Bug 261421 - REGRESSION(267280@main): costco.com crash in WebCore::ShorthandSerializer::serializeGridTemplate const
Summary: REGRESSION(267280@main): costco.com crash in WebCore::ShorthandSerializer::se...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sammy Gill
URL:
Keywords: InRadar
: 261760 (view as bug list)
Depends on:
Blocks:
 
Reported: 2023-09-11 11:41 PDT by Sammy Gill
Modified: 2023-09-25 11:45 PDT (History)
2 users (show)

See Also:

Attachments
Testcase (453 bytes, text/html)
2023-09-11 11:41 PDT, Sammy Gill 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sammy Gill 2023-09-11 11:41:25 PDT 
Created attachment 467643 [details]
Testcase

Costco's checkout page uses element.TextContent = "" and this ends up disconnecting some nodes from the tree. When the ShorthandSerializer tries to get the value for each of the longhands of grid-template, the ComputedStyleExtractor is unable to resolve the RenderStyle to use via computeRenderStyleForProperty and returns nullptr for the longhand value. This results in a hard nullptr deref ShorthandSerializer::longhandValue
Comment 1 Sammy Gill 2023-09-11 11:42:15 PDT 
rdar://115046351
Comment 2 Sammy Gill 2023-09-11 11:54:04 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/17661
Comment 3 Sammy Gill 2023-09-12 14:10:09 PDT 
Submitted web-platform-tests pull request: https://github.com/web-platform-tests/wpt/pull/41946
Comment 4 EWS 2023-09-14 09:19:48 PDT 
Committed 267989@main (7d7be769ce2d): <https://commits.webkit.org/267989@main>

Reviewed commits have been landed. Closing PR #17661 and removing active labels.
Comment 5 Sammy Gill 2023-09-25 11:45:40 PDT 
*** Bug 261760 has been marked as a duplicate of this bug. ***