WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
187137
Release assert in ScriptController::canExecuteScripts via WebCore::SVGUseElement::insertedIntoAncestor
https://bugs.webkit.org/show_bug.cgi?id=187137
Summary
Release assert in ScriptController::canExecuteScripts via WebCore::SVGUseElem...
Ryosuke Niwa
Reported
2018-06-27 23:57:40 PDT
e.g. Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff3fb38d4d WebCore::ScriptController::canExecuteScripts(WebCore::ReasonForCallingCanExecuteScripts) + 509 1 com.apple.WebCore 0x00007fff406112b2 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 338 2 com.apple.WebCore 0x00007fff408433b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>) + 836 3 com.apple.WebCore 0x00007fff408411f0 WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 512 4 com.apple.WebCore 0x00007fff40b944c2 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 242 5 com.apple.WebCore 0x00007fff3fb74efa WebCore::DOMWindow::dispatchLoadEvent() + 154 6 com.apple.WebCore 0x00007fff3fb4671f WebCore::Document::implicitClose() + 399 7 com.apple.WebCore 0x00007fff3fb460fe WebCore::FrameLoader::checkCompleted() + 398 8 com.apple.WebCore 0x00007fff40b6cb14 WebCore::CachedResourceLoader::loadDone(bool) + 68 9 com.apple.WebCore 0x00007fff3fc57e0f WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) + 127 10 com.apple.WebCore 0x00007fff3fc57a34 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 468 11 com.apple.WebCore 0x00007fff3fc577d4 WebCore::ResourceLoader::cancel() + 68 12 com.apple.WebCore 0x00007fff40b663ae WebCore::CachedResource::removeClient(WebCore::CachedResourceClient&) + 574 13 com.apple.WebCore 0x00007fff40afff0b WebCore::DocumentThreadableLoader::clearResource() + 59 14 com.apple.WebCore 0x00007fff3fc5819c WebCore::DocumentThreadableLoader::cancel() + 412 15 com.apple.WebCore 0x00007fff3fbc3732 WebCore::XMLHttpRequest::internalAbort() + 130 16 com.apple.WebCore 0x00007fff3fb6a5ae WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 494 17 com.apple.WebCore 0x00007fff3fb69e4b WebCore::Document::prepareForDestruction() + 827 18 com.apple.WebCore 0x00007fff40bb5cd5 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) + 245 19 com.apple.WebCore 0x00007fff3fbb8d34 WebCore::FrameLoader::detachFromParent() + 436 20 com.apple.WebCore 0x00007fff3fb2c69f WebCore::FrameLoader::detachChildren() + 351 21 com.apple.WebCore 0x00007fff3fbb8c15 WebCore::FrameLoader::detachFromParent() + 149 22 com.apple.WebCore 0x00007fff3fb2c69f WebCore::FrameLoader::detachChildren() + 351 23 com.apple.WebCore 0x00007fff3fbb8c15 WebCore::FrameLoader::detachFromParent() + 149 24 com.apple.WebCore 0x00007fff3fbfe316 WebCore::FrameLoader::frameDetached() + 70 25 com.apple.WebCore 0x00007fff3fbfe283 WebCore::HTMLFrameOwnerElement::disconnectContentFrame() + 35 26 com.apple.WebCore 0x00007fff407f0048 WebCore::disconnectSubframes(WebCore::ContainerNode&, WebCore::SubframeDisconnectPolicy) + 216 27 com.apple.WebCore 0x00007fff407ec8f9 WebCore::ContainerNode::removeChild(WebCore::Node&) + 217 28 com.apple.WebCore 0x00007fff4085aabb WebCore::Node::removeChild(WebCore::Node&) + 43 29 com.apple.WebCore 0x00007fff3fbb2b2e WebCore::jsNodePrototypeFunctionRemoveChild(JSC::ExecState*) + 238
Attachments
Fixes the bug
(4.34 KB, patch)
2018-06-28 00:20 PDT
,
Ryosuke Niwa
no flags
Details
Formatted Diff
Diff
Archive of layout-test-results from ews106 for mac-sierra-wk2
(3.12 MB, application/zip)
2018-06-28 01:46 PDT
,
EWS Watchlist
no flags
Details
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2018-06-27 23:57:52 PDT
<
rdar://problem/41081885
>
Ryosuke Niwa
Comment 2
2018-06-28 00:08:47 PDT
Oops, wrong stack trace :( Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff52eb9d4d WebCore::ScriptController::canExecuteScripts(WebCore::ReasonForCallingCanExecuteScripts) + 509 1 com.apple.WebCore 0x00007fff539922b2 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 338 2 com.apple.WebCore 0x00007fff53bc43b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>) + 836 3 com.apple.WebCore 0x00007fff53bc21f0 WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 512 4 com.apple.WebCore 0x00007fff53bc1196 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 86 5 com.apple.WebCore 0x00007fff53bc0e8a WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 602 6 com.apple.WebCore 0x00007fff543e25cd WebCore::SVGUseElement::notifyFinished(WebCore::CachedResource&) + 125 7 com.apple.WebCore 0x00007fff53ee0578 WebCore::CachedResource::didAddClient(WebCore::CachedResourceClient&) + 152 8 com.apple.WebCore 0x00007fff543dffbb WebCore::SVGUseElement::updateExternalDocument() + 1435 9 com.apple.WebCore 0x00007fff543df9c0 WebCore::SVGUseElement::insertedIntoAncestor(WebCore::Node::InsertionType, WebCore::ContainerNode&) + 128 10 com.apple.WebCore 0x00007fff53b7095d WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul>&) + 61 11 com.apple.WebCore 0x00007fff53b709d8 WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul>&) + 184 12 com.apple.WebCore 0x00007fff53b709d8 WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul>&) + 184 13 com.apple.WebCore 0x00007fff53b7087b WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&) + 107 14 com.apple.WebCore 0x00007fff53b6d397 WebCore::ContainerNode::replaceChild(WebCore::Node&, WebCore::Node&) + 1479 15 com.apple.WebCore 0x00007fff53bdba7b WebCore::Node::replaceChild(WebCore::Node&, WebCore::Node&) + 43 16 com.apple.WebCore 0x00007fff52fdf759 WebCore::jsNodePrototypeFunctionReplaceChild(JSC::ExecState*) + 361
Ryosuke Niwa
Comment 3
2018-06-28 00:20:22 PDT
Created
attachment 343800
[details]
Fixes the bug
EWS Watchlist
Comment 4
2018-06-28 01:46:38 PDT
Comment on
attachment 343800
[details]
Fixes the bug
Attachment 343800
[details]
did not pass mac-wk2-ews (mac-wk2): Output:
https://webkit-queues.webkit.org/results/8367770
New failing tests: http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-window-open.html
EWS Watchlist
Comment 5
2018-06-28 01:46:40 PDT
Created
attachment 343803
[details]
Archive of layout-test-results from ews106 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
Ryosuke Niwa
Comment 6
2018-06-28 03:30:28 PDT
Hm... I don't think this test failure is related to my patch.
WebKit Commit Bot
Comment 7
2018-06-28 14:00:52 PDT
Comment on
attachment 343800
[details]
Fixes the bug Clearing flags on attachment: 343800 Committed
r233324
: <
https://trac.webkit.org/changeset/233324
>
WebKit Commit Bot
Comment 8
2018-06-28 14:00:54 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug