Bug 224992 - Crash in constructCustomElementSynchronously
Summary: Crash in constructCustomElementSynchronously
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-04-23 13:51 PDT by Ryosuke Niwa
Modified: 2021-04-23 16:46 PDT (History)
5 users (show)

See Also:

Attachments
Fixes the bug (1.98 KB, patch)
2021-04-23 14:03 PDT, Ryosuke Niwa 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2021-04-23 13:51:17 PDT 
e.g.

Thread 0 Crashed:
0   JavaScriptCore                	0x00000001af960020 JSC::construct(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::ArgList const&, JSC::JSValue) + 20 (JSGlobalObject.h:1041)
1   WebCore                       	0x00000001b342a918 WebCore::JSCustomElementInterface::tryToConstructCustomElement(WebCore::Document&, WTF::AtomString const&) + 512 (ConstructData.h:45)
2   WebCore                       	0x00000001b342a518 WebCore::JSCustomElementInterface::constructElementWithFallback(WebCore::Document&, WTF::AtomString const&) + 48 (JSCustomElementInterface.cpp:62)
3   WebCore                       	0x00000001b3afc954 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 2372 (HTMLDocumentParser.cpp:233)
4   WebCore                       	0x00000001b3afd008 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString&&) + 196 (HTMLDocumentParser.cpp:196)
5   WebCore                       	0x00000001b36e857c WebCore::Document::write(WebCore::Document*, WebCore::SegmentedString&&) + 220 (Document.cpp:3308)
6   WebCore                       	0x00000001b36e8708 WebCore::Document::write(WebCore::Document*, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 324 (Document.cpp:3321)
7   WebCore                       	0x00000001b29b5d00 WebCore::jsDocumentPrototypeFunction_write(JSC::JSGlobalObject*, JSC::CallFrame*) + 176 (JSDocument.cpp:5826)
8   ???                           	0x0000000e8df14c04 0 + 62510943236

<rdar://66988026>
Comment 1 Ryosuke Niwa 2021-04-23 14:03:40 PDT 
Created attachment 426940 [details]
Fixes the bug
Comment 2 Tadeu Zagallo 2021-04-23 14:19:52 PDT 
Comment on attachment 426940 [details]
Fixes the bug

r=me
Comment 3 Ryosuke Niwa 2021-04-23 16:46:01 PDT 
Comment on attachment 426940 [details]
Fixes the bug

Clearing flags on attachment: 426940

Committed r276530 (236982@main): <https://commits.webkit.org/236982@main>
Comment 4 Ryosuke Niwa 2021-04-23 16:46:03 PDT 
All reviewed patches have been landed.  Closing bug.