WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
250726
Assertion failure in ContainerNode::removeNodeWithScriptAssertion via ~PDFPluginTextAnnotation
https://bugs.webkit.org/show_bug.cgi?id=250726
Summary
Assertion failure in ContainerNode::removeNodeWithScriptAssertion via ~PDFPlu...
Ryosuke Niwa
Reported
2023-01-17 13:55:38 PST
e.g. 0 JavaScriptCore 0x19880915e WTFCrash + 14 1 JavaScriptCore 0x19880916e WTFCrashWithSecurityImplication + 14 2 WebCore 0x1c2c62ba9 WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChange::Source) + 697 (ContainerNode.cpp:191) 3 WebCore 0x1c2c5c4b6 WebCore::ContainerNode::removeChild(WebCore::Node&) + 614 (ContainerNode.cpp:673) 4 WebKit 0x1681ed47b WebKit::PDFPluginAnnotation::~PDFPluginAnnotation() + 1067 (PDFPluginAnnotation.mm:96) 5 WebKit 0x168304f82 WebKit::PDFPluginTextAnnotation::~PDFPluginTextAnnotation() + 514 (PDFPluginTextAnnotation.mm:79) 6 WebKit 0x168304c52 WebKit::PDFPluginPasswordField::~PDFPluginPasswordField() + 514 (PDFPluginPasswordField.mm:52) 7 WebKit 0x1683050a5 WebKit::PDFPluginPasswordField::~PDFPluginPasswordField() + 21 (PDFPluginPasswordField.mm:50) 8 WebKit 0x1683050c9 WebKit::PDFPluginPasswordField::~PDFPluginPasswordField() + 25 (PDFPluginPasswordField.mm:50) 9 WebKit 0x1682639cd std::__1::default_delete<WebKit::PDFPluginAnnotation>::operator()(WebKit::PDFPluginAnnotation*) const + 141 (unique_ptr.h:57) 10 WebKit 0x1682638ca WTF::RefCounted<WebKit::PDFPluginAnnotation, std::__1::default_delete<WebKit::PDFPluginAnnotation> >::deref() const + 250 (RefCounted.h:190) 11 WebKit 0x168263c52 WTF::DefaultRefDerefTraits<WebKit::PDFPluginPasswordField>::derefIfNotNull(WebKit::PDFPluginPasswordField*) + 50 (RefPtr.h:42) 12 WebKit 0x168263ba4 WTF::RefPtr<WebKit::PDFPluginPasswordField, WTF::RawPtrTraits<WebKit::PDFPluginPasswordField>, WTF::DefaultRefDerefTraits<WebKit::PDFPluginPasswordField> >::~RefPtr() + 276 (RefPtr.h:74) 13 WebKit 0x1681b59a5 WTF::RefPtr<WebKit::PDFPluginPasswordField, WTF::RawPtrTraits<WebKit::PDFPluginPasswordField>, WTF::DefaultRefDerefTraits<WebKit::PDFPluginPasswordField> >::~RefPtr() + 21 (RefPtr.h:74) 14 WebKit 0x1681b5df0 WebKit::PDFPlugin::~PDFPlugin() + 928 (PDFPlugin.mm:696) 15 WebKit 0x1681b5f15 WebKit::PDFPlugin::~PDFPlugin() + 21 (PDFPlugin.mm:691) 16 WebKit 0x1682125eb WTF::ThreadSafeRefCounted<WebKit::PDFPlugin, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const + 91 (ThreadSafeRefCounted.h:115) 17 WebKit 0x168212512 WTF::ThreadSafeRefCounted<WebKit::PDFPlugin, (WTF::DestructionThread)0>::deref() const + 290 (ThreadSafeRefCounted.h:127) 18 WebKit 0x168262044 WTF::Ref<WebKit::PDFPlugin, WTF::RawPtrTraits<WebKit::PDFPlugin> >::~Ref() + 340 (Ref.h:61) 19 WebKit 0x1681b6845 WTF::Ref<WebKit::PDFPlugin, WTF::RawPtrTraits<WebKit::PDFPlugin> >::~Ref() + 21 (Ref.h:55) 20 WebKit 0x169c5b474 WebKit::PluginView::~PluginView() + 292 (PluginView.cpp:232) 21 WebKit 0x169c5b5f5 WebKit::PluginView::~PluginView() + 21 (PluginView.cpp:226) 22 WebKit 0x169c5b619 WebKit::PluginView::~PluginView() + 25 (PluginView.cpp:226) 23 WebCore 0x1bda60acd std::__1::default_delete<WebCore::Widget>::operator()(WebCore::Widget*) const + 141 (unique_ptr.h:57) 24 WebCore 0x1bda609ca WTF::RefCounted<WebCore::Widget, std::__1::default_delete<WebCore::Widget> >::deref() const + 250 (RefCounted.h:190) 25 WebCore 0x1bda60892 WTF::DefaultRefDerefTraits<WebCore::Widget>::derefIfNotNull(WebCore::Widget*) + 50 (RefPtr.h:42) 26 WebCore 0x1bda607e4 WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >::~RefPtr() + 276 (RefPtr.h:74) 27 WebCore 0x1bda3c615 WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >::~RefPtr() + 21 (RefPtr.h:74) 28 WebCore 0x1c7290495 WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*>::~KeyValuePair() + 21 (KeyValuePair.h:33) 29 WebCore 0x1c7290425 WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*>::~KeyValuePair() + 21 (KeyValuePair.h:33) 30 WebCore 0x1c72903b7 WTF::HashTable<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*> >, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashMap<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WebCore::FrameView*>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > > >::deallocateTable(WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*>*) + 167 (HashTable.h:1179) 31 WebCore 0x1c72902bd WTF::HashTable<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*> >, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashMap<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WebCore::FrameView*>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > > >::~HashTable() + 141 (HashTable.h:435) 32 WebCore 0x1c728ff45 WTF::HashTable<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*> >, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashMap<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WebCore::FrameView*>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > > >::~HashTable() + 21 (HashTable.h:432) 33 WebCore 0x1c72904b5 WTF::HashMap<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WebCore::FrameView*>, WTF::HashTableTraits>::~HashMap() + 21 (HashMap.h:35) 34 WebCore 0x1c7265745 WTF::HashMap<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> >, WebCore::FrameView*, WTF::DefaultHash<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget, WTF::RawPtrTraits<WebCore::Widget>, WTF::DefaultRefDerefTraits<WebCore::Widget> > >, WTF::HashTraits<WebCore::FrameView*>, WTF::HashTableTraits>::~HashMap() + 21 (HashMap.h:35) 35 WebCore 0x1c72655ca WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets() + 1018 (RenderWidget.cpp:77) 36 WebCore 0x1bda59cc0 WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope() + 384 (RenderWidget.h:41) 37 WebCore 0x1bda3c235 WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope() + 21 (RenderWidget.h:38) 38 WebCore 0x1c2d4504b WebCore::Document::destroyRenderTree() + 1355 (Document.cpp:2673) 39 WebCore 0x1c2d4597f WebCore::Document::willBeRemovedFromFrame() + 1327 (Document.cpp:2720) 40 WebCore 0x1c4f1a565 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::RawPtrTraits<WebCore::FrameView>, WTF::DefaultRefDerefTraits<WebCore::FrameView> >&&) + 181 (Frame.cpp:241) 41 WebCore 0x1c4a1872e WebCore::FrameLoader::closeAndRemoveChild(WebCore::Frame&) + 270 (FrameLoader.cpp:2811) 42 WebCore 0x1c4a1846b WebCore::FrameLoader::detachFromParent() + 667 (FrameLoader.cpp:2938) 43 WebCore 0x1c49fc493 WebCore::FrameLoader::detachChildren() + 1203 (FrameLoader.cpp:2804) 44 WebCore 0x1c49e4750 WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader*) + 1520 (FrameLoader.cpp:1986) 45 WebCore 0x1c4a11003 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 1491 (FrameLoader.cpp:2243) 46 WebCore 0x1c4a0f003 WebCore::FrameLoader::commitProvisionalLoad() + 3715 (FrameLoader.cpp:2099) <
rdar://103613680
>
Attachments
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2023-01-17 14:11:24 PST
Pull request:
https://github.com/WebKit/WebKit/pull/8734
EWS
Comment 2
2023-01-18 09:41:52 PST
Committed
259033@main
(70f33f17ad48): <
https://commits.webkit.org/259033@main
> Reviewed commits have been landed. Closing PR #8734 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug