276216 – Crash under RenderLayerCompositor::traverseUnchangedSubtree()

RESOLVED FIXED 276216

Crash under RenderLayerCompositor::traverseUnchangedSubtree()

https://bugs.webkit.org/show_bug.cgi?id=276216

Summary Crash under RenderLayerCompositor::traverseUnchangedSubtree()

Gerald Squelart

Reported 2024-07-03 23:23:18 PDT

Near-null access in: ``` WTF::HashTableAddResult<...> WTF::WeakListHashSet<WebCore::RenderLayer, ...>::add<WebCore::RenderLayer>(WebCore::RenderLayer const&) WebCore::RenderLayerCompositor::traverseUnchangedSubtree(WebCore::RenderLayer*, WebCore::RenderLayer&, WebCore::LayerOverlapMap&, WebCore::RenderLayerCompositor::CompositingState&, WebCore::RenderLayerCompositor::BackingSharingState&, bool&) WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer&, WebCore::LayerOverlapMap&, WebCore::RenderLayerCompositor::CompositingState&, WebCore::RenderLayerCompositor::BackingSharingState&, bool&) WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer&, WebCore::LayerOverlapMap&, WebCore::RenderLayerCompositor::CompositingState&, WebCore::RenderLayerCompositor::BackingSharingState&, bool&) WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer&, WebCore::LayerOverlapMap&, WebCore::RenderLayerCompositor::CompositingState&, WebCore::RenderLayerCompositor::BackingSharingState&, bool&) WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType, WebCore::RenderLayer*) WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) ``` rdar://130615925

Attachments
Add attachment proposed patch, testcase, etc.

Gerald Squelart

Comment 1 2024-07-03 23:26:54 PDT

Pull request: https://github.com/WebKit/WebKit/pull/30483

EWS

Comment 2 2024-07-04 21:13:15 PDT

Committed 280673@main (7b1e2f8cef2e): <https://commits.webkit.org/280673@main> Reviewed commits have been landed. Closing PR #30483 and removing active labels.

Simon Fraser (smfr)

Comment 3 2024-07-22 11:34:42 PDT

*** Bug 275937 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Compositing

Assignee

Gerald Squelart

Reported

2024-07-03 23:23 PDT

Modified

2024-07-22 11:34 PDT History

CC List

2 users Show

URL

Keywords InRadar

Duplicates (1)

275937 View as bug list

Depends on

Blocks

275937

Dependencies

tree graph