RESOLVED FIXED 192347
Crash in HTMLCollection::updateNamedElementCache 
https://bugs.webkit.org/show_bug.cgi?id=192347
Summary Crash in HTMLCollection::updateNamedElementCache
Ryosuke Niwa
Reported 2018-12-03 19:43:03 PST
e.g. 0 com.apple.WebCore 0x00007fff56800e90 WebCore::HTMLCollection::updateNamedElementCache() const + 192 1 com.apple.WebCore 0x00007fff56800b76 WebCore::HTMLCollection::namedItemSlow(WTF::AtomicString const&) const + 22 2 com.apple.WebCore 0x00007fff55fe674e WebCore::CachedHTMLCollection<WebCore::HTMLOptionsCollection, (WebCore::CollectionTraversalType)0>::namedItem(WTF::AtomicString const&) const + 590 3 com.apple.WebCore 0x00007fff55fde376 WebCore::JSHTMLOptionsCollection::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 502 4 com.apple.JavaScriptCore 0x00007fff4b979360 llint_slow_path_get_by_id + 2256 5 com.apple.JavaScriptCore 0x00007fff4b983d56 llint_entry + 12436 6 com.apple.JavaScriptCore 0x00007fff4b987ef7 llint_entry + 29237 7 com.apple.JavaScriptCore 0x00007fff4b980ada vmEntryToJavaScript + 304 8 com.apple.JavaScriptCore 0x00007fff4bfdf063 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 147 9 com.apple.JavaScriptCore 0x00007fff4b7f6ea4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 548 <rdar://problem/38054346>
Attachments
Fixes the bug (4.41 KB, patch)
2018-12-03 19:50 PST, Ryosuke Niwa 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2018-12-03 19:50:47 PST
Created attachment 356451 [details] Fixes the bug
Ryosuke Niwa
Comment 2 2018-12-04 16:30:25 PST
Committed r238880: <https://trac.webkit.org/changeset/238880>
Radar WebKit Bug Importer
Comment 3 2018-12-04 16:31:30 PST
<rdar://problem/46470500>
Note You need to log in before you can comment on or make changes to this bug.