224992 – Crash in constructCustomElementSynchronously

RESOLVED FIXED224992

Crash in constructCustomElementSynchronously

https://bugs.webkit.org/show_bug.cgi?id=224992

Summary Crash in constructCustomElementSynchronously

Ryosuke Niwa

Reported 2021-04-23 13:51:17 PDT

e.g. Thread 0 Crashed: 0 JavaScriptCore 0x00000001af960020 JSC::construct(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::ArgList const&, JSC::JSValue) + 20 (JSGlobalObject.h:1041) 1 WebCore 0x00000001b342a918 WebCore::JSCustomElementInterface::tryToConstructCustomElement(WebCore::Document&, WTF::AtomString const&) + 512 (ConstructData.h:45) 2 WebCore 0x00000001b342a518 WebCore::JSCustomElementInterface::constructElementWithFallback(WebCore::Document&, WTF::AtomString const&) + 48 (JSCustomElementInterface.cpp:62) 3 WebCore 0x00000001b3afc954 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 2372 (HTMLDocumentParser.cpp:233) 4 WebCore 0x00000001b3afd008 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString&&) + 196 (HTMLDocumentParser.cpp:196) 5 WebCore 0x00000001b36e857c WebCore::Document::write(WebCore::Document*, WebCore::SegmentedString&&) + 220 (Document.cpp:3308) 6 WebCore 0x00000001b36e8708 WebCore::Document::write(WebCore::Document*, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 324 (Document.cpp:3321) 7 WebCore 0x00000001b29b5d00 WebCore::jsDocumentPrototypeFunction_write(JSC::JSGlobalObject*, JSC::CallFrame*) + 176 (JSDocument.cpp:5826) 8 ??? 0x0000000e8df14c04 0 + 62510943236 <rdar://66988026>

Attachments
Fixes the bug (1.98 KB, patch) 2021-04-23 14:03 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2021-04-23 14:03:40 PDT

Created attachment 426940 [details] Fixes the bug

Tadeu Zagallo

Comment 2 2021-04-23 14:19:52 PDT

Comment on attachment 426940 [details] Fixes the bug r=me

Ryosuke Niwa

Comment 3 2021-04-23 16:46:01 PDT

Comment on attachment 426940 [details] Fixes the bug Clearing flags on attachment: 426940 Committed r276530 (236982@main): <https://commits.webkit.org/236982@main>

Ryosuke Niwa

Comment 4 2021-04-23 16:46:03 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component DOM

Assignee

Ryosuke Niwa

Reported

2021-04-23 13:51 PDT

Modified

2021-04-23 16:46 PDT History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks