/31573157>
Ricci Adams
Comment 3 2017-04-12 02:59:03 PDT
Adding a single HTML file which reproduces. I might try fixing this on my site, so I'm not sure how long http://ricciadams.com/projects/pixel-winch will continue to crash.
Ricci Adams
Comment 4 2017-04-12 02:59:43 PDT
Created attachment 306903 [details] Reduction of crashing page into a single HTML file.
Antti Koivisto
Comment 5 2017-05-22 06:06:10 PDT
Created attachment 310854 [details] patch
Antti Koivisto
Comment 6 2017-05-22 06:09:08 PDT
Created attachment 310856 [details] patch
Build Bot
Comment 7 2017-05-22 07:41:07 PDT
Comment on attachment 310856 [details] patch Attachment 310856 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3794234 New failing tests: imported/w3c/web-platform-tests/media-source/mediasource-buffered.html
Build Bot
Comment 8 2017-05-22 07:41:08 PDT
Created attachment 310872 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Antti Koivisto
Comment 9 2017-05-22 07:50:45 PDT
The failure is unrelated to the patch.
Build Bot
Comment 10 2017-05-22 08:00:09 PDT
Comment on attachment 310856 [details] patch Attachment 310856 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3794226 New failing tests: compositing/absolute-inside-out-of-view-fixed.html
Build Bot
Comment 11 2017-05-22 08:00:11 PDT
Created attachment 310875 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6
WebKit Commit Bot
Comment 12 2017-05-22 11:16:22 PDT
Comment on attachment 310856 [details] patch Clearing flags on attachment: 310856 Committed r217227: <http://trac.webkit.org/changeset/217227>
WebKit Commit Bot
Comment 13 2017-05-22 11:16:23 PDT
All reviewed patches have been landed. Closing bug.
Antti Koivisto
Comment 14 2017-05-22 23:09:15 PDT
Thanks for the test case Ricci!
Ricci Adams
Comment 15 2017-05-23 01:16:47 PDT
Thanks for the fix! In case anybody else hits this: the issue was my JavaScript calling CSSKeyframesRule.findRule() with an argument of "0" or "1". Per https://drafts.csswg.org/css-animations/#csskeyframesrule , the argument needs to be a "comma-separated list of percentage values between 0% and 100%", "from", or "to".
Note You need to log in before you can comment on or make changes to this bug.