WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
Bug 238491
[WinCairo] REGRESSION(
r291790
) fast/editing/apply-relative-font-style-change-crash-004.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=238491
Summary
[WinCairo] REGRESSION(r291790) fast/editing/apply-relative-font-style-change-...
Fujii Hironori
Reported
2022-03-29 00:22:25 PDT
Created
attachment 456002
[details]
crash log [WinCairo] REGRESSION(
r291790
) fast/editing/apply-relative-font-style-change-crash-004.html is crashing Since
r291790
(
Bug 238247
) # Child-SP RetAddr Call Site 00 000000fd`14837a38 00007ffa`4d59960a WebKit2!__chkstk(void)+0x37 [d:\a01\_work\12\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm @ 109] 01 000000fd`14837a50 00007ffa`4d5999df WebKit2!WebCore::Style::Resolver::applyMatchedProperties(class WebCore::Style::Resolver::State * state = 0x00007ffa`4d596f3e, struct WebCore::Style::MatchResult * matchResult = 0x000001fd`4de75aa0)+0x1a [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleResolver.cpp @ 575] 02 000000fd`14837a60 00007ffa`4d596f3e WebKit2!WebCore::Style::Resolver::applyMatchedProperties(class WebCore::Style::Resolver::State * state = 0x000000fd`1483ffb8, struct WebCore::Style::MatchResult * matchResult = 0x000000fd`148404a8)+0x3ef [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleResolver.cpp @ 628] 03 000000fd`1483ff80 00007ffa`4d619ff1 WebKit2!WebCore::Style::Resolver::styleForElement(class WebCore::Element * element = 0x000001fd`4cb9c050, struct WebCore::Style::ResolutionContext * context = 0x000000fd`14840838, WebCore::RuleMatchingBehavior matchingBehavior = MatchAllRules (0n0))+0x35e [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleResolver.cpp @ 269] 04 000000fd`148406b0 00007ffa`4d61ad0c WebKit2!WebCore::Style::TreeResolver::styleForStyleable(struct WebCore::Styleable * styleable = 0x000000fd`14840878, struct WebCore::Style::ResolutionContext * resolutionContext = 0x000000fd`14840838)+0x311 [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 148] 05 000000fd`14840800 00007ffa`4d61a73c WebKit2!WebCore::Style::TreeResolver::resolveElement(class WebCore::Element * element = 0x000001fd`4cb9c050)+0x13c [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 215] 06 000000fd`148409c0 00007ffa`4d619add WebKit2!WebCore::Style::TreeResolver::resolveComposedTree(void)+0x65c [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 720] 07 000000fd`14843340 00007ffa`4bde7797 WebKit2!WebCore::Style::TreeResolver::resolve(void)+0x3ad [C:\jenkins_slave\WinCairo-master\Source\WebCore\style\StyleTreeResolver.cpp @ 819] 08 000000fd`14843490 00007ffa`4bde7d86 WebKit2!WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType type = Normal (0n0))+0x517 [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2095] 09 000000fd`14843b30 00007ffa`4bde8058 WebKit2!WebCore::Document::updateStyleIfNeeded(void)+0x226 [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2213] 0a 000000fd`14843bb0 00007ffa`4bde824f WebKit2!WebCore::Document::updateLayout(void)+0x1f8 [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2235] 0b 000000fd`14843cb0 00007ffa`4c0a6f52 WebKit2!WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks runPostLayoutTasks = Asynchronously (0n0))+0x5f [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 2268] 0c 000000fd`14843cf0 00007ffa`4c0a85e9 WebKit2!WebCore::ApplyStyleCommand::nodeFullySelected(class WebCore::Element * element = 0x000001fd`4cb9c050, class WebCore::Position * start = 0x000000fd`14843db8, class WebCore::Position * end = 0x000000fd`14843de8)+0x42 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\ApplyStyleCommand.cpp @ 1177] 0d 000000fd`14843d90 00007ffa`4c0a48a7 WebKit2!WebCore::ApplyStyleCommand::applyRelativeFontStyleChange(class WebCore::EditingStyle * style = 0x000001fd`4cab7090)+0xa99 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\ApplyStyleCommand.cpp @ 399] 0e 000000fd`14844200 00007ffa`4c0973b7 WebKit2!WebCore::ApplyStyleCommand::doApply(void)+0x117 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\ApplyStyleCommand.cpp @ 214] 0f 000000fd`14844270 00007ffa`4c0f11fc WebKit2!WebCore::CompositeEditCommand::apply(void)+0x2c7 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\CompositeEditCommand.cpp @ 399] 10 000000fd`14844340 00007ffa`4c111195 WebKit2!WebCore::Editor::applyStyle(class WTF::RefPtr<WebCore::EditingStyle,WTF::RawPtrTraits<WebCore::EditingStyle>,WTF::DefaultRefDerefTraits<WebCore::EditingStyle> > * style = 0x000000fd`148444d0, WebCore::EditAction editingAction = Unspecified (0n0), WebCore::Editor::ColorFilterMode colorFilterMode = UseOriginalColor (0n1))+0x42c [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\Editor.cpp @ 981] 11 000000fd`148444b0 00007ffa`4c111324 WebKit2!WebCore::applyCommandToFrame(class WebCore::Frame * frame = 0x000001fd`4820a580, WebCore::EditorCommandSource source = CommandFromDOM (0n1), WebCore::EditAction action = ChangeAttributes (0n17), class WTF::Ref<WebCore::EditingStyle,WTF::RawPtrTraits<WebCore::EditingStyle> > * style = 0x000000fd`14844538)+0xb5 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 112] 12 000000fd`14844510 00007ffa`4c112b59 WebKit2!WebCore::executeApplyStyle(class WebCore::Frame * frame = 0x000001fd`4820a580, WebCore::EditorCommandSource source = CommandFromDOM (0n1), WebCore::EditAction action = ChangeAttributes (0n17), WebCore::CSSPropertyID propertyID = CSSPropertyWebkitFontSizeDelta (0n457), class WTF::String * propertyValue = 0x000000fd`14844828)+0x44 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 131] 13 000000fd`14844550 00007ffa`4c0f3093 WebKit2!WebCore::executeFontSizeDelta(class WebCore::Frame * frame = 0x000001fd`4820a580, class WebCore::Event * __formal = 0x00000000`00000000, WebCore::EditorCommandSource source = CommandFromDOM (0n1), class WTF::String * value = 0x000000fd`14844828)+0x39 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 402] 14 000000fd`14844590 00007ffa`4bdf74be WebKit2!WebCore::Editor::Command::execute(class WTF::String * parameter = 0x000000fd`14844828, class WebCore::Event * triggeringEvent = 0x00000000`00000000)+0xf3 [C:\jenkins_slave\WinCairo-master\Source\WebCore\editing\EditorCommand.cpp @ 1885] 15 000000fd`148445f0 00007ffa`49f0dd51 WebKit2!WebCore::Document::execCommand(class WTF::String * commandName = 0x000000fd`148447a8, bool userInterface = false, class WTF::String * value = 0x000000fd`14844828)+0x10e [C:\jenkins_slave\WinCairo-master\Source\WebCore\dom\Document.cpp @ 5883] 16 000000fd`148446a0 00007ffa`49f1e143 WebKit2!WebCore::jsDocumentPrototypeFunction_execCommandBody(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001fd`4dc49d20, class JSC::CallFrame * callFrame = 0x000000fd`14844b70, class WebCore::JSDocument * castedThis = 0x000001fd`4ccaba60)+0x7c1 [C:\jenkins_slave\WinCairo-master\WebKitBuild\Debug\WebCore\DerivedSources\JSDocument.cpp @ 5959] 17 000000fd`148449c0 00007ffa`49eeecc5 WebKit2!WebCore::IDLOperation<WebCore::JSDocument>::call<&WebCore::jsDocumentPrototypeFunction_execCommandBody,0>(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001fd`4dc49d20, class JSC::CallFrame * callFrame = 0x000000fd`14844b70, char * operationName = 0x00007ffa`55044d38 "execCommand")+0x313 [C:\jenkins_slave\WinCairo-master\Source\WebCore\bindings\js\JSDOMOperation.h @ 63] 18 000000fd`14844b20 000001fd`000011be WebKit2!WebCore::jsDocumentPrototypeFunction_execCommand(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001fd`4dc49d20, class JSC::CallFrame * callFrame = 0x000000fd`14844b70)+0x25 [C:\jenkins_slave\WinCairo-master\WebKitBuild\Debug\WebCore\DerivedSources\JSDocument.cpp @ 5965] 19 000000fd`14844b50 000001fd`4dc49d20 0x000001fd`000011be 1a 000000fd`14844b58 000000fd`14844b70 0x000001fd`4dc49d20 1b 000000fd`14844b60 00000000`00000000 0x000000fd`14844b70
Attachments
crash log
(101.26 KB, text/plain)
2022-03-29 00:22 PDT
,
Fujii Hironori
no flags
Details
callstack
(33.06 KB, text/plain)
2022-03-29 00:27 PDT
,
Fujii Hironori
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Fujii Hironori
Comment 1
2022-03-29 00:27:53 PDT
Created
attachment 456003
[details]
callstack Unhandled exception at 0x00007FFDBAB3C0D7 (WebKit2.dll) in WebKitWebProcess.exe: 0xC00000FD: Stack overflow (parameters: 0x0000000000000001, 0x000000CBE1A03000).
Fujii Hironori
Comment 2
2022-03-29 00:34:16 PDT
(In reply to Fujii Hironori from
comment #1
)
> Created
attachment 456003
[details]
> callstack
This looks like an infinite recursion.
Fujii Hironori
Comment 3
2022-03-29 21:16:52 PDT
The infinite recursion seems the expected behavior of this test for WebKit. The problem is WebKitWebProcess.exe is crashing before dispatching "RangeError: Maximum call stack size exceeded." exception. Chrome and Firefox don't dispatch a beforeinput event in this test.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug