WebKit crashes with the following backtrace when visiting https://developer.apple.com/tutorials/swiftui/creating-and-combining-views. 0 WebCore 0x00000001b88af7b0 WebCore::RadioButtonGroups::hasCheckedButton(WebCore::HTMLInputElement const&) const + 136 1 WebCore 0x00000001b88af74c WebCore::RadioButtonGroups::hasCheckedButton(WebCore::HTMLInputElement const&) const + 36 2 WebCore 0x00000001b8ae7310 WebCore::RadioInputType::matchesIndeterminatePseudoClass() const + 48 3 ??? 0x0000000caf0068a0 0 + 54475647136 4 WebCore 0x00000001b9238b0c WebCore::Style::ElementRuleCollector::collectMatchingRulesForList(WTF::Vector<WebCore::Style::RuleData, 1ul, WTF::CrashOnOverflow, 16ul> const*, WebCore::Style::MatchRequest const&) + 384 5 WebCore 0x00000001b9238840 WebCore::Style::ElementRuleCollector::collectMatchingRules(WebCore::Style::MatchRequest const&) + 740 6 WebCore 0x00000001b9239930 WebCore::Style::ElementRuleCollector::matchUARules() + 104 7 WebCore 0x00000001b9239f60 WebCore::Style::ElementRuleCollector::matchAllRules(bool, bool) + 40 8 WebCore 0x00000001b9250990 WebCore::Style::Resolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) + 488 9 WebCore 0x00000001b925b9e4 WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) + 228 10 WebCore 0x00000001b925bd20 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) + 112 11 WebCore 0x00000001b925cd9c WebCore::Style::TreeResolver::resolveComposedTree() + 1388 12 WebCore 0x00000001b925d8f0 WebCore::Style::TreeResolver::resolve() + 700 <rdar://problem/58441241>
Created attachment 387895 [details] Fixes the bug
Comment on attachment 387895 [details] Fixes the bug r=me
Comment on attachment 387895 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=387895&action=review > LayoutTests/fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash.html:18 > +script.textContent = 'document.getElementById("result").textContent = getComputedStyle(input).color ? "PASS" : "PASS"'; Nit - this could just be document.getElementById("result").textContent = "PASS";
Comment on attachment 387895 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=387895&action=review >> LayoutTests/fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash.html:18 >> +script.textContent = 'document.getElementById("result").textContent = getComputedStyle(input).color ? "PASS" : "PASS"'; > > Nit - this could just be document.getElementById("result").textContent = "PASS"; Ah, no, no, getComputedStyle(input).color is what triggers the crash. Without it, the test won't do anything useful. Perhaps I should split into a separate line to make it clear.
Comment on attachment 387895 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=387895&action=review >>> LayoutTests/fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash.html:18 >>> +script.textContent = 'document.getElementById("result").textContent = getComputedStyle(input).color ? "PASS" : "PASS"'; >> >> Nit - this could just be document.getElementById("result").textContent = "PASS"; > > Ah, no, no, getComputedStyle(input).color is what triggers the crash. > Without it, the test won't do anything useful. > Perhaps I should split into a separate line to make it clear. Oh, I see! Yep, I think that splitting it out clarifies things.
Comment on attachment 387895 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=387895&action=review > LayoutTests/fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash.html:26 > + Oh weird, this doesn't have the second input which makes this test hang in the trunk. Will fix that before landing it.
Committed r254722: <https://trac.webkit.org/changeset/254722>