Bug 267878 - REGRESSION(273148@main): Crash on veggiegrill.com
Summary: REGRESSION(273148@main): Crash on veggiegrill.com
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: Safari Technology Preview
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2024-01-22 13:42 PST by Ryosuke Niwa
Modified: 2024-01-22 14:51 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2024-01-22 13:42:19 PST 
In debug, we hit the following assertion, and we crash in release builds.

ASSERTION FAILED: m_image
/Volumes/Data/safari-2/OpenSource/Source/WebCore/loader/ImageLoader.cpp(350) : void WebCore::ImageLoader::updateFromElementIgnoringPreviousErrorToSameValue()
1   0x137e2ad30 WTFCrash
2   0x282e09acc WebCore::AudioProcessingEvent::AudioProcessingEvent(WTF::AtomString const&, WebCore::AudioProcessingEventInit&&)
3   0x284a923cc WebCore::ImageLoader::updateFromElementIgnoringPreviousErrorToSameValue()
4   0x284279460 WebCore::HTMLImageElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason)
5   0x283d83450 WebCore::Element::notifyAttributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason)
6   0x283d95010 WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&)
7   0x283d82b4c WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomString const&, WebCore::Element::InSynchronizationOfLazyAttribute)
8   0x283d830f8 WebCore::Element::setAttributeWithoutSynchronization(WebCore::QualifiedName const&, WTF::AtomString const&)
9   0x2811faa50 WebCore::setJSHTMLImageElement_srcSetter(JSC::JSGlobalObject&, WebCore::JSHTMLImageElement&, JSC::JSValue)::'lambda'()::operator()() const
10  0x2811faa00 void WebCore::invokeFunctorPropagatingExceptionIfNecessary<WebCore::setJSHTMLImageElement_srcSetter(JSC::JSGlobalObject&, WebCore::JSHTMLImageElement&, JSC::JSValue)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::setJSHTMLImageElement_srcSetter(JSC::JSGlobalObject&, WebCore::JSHTMLImageElement&, JSC::JSValue)::'lambda'()&&)
11  0x2811fa994 WebCore::setJSHTMLImageElement_srcSetter(JSC::JSGlobalObject&, WebCore::JSHTMLImageElement&, JSC::JSValue)
12  0x2810fd218 bool WebCore::IDLAttribute<WebCore::JSHTMLImageElement>::set<&WebCore::setJSHTMLImageElement_srcSetter(JSC::JSGlobalObject&, WebCore::JSHTMLImageElement&, JSC::JSValue), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, long long, long long, JSC::PropertyName)
13  0x2810fd0e4 WebCore::setJSHTMLImageElement_src(JSC::JSGlobalObject*, long long, long long, JSC::PropertyName)
14  0x139bcc2d0 WTF::FunctionPtr<(WTF::PtrTag)28258, bool (JSC::JSGlobalObject*, long long, long long, JSC::PropertyName), (WTF::FunctionAttributes)1>::operator()(JSC::JSGlobalObject*, long long, long long, JSC::PropertyName) const
15  0x139cd546c JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
16  0x139320ba8 JSC::JSObject::putInlineForJSObject(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
17  0x139e15544 JSC::JSCell::putInline(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
18  0x139322e10 JSC::JSValue::putInline(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
19  0x139915f64 llint_slow_path_put_by_id

<rdar://121376760>
Comment 1 Ryosuke Niwa 2024-01-22 13:49:20 PST 
Pull request: https://github.com/WebKit/WebKit/pull/23064
Comment 2 EWS 2024-01-22 14:51:01 PST 
Committed 273321@main (18063444ac99): <https://commits.webkit.org/273321@main>

Reviewed commits have been landed. Closing PR #23064 and removing active labels.