WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
178859
ASSERTION FAILED: source.currentCharacter() == character in WebCore::HTMLTokenizer::commitToPartialEndTag
https://bugs.webkit.org/show_bug.cgi?id=178859
Summary
ASSERTION FAILED: source.currentCharacter() == character in WebCore::HTMLToke...
Renata Hodovan
Reported
2017-10-26 05:22:16 PDT
Created
attachment 324992
[details]
Test Checked version: 9e82982 OS: macOS Sierra (10.12.6) Load the attached test with debug WebKitTestRunner (missing closing >): <script></script Backtrace: ASSERTION FAILED: source.currentCharacter() == character WebKit/Source/WebCore/html/parser/HTMLTokenizer.cpp(160) : bool WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString &, UChar, WebCore::HTMLTokenizer::State) 1 0x13ba13321 WTFCrash 2 0x119c7f3d3 WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString&, unsigned short, WebCore::HTMLTokenizer::State) 3 0x119c833ea WebCore::HTMLTokenizer::processToken(WebCore::SegmentedString&) 4 0x11997abef WebCore::HTMLTokenizer::nextToken(WebCore::SegmentedString&) 5 0x119b8c22a WebCore::HTMLMetaCharsetParser::checkForMetaCharset(char const*, unsigned long) 6 0x1205fe66c WebCore::TextResourceDecoder::checkForMetaCharset(char const*, unsigned long) 7 0x1205fe4e7 WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&) 8 0x1205fffad WebCore::TextResourceDecoder::decode(char const*, unsigned long) 9 0x11f9ef82a WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) 10 0x120440ea2 WebCore::DocumentWriter::addData(char const*, unsigned long) 11 0x120438e41 WebCore::DocumentLoader::commitData(char const*, unsigned long) 12 0x111e73d39 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) 13 0x12043f299 WebCore::DocumentLoader::commitLoad(char const*, int) 14 0x12043ef79 WebCore::DocumentLoader::dataReceived(char const*, int) 15 0x120440f29 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) 16 0x120440f6a non-virtual thunk to WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) 17 0x1206c1b3b WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) 18 0x1206c1785 WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) 19 0x1205f5bbb WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) 20 0x1205f5444 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) 21 0x112a39e86 WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) 22 0x112a472ba void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) 23 0x112a46f29 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) 24 0x112a4437a void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) 25 0x112a425ce WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) 26 0x11103b572 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 27 0x1109b688b IPC::Connection::dispatchMessage(IPC::Decoder&) 28 0x11099a199 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 29 0x1109b75b8 IPC::Connection::dispatchOneMessage() 30 0x1109f64bd IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() 31 0x1109f63e9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() ASAN:DEADLYSIGNAL ================================================================= ==83675==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00013ba13359 bp 0x7fff51281370 sp 0x7fff51281360 T0) ==83675==The signal is caused by a WRITE memory access. ==83675==WARNING: invalid path to external symbolizer! ==83675==WARNING: Failed to use and restart external symbolizer! #0 0x13ba13358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) #1 0x119c7f3d2 in WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString&, unsigned short, WebCore::HTMLTokenizer::State) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x152d3d2) #2 0x119c833e9 in WebCore::HTMLTokenizer::processToken(WebCore::SegmentedString&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x15313e9) #3 0x11997abee in WebCore::HTMLTokenizer::nextToken(WebCore::SegmentedString&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1228bee) #4 0x119b8c229 in WebCore::HTMLMetaCharsetParser::checkForMetaCharset(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x143a229) #5 0x1205fe66b in WebCore::TextResourceDecoder::checkForMetaCharset(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7eac66b) #6 0x1205fe4e6 in WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7eac4e6) #7 0x1205fffac in WebCore::TextResourceDecoder::decode(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7eadfac) #8 0x11f9ef829 in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x729d829) #9 0x120440ea1 in WebCore::DocumentWriter::addData(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ceeea1) #10 0x120438e40 in WebCore::DocumentLoader::commitData(char const*, unsigned long) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce6e40) #11 0x111e73d38 in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x17dfd38) #12 0x12043f298 in WebCore::DocumentLoader::commitLoad(char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ced298) #13 0x12043ef78 in WebCore::DocumentLoader::dataReceived(char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7cecf78) #14 0x120440f28 in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ceef28) #15 0x120440f69 in non-virtual thunk to WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ceef69) #16 0x1206c1b3a in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6fb3a) #17 0x1206c1784 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6f784) #18 0x1205f5bba in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea3bba) #19 0x1205f5443 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea3443) #20 0x112a39e85 in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a5e85) #21 0x112a472b9 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b32b9) #22 0x112a46f28 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b2f28) #23 0x112a44379 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b0379) #24 0x112a425cd in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23ae5cd) #25 0x11103b571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571) #26 0x1109b688a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a) #27 0x11099a198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198) #28 0x1109b75b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7) #29 0x1109f64bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc) #30 0x1109f63e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8) #31 0x13baad7e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2) #32 0x13bb04cec in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefcec) #33 0x13bb05d78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78) #34 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320) #35 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c) #36 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715) #37 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #38 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #39 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #40 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #41 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #42 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #43 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #44 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #45 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #46 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #47 0x10e978dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0) #48 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) ==83675==Register values: rax = 0x00000000bbadbeef rbx = 0x00007fff51281440 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000 rdi = 0x00001fffea250224 rsi = 0x0000000000000000 rbp = 0x00007fff51281370 rsp = 0x00007fff51281360 r8 = 0x00000000000000ac r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff r12 = 0x00001c4a00061c57 r13 = 0x00007fff51283000 r14 = 0x000062500030c100 r15 = 0x000062500030e2b9 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash ==83675==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 83675) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test
(18 bytes, text/html)
2017-10-26 05:22 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug