279372 – Release assert in ElementIterator<WebCore::HTMLAnchorElement>::traverseAncestor() via searchForLinkRemovingExistingDDLinks

RESOLVED FIXED279372

Release assert in ElementIterator<WebCore::HTMLAnchorElement>::traverseAncestor() via searchForLinkRemovingExistingDDLinks

https://bugs.webkit.org/show_bug.cgi?id=279372

Summary Release assert in ElementIterator<WebCore::HTMLAnchorElement>::traverseAncest...

Ryosuke Niwa

Reported 2024-09-09 10:54:11 PDT

e.g. Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebCore 0x1add9ec40 WTFCrashWithInfo(int, char const*, char const*, int) + 11426880 [inlined] 1 WebCore 0x1add9ec40 WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::decrementPtrCount() const + 11426880 [inlined] 2 WebCore 0x1add9ec40 WTF::CheckedPtr<WebCore::HTMLAnchorElement, WTF::RawPtrTraits<WebCore::HTMLAnchorElement>>::derefIfNotNull() + 11426880 [inlined] 3 WebCore 0x1add9ec40 WTF::CheckedPtr<WebCore::HTMLAnchorElement, WTF::RawPtrTraits<WebCore::HTMLAnchorElement>>::~CheckedPtr() + 11426880 [inlined] 4 WebCore 0x1add9ec40 WTF::CheckedPtr<WebCore::HTMLAnchorElement, WTF::RawPtrTraits<WebCore::HTMLAnchorElement>>::~CheckedPtr() + 11426880 [inlined] 5 WebCore 0x1add9ec40 WTF::CheckedPtr<WebCore::HTMLLinkElement, WTF::RawPtrTraits<WebCore::HTMLLinkElement>>::operator=(WebCore::HTMLLinkElement*) + 11426880 6 WebCore 0x1add8d3eb WebCore::ElementIterator<WebCore::HTMLAnchorElement>::traverseAncestor() + 11355115 [inlined] 7 WebCore 0x1add8d3eb WebCore::ElementAncestorIterator<WebCore::HTMLAnchorElement>::operator++() + 11355115 [inlined] 8 WebCore 0x1add8d3eb WebCore::searchForLinkRemovingExistingDDLinks(WebCore::Node&, WebCore::Node&) + 11355115 [inlined] 9 WebCore 0x1add8d3eb WebCore::processDataDetectorScannerResults(__DDScanner*, WTF::OptionSet<WebCore::DataDetectorType>, std::__1::optional<double>, __DDScanQuery*, WebCore::SimpleRange const&, WTF::Vector<WebCore::DDQueryFragmentCore, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 11355115 10 WebCore 0x1adda34cb WebCore::DataDetection::detectContentInFrame(WebCore::LocalFrame*, WTF::OptionSet<WebCore::DataDetectorType>, std::__1::optional<double>, WTF::CompletionHandler<void (NSArray*)>&&)::$_0::operator()()::'lambda0'()::operator()() + 11445451 [inlined] 11 WebCore 0x1adda34cb WTF::Detail::CallableWrapper<WebCore::DataDetection::detectContentInFrame(WebCore::LocalFrame*, WTF::OptionSet<WebCore::DataDetectorType>, std::__1::optional<double>, WTF::CompletionHandler<void (NSArray*)>&&)::$_0::operator()()::'lambda0'(), void>::call() + 11445451 12 JavaScriptCore 0x1b11fd6eb WTF::Function<void ()>::operator()() const + 370411 [inlined] 13 JavaScriptCore 0x1b11fd6eb WTF::RunLoop::performWork() + 370411 <rdar://134586621>

Attachments
Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2024-09-09 10:57:43 PDT

Pull request: https://github.com/WebKit/WebKit/pull/33328

EWS

Comment 2 2024-09-09 14:29:34 PDT

Committed 283363@main (d1b3d851cc7b): <https://commits.webkit.org/283363@main> Reviewed commits have been landed. Closing PR #33328 and removing active labels.

EWS

Comment 3 2024-09-12 19:20:21 PDT

Committed 283286.24@safari-7620-branch (4335cb57071d): <https://commits.webkit.org/283286.24@safari-7620-branch> Reviewed commits have been landed. Closing PR #1752 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari Technology Preview

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Ryosuke Niwa

Reported

2024-09-09 10:54 PDT

Modified

2024-09-12 19:20 PDT History

CC List

0 users

URL

Keywords InRadar

Depends on

Blocks