WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
272543
Crash in Style::commitRelations
https://bugs.webkit.org/show_bug.cgi?id=272543
Summary
Crash in Style::commitRelations
Ryosuke Niwa
Reported
2024-04-11 12:25:49 PDT
e.g. hread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x7ff90bcc3402 WTF::CompactPointerTuple<WebCore::RenderObject*, unsigned short>::setType(unsigned short) + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.5.Internal.sdk/usr/local/include/wtf/CompactPointerTuple.h:96) [inlined] 1 com.apple.WebCore 0x7ff90bcc3402 WebCore::Node::setStyleBitfields(WebCore::Node::StyleBitfields) + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Node.h:708) [inlined] 2 com.apple.WebCore 0x7ff90bcc3402 WebCore::Node::setStyleFlag(WebCore::Node::NodeStyleFlag) + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Node.h:864) [inlined] 3 com.apple.WebCore 0x7ff90bcc3402 WebCore::Element::setStyleAffectedByEmpty() + 0 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Element.h:441) [inlined] 4 com.apple.WebCore 0x7ff90bcc3402 WebCore::Style::commitRelations(std::__1::unique_ptr<WTF::Vector<WebCore::Style::Relation, 8ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, std::__1::default_delete<WTF::Vector<WebCore::Style::Relation, 8ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>>>, WebCore::Style::Update&) + 98 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleRelations.cpp:94) 5 com.apple.WebCore 0x7ff90bcdf4b4 WebCore::Style::TreeResolver::styleForStyleable(WebCore::Styleable const&, WebCore::Style::TreeResolver::ResolutionType, WebCore::Style::ResolutionContext const&) + 204 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:162) [inlined] 6 com.apple.WebCore 0x7ff90bcdf4b4 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&, WebCore::RenderStyle const*, WebCore::Style::TreeResolver::ResolutionType) + 460 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:247) [inlined] 7 com.apple.WebCore 0x7ff90bcdf4b4 WebCore::Style::TreeResolver::resolveComposedTree() + 4052 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:943) 8 com.apple.WebCore 0x7ff90bce4bb4 WebCore::Style::TreeResolver::resolve() + 548 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/style/StyleTreeResolver.cpp:1063) 9 com.apple.WebCore 0x7ff90ae70b5e WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 910 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2533) 10 com.apple.WebCore 0x7ff9095fd0b0 WebCore::Document::updateStyleIfNeeded() + 176 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2662) 11 com.apple.WebCore 0x7ff90ae6da90 WebCore::Document::updateLayout(WTF::OptionSet<WebCore::LayoutOptions>, WebCore::Element const*) + 176 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2706) 12 com.apple.WebCore 0x7ff90aec07bc WebCore::Document::updateLayoutIgnorePendingStylesheets(WTF::OptionSet<WebCore::LayoutOptions>, WebCore::Element const*) + 16 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Document.cpp:2669) [inlined] 13 com.apple.WebCore 0x7ff90aec07bc WebCore::Element::boundingClientRect() + 44 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Element.cpp:1915) 14 com.apple.WebCore 0x7ff909cce12c WebCore::Element::getBoundingClientRect() + 4 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/dom/Element.cpp:1927) [inlined] 15 com.apple.WebCore 0x7ff909cce12c WebCore::jsElementPrototypeFunction_getBoundingClientRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*) + 32 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Binaries/WebCore/install/Symbols/BuiltProducts/DerivedSources/WebCore/JSElement.cpp:4125) [inlined] 16 com.apple.WebCore 0x7ff909cce12c long long WebCore::IDLOperation<WebCore::JSElement>::call<&WebCore::jsElementPrototypeFunction_getBoundingClientRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 74 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/bindings/js/JSDOMOperation.h:63) [inlined] 17 com.apple.WebCore 0x7ff909cce12c WebCore::jsElementPrototypeFunction_getBoundingClientRect(JSC::JSGlobalObject*, JSC::CallFrame*) + 92 (/AppleInternal/Library/BuildRoots/1e7818a0-edc7-11ee-8f38-a65dcee5a99e/Library/Caches/com.apple.xbs/Binaries/WebCore/install/Symbols/BuiltProducts/DerivedSources/WebCore/JSElement.cpp:4130) 18 0x2b4d14e0c037 <
rdar://126136602
>
Attachments
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2024-04-11 12:37:12 PDT
Pull request:
https://github.com/apple/WebKit/pull/1198
Ryosuke Niwa
Comment 2
2024-04-11 14:29:35 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/27166
EWS
Comment 3
2024-04-11 20:04:12 PDT
Committed
277408@main
(e685b6eb7e6d): <
https://commits.webkit.org/277408@main
> Reviewed commits have been landed. Closing PR #27166 and removing active labels.
EWS
Comment 4
2024-04-12 07:53:42 PDT
Committed
272448.907@safari-7618-branch
(e75016c236e5): <
https://commits.webkit.org/272448.907@safari-7618-branch
> Reviewed commits have been landed. Closing PR #1198 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug