WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
252302
ASSERT_NOT_REACHED in ImageOverlay updateSubtree()
https://bugs.webkit.org/show_bug.cgi?id=252302
Summary
ASSERT_NOT_REACHED in ImageOverlay updateSubtree()
Jean-Yves Avenard [:jya]
Reported
2023-02-15 00:32:47 PST
STR: In a debug build, Create a video element, don't have the controls showing. Right click on the video element to show the control menu. Result: Assertion ASSERT_NOT_REACHED in updateSubTree
https://searchfox.org/wubkat/rev/6312ca8a662145d355274780bbf68b6ce735d8e8/Source/WebCore/dom/ImageOverlay.cpp#266
``` (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x00000001300a8aa0 JavaScriptCore`::WTFCrash() at Assertions.cpp:327:35 frame #1: 0x00000001460f48d4 WebCore`WTFCrashWithInfo((null)=266, (null)="/Users/jyavenard/Work/webkit/OpenSource/Source/WebCore/dom/ImageOverlay.cpp", (null)="auto WebCore::ImageOverlay::updateSubtree(WebCore::HTMLElement &, const WebCore::TextRecognitionResult &)::(anonymous class)::operator()() const", (null)=2340) at Assertions.h:758:5 * frame #2: 0x000000014932dee4 WebCore`WebCore::ImageOverlay::updateSubtree(this=0x000000016fa9d660)::$_11::operator()() const at ImageOverlay.cpp:266:13 frame #3: 0x00000001493290d4 WebCore`WebCore::ImageOverlay::updateSubtree(element=0x000000013b004720, result=0x000000016fa9dda0) at ImageOverlay.cpp:258:30 frame #4: 0x0000000149327ef0 WebCore`WebCore::ImageOverlay::updateWithTextRecognitionResult(element=0x000000013b004720, result=0x000000016fa9dda0, cacheTextRecognitionResults=Yes) at ImageOverlay.cpp:494:21 frame #5: 0x00000001165691e8 WebKit`auto WebKit::WebPage::requestTextRecognition(this=0x00000001030d8428, result=0x000000016fa9dda0)>&&)::$_26::operator()<WebCore::TextRecognitionResult>(WebCore::TextRecognitionResult&&) const at WebPage.cpp:8036:9 frame #6: 0x00000001165690f0 WebKit`decltype(__f=0x00000001030d8428, __args=0x000000016fa9dda0)>&&)::$_26>()(std::declval<WebCore::TextRecognitionResult>())) std::__1::__invoke[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, WebCore::TextRecognitionResult>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, WebCore::TextRecognitionResult&&) at invoke.h:394:23 frame #7: 0x00000001165690c0 WebKit`decltype(__f=0x00000001030d8428, __t=size=1, (null)=__tuple_indices<0UL> @ 0x000000016fa9dd3f) std::__1::__apply_tuple_impl[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, std::__1::tuple<WebCore::TextRecognitionResult>, 0ul>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, std::__1::tuple<WebCore::TextRecognitionResult>&&, std::__1::__tuple_indices<0ul>) at tuple:1789:1 frame #8: 0x0000000116568a88 WebKit`decltype(__f=0x00000001030d8428, __t=size=1) std::__1::apply[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, std::__1::tuple<WebCore::TextRecognitionResult> >(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, std::__1::tuple<WebCore::TextRecognitionResult>&&) at tuple:1798:1 frame #9: 0x00000001165688f4 WebKit`void IPC::Connection::callReply<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(decoder=0x0000000103064180, completionHandler=0x00000001030d8428)>&&)::$_26&&) at Connection.h:704:13 frame #10: 0x0000000116568884 WebKit`IPC::Connection::AsyncReplyHandler IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(this=0x00000001030d8428, decoder=0x0000000103064180)>&&)::$_26&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Decoder*)::operator()(IPC::Decoder*) at Connection.h:687:21 frame #11: 0x0000000116568794 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::AsyncReplyHandler IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(this=0x00000001030d8420, in=0x0000000103064180) at Function.h:53:39 frame #12: 0x000000011539b7cc WebKit`WTF::Function<void (IPC::Decoder*)>::operator(this=0x000000016fa9dea8, in=0x0000000103064180)(IPC::Decoder*) const at Function.h:82:35 frame #13: 0x00000001153848e0 WebKit`WTF::CompletionHandler<void (IPC::Decoder*)>::operator(this=0x000000016fa9df20, in=0x0000000103064180)(IPC::Decoder*) at CompletionHandler.h:75:16 frame #14: 0x0000000116a7b434 WebKit`IPC::Connection::dispatchMessage(this=0x000000010303c840, decoder=0x0000000103064180) at Connection.cpp:1179:9 frame #15: 0x0000000116a7ba3c WebKit`IPC::Connection::dispatchMessage(this=0x000000010303c840, message=IPC::Decoder @ 0x0000000103064180) at Connection.cpp:1245:9 frame #16: 0x0000000116a7bd78 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000010303c840) at Connection.cpp:1310:5 frame #17: 0x0000000116a99a54 WebKit`IPC::Connection::enqueueIncomingMessage(this=0x0000000103068348)::$_17::operator()() const at Connection.cpp:1159:28 frame #18: 0x0000000116a99994 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_17, void>::call(this=0x0000000103068340) at Function.h:53:39 frame #19: 0x00000001300d1128 JavaScriptCore`WTF::Function<void ()>::operator(this=0x000000016fa9e0c0)() const at Function.h:82:35 frame #20: 0x0000000130169850 JavaScriptCore`WTF::RunLoop::performWork(this=0x0000000103010100) at RunLoop.cpp:147:9 frame #21: 0x000000013016ded4 JavaScriptCore`WTF::RunLoop::performWork(context=0x0000000103010100) at RunLoopCF.cpp:46:37 frame #22: 0x000000018821a884 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 frame #23: 0x000000018821a818 CoreFoundation`__CFRunLoopDoSource0 + 176 frame #24: 0x000000018821a588 CoreFoundation`__CFRunLoopDoSources0 + 244 frame #25: 0x0000000188219190 CoreFoundation`__CFRunLoopRun + 828 frame #26: 0x0000000188218700 CoreFoundation`CFRunLoopRunSpecific + 612 frame #27: 0x00000001891929bc Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #28: 0x000000018920b37c Foundation`-[NSRunLoop(NSRunLoop) run] + 64 frame #29: 0x0000000187e8a5a0 libxpc.dylib`_xpc_objc_main + 860 frame #30: 0x0000000187e89ec0 libxpc.dylib`xpc_main + 108 frame #31: 0x00000001149fbde8 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016fa9f588) at XPCServiceMain.mm:207:5 frame #32: 0x0000000116a4c2f4 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016fa9f588) at WKMain.mm:35:12 frame #33: 0x0000000100363f9c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016fa9f588) at AuxiliaryProcessMain.cpp:30:12 frame #34: 0x0000000187de3f28 dyld`start + 2236 ```
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2023-02-15 00:33:12 PST
<
rdar://problem/105486027
>
Radar WebKit Bug Importer
Comment 2
2023-02-15 00:34:33 PST
<
rdar://problem/105486068
>
Jean-Yves Avenard [:jya]
Comment 3
2023-02-15 00:39:16 PST
Test case added:
https://jyavenard.github.io/htmltests/tests/252302/index.html
Wenson Hsieh
Comment 4
2024-08-31 17:04:42 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/32995
EWS
Comment 5
2024-08-31 19:18:13 PDT
Committed
283030@main
(416adec17dd1): <
https://commits.webkit.org/283030@main
> Reviewed commits have been landed. Closing PR #32995 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug