WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
186766
[DEBUG] Crash under CSSPrimitiveValue::init() when transitioning background-position and reading the computed style
https://bugs.webkit.org/show_bug.cgi?id=186766
Summary
[DEBUG] Crash under CSSPrimitiveValue::init() when transitioning background-p...
Antoine Quint
Reported
2018-06-18 08:12:22 PDT
Created
attachment 342937
[details]
Testcase See the attached test case which crashes upon reading the background-position-x property.
Attachments
Testcase
(579 bytes, text/html)
2018-06-18 08:12 PDT
,
Antoine Quint
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2018-06-18 23:26:46 PDT
I couldn't reproduce in Safari 11.1.1, so sounds like a regression from shipping?
Antoine Quint
Comment 2
2018-06-19 00:35:09 PDT
Sorry, I should say this is a debug assertion, so the crash won't reproduce with a release or production build.
Antoine Quint
Comment 3
2018-06-19 00:35:51 PDT
#0 0x000000024f993230 in ::WTFCrash() at /Source/WTF/wtf/Assertions.cpp:267 #1 0x0000000241bb0a55 in WebCore::CSSPrimitiveValue::init(WebCore::Length const&) at /Source/WebCore/css/CSSPrimitiveValue.cpp:416 #2 0x0000000241bb0801 in WebCore::CSSPrimitiveValue::CSSPrimitiveValue(WebCore::Length const&) at /Source/WebCore/css/CSSPrimitiveValue.cpp:334 #3 0x0000000241bb0add in WebCore::CSSPrimitiveValue::CSSPrimitiveValue(WebCore::Length const&) at /Source/WebCore/css/CSSPrimitiveValue.cpp:333 #4 0x0000000241b3b87e in WTF::Ref<WebCore::CSSPrimitiveValue, WTF::DumbPtrTraits<WebCore::CSSPrimitiveValue> > WebCore::CSSPrimitiveValue::create<WebCore::Length const&>(WebCore::Length const&&&) at /Source/WebCore/./css/CSSPrimitiveValue.h:388 #5 0x0000000241b1be24 in WTF::Ref<WebCore::CSSPrimitiveValue, WTF::DumbPtrTraits<WebCore::CSSPrimitiveValue> > WebCore::CSSValuePool::createValue<WebCore::Length const&>(WebCore::Length const&&&) at /Source/WebCore/css/CSSValuePool.h:67 #6 0x0000000241b10c04 in WebCore::ComputedStyleExtractor::valueForPropertyinStyle(WebCore::RenderStyle const&, WebCore::CSSPropertyID, WebCore::RenderElement*) at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:2818 #7 0x0000000241b0e86b in WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:2708 #8 0x0000000241b0e475 in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:2416 #9 0x0000000241b2899a in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal(WebCore::CSSPropertyID) at /Source/WebCore/css/CSSComputedStyleDeclaration.cpp:4296 #10 0x0000000241bca6c2 in WebCore::CSSStyleDeclaration::namedItem(WTF::AtomicString const&) at /Source/WebCore/css/CSSStyleDeclaration.cpp:264 #11 0x00000002403c59d8 in std::optional<WTF::Variant<WTF::String, double> > WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0::operator()<WebCore::JSCSSStyleDeclaration, JSC::PropertyName>(WebCore::JSCSSStyleDeclaration&, JSC::PropertyName) const at /Users/antoine/Builds/Debug/DerivedSources/WebCore/JSCSSStyleDeclaration.cpp:196 #12 0x00000002403b8673 in decltype(fp2(fp0fp1)) WebCore::accessVisibleNamedProperty<(WebCore::OverrideBuiltins)0, WebCore::JSCSSStyleDeclaration, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&>(JSC::ExecState&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&&&) at /Source/WebCore/bindings/js/JSDOMAbstractOperations.h:97 #13 0x00000002403b769e in WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) at /Users/antoine/Builds/Debug/DerivedSources/WebCore/JSCSSStyleDeclaration.cpp:201 #14 0x000000024fab3602 in JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) at /Source/JavaScriptCore/runtime/JSObjectInlines.h:150 #15 0x000000024fab2af6 in JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) at /Source/JavaScriptCore/runtime/JSObject.h:1407 #16 0x00000002502f6a72 in JSC::JSValue::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const at /Source/JavaScriptCore/runtime/JSCJSValueInlines.h:872 #17 0x00000002502de692 in JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const at /Source/JavaScriptCore/runtime/JSCJSValueInlines.h:826 #18 0x00000002509bb564 in ::llint_slow_path_get_by_id(JSC::ExecState *, JSC::Instruction *) at /Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:712 #19 0x000000024fa80a38 in llint_entry at /Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:58 #20 0x000000024fa7d282 in llintPCRangeStart at /Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:257 #21 0x00000002508d980a in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) at /Source/JavaScriptCore/jit/JITCodeInlines.h:38 #22 0x00000002508d9de0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Source/JavaScriptCore/interpreter/Interpreter.cpp:1023 #23 0x0000000250b67e6a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Source/JavaScriptCore/runtime/CallData.cpp:41 #24 0x0000000250b67f49 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) at /Source/JavaScriptCore/runtime/CallData.cpp:48 #25 0x0000000250b681ed in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) at /Source/JavaScriptCore/runtime/CallData.cpp:67 #26 0x00000002418d6d0b in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) at /Source/WebCore/bindings/js/JSMainThreadExecState.h:72 #27 0x0000000241959ac6 in WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) at /Source/WebCore/bindings/js/ScheduledAction.cpp:119 #28 0x0000000241959570 in WebCore::ScheduledAction::execute(WebCore::Document&) at /Source/WebCore/bindings/js/ScheduledAction.cpp:140 #29 0x0000000241959433 in WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) at /Source/WebCore/bindings/js/ScheduledAction.cpp:86 #30 0x00000002427382a9 in WebCore::DOMTimer::fired() at /Source/WebCore/page/DOMTimer.cpp:365 #31 0x000000024297c3c4 in WebCore::ThreadTimers::sharedTimerFiredInternal() at /Source/WebCore/platform/ThreadTimers.cpp:117 #32 0x0000000242991df1 in WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const at /Source/WebCore/platform/ThreadTimers.cpp:69 #33 0x0000000242991da9 in WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() at /Users/antoine/Builds/Debug/usr/local/include/wtf/Function.h:101 #34 0x000000024000f1fb in WTF::Function<void ()>::operator()() const at /Users/antoine/Builds/Debug/usr/local/include/wtf/Function.h:56 #35 0x0000000242954335 in WebCore::MainThreadSharedTimer::fired() at /Source/WebCore/platform/MainThreadSharedTimer.cpp:54 #36 0x00000002429f9519 in WebCore::timerFired(__CFRunLoopTimer*, void*) at /Source/WebCore/platform/cf/MainThreadSharedTimerCF.cpp:74
Radar WebKit Bug Importer
Comment 4
2018-06-19 09:32:34 PDT
<
rdar://problem/41252365
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug