Because ImageLoader::updateFromElement() can send a sync IPC with the following stack trace and execute arbitrary scripts while waiting for the response, it's not safe to call this function where NoEventDispatchAssertion is present. 3 WebKit: IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) 3 WebKit: IPC::Connection::waitForSyncReply(unsigned long long, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) 3 WebKit: IPC::Connection::sendSyncMessage(unsigned long long, std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) 3 WebKit: bool IPC::Connection::sendSync<Messages::NetworkConnectionToWebProcess::CookieRequestHeaderFieldValue>(Messages::NetworkConnectionToWebProcess::CookieRequestHeaderFieldValue&&, Messages::NetworkConnectionToWebProcess::CookieRequestHeaderFieldValue::Reply&&, unsigned long long, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) 3 WebKit: WebKit::WebPlatformStrategies::cookieRequestHeaderFieldValue(WebCore::SessionID, WebCore::URL const&, WebCore::URL const&) 3 WebCore: WebCore::verifyVaryingRequestHeaders(WTF::Vector<std::__1::pair<WTF::String, WTF::String>, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::ResourceRequest const&, WebCore::SessionID) 3 WebCore: WebCore::CachedResource::varyHeaderValuesMatch(WebCore::ResourceRequest const&) 3 WebCore: WebCore::CachedResourceLoader::determineRevalidationPolicy(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&, WebCore::CachedResource*, WebCore::CachedResourceLoader::ForPreload, WebCore::CachedResourceLoader::DeferOption) const 3 WebCore: WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&&, WebCore::CachedResourceLoader::ForPreload, WebCore::CachedResourceLoader::DeferOption) 3 WebCore: WebCore::CachedResourceLoader::requestImage(WebCore::CachedResourceRequest&&) 3 WebCore: WebCore::ImageLoader::updateFromElement()
<rdar://problem/35278782>
Created attachment 329262 [details] Fixes the crash
Comment on attachment 329262 [details] Fixes the crash Clearing flags on attachment: 329262 Committed r225878: <https://trac.webkit.org/changeset/225878>
All reviewed patches have been landed. Closing bug.
Re-opened since this is blocked by bug 180855