WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
301610
Fix editing/pasteboard/paste-noscript.html crash under Site Isolation
https://bugs.webkit.org/show_bug.cgi?id=301610
Summary
Fix editing/pasteboard/paste-noscript.html crash under Site Isolation
Sihui Liu
Reported
2025-10-28 21:35:41 PDT
...
Attachments
Add attachment
proposed patch, testcase, etc.
Sihui Liu
Comment 1
2025-10-28 21:37:32 PDT
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebKit 0x1054822a0 WTFCrashWithInfo(int, char const*, char const*, int) + 8 (Assertions.h:969) [inlined] 1 WebKit 0x1054822a0 WebKit::collectFrameWebArchives(WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::HashMap<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>, WTF::DefaultHash<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>>, WTF::HashTableTraits, (WTF::ShouldValidateKey)1, WTF::FastMalloc>&, WTF::Vector<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 24 (WebPlatformStrategies.cpp:279) [inlined] 2 WebKit 0x1054822a0 WebKit::WebPlatformStrategies::writeWebArchive(WebCore::LegacyWebArchive&, WTF::String const&) (.cold.1) + 24 (WebPlatformStrategies.cpp:294) 3 WebKit 0x1051a2ea8 compilerFenceForCrash() + 4 (Assertions.h:1003) [inlined] 4 WebKit 0x1051a2ea8 WebKit::collectFrameWebArchives(WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::HashMap<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>, WTF::DefaultHash<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WTF::HashTraits<WTF::Ref<WebCore::LegacyWebArchive, WTF::RawPtrTraits<WebCore::LegacyWebArchive>, WTF::DefaultRefDerefTraits<WebCore::LegacyWebArchive>>>, WTF::HashTableTraits, (WTF::ShouldValidateKey)1, WTF::FastMalloc>&, WTF::Vector<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 4 (WebPlatformStrategies.cpp:279) [inlined] 5 WebKit 0x1051a2ea8 WebKit::WebPlatformStrategies::writeWebArchive(WebCore::LegacyWebArchive&, WTF::String const&) + 1040 (WebPlatformStrategies.cpp:294) 6 WebCore 0x11452c418 WebCore::Pasteboard::write(WebCore::PasteboardWebContent const&) + 1612 7 WebCore 0x113c2f788 WebCore::Editor::writeSelectionToPasteboard(WebCore::Pasteboard&) + 768 8 WebCore 0x114e9b128 WebCore::Editor::performCutOrCopy(WebCore::Editor::EditorActionSpecifier) + 732 9 WebCore 0x114eb972c WebCore::executeCopy(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 124 10 WebCore 0x11351ad44 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 164 11 WebCore 0x114d50cfc WebCore::Document::execCommand(WTF::String const&, bool, mpark::variant<WTF::String, WTF::RefPtr<WebCore::TrustedHTML, WTF::RawPtrTraits<WebCore::TrustedHTML>, WTF::DefaultRefDerefTraits<WebCore::TrustedHTML>>> const&) + 332 12 WebCore 0x113b80ff4 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 492 13 ??? 0x121718044 ??? 14 ??? 0x12170c008 ??? 15 ??? 0x12170c428 ??? 16 JavaScriptCore 0x10af8ece4 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) + 956 17 JavaScriptCore 0x10b16bed4 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 212 18 WebCore 0x11353756c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 368 19 WebCore 0x114a2b170 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) + 52 20 WebCore 0x114e0db2c WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 248 21 WebCore 0x114e0c114 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&) + 1380 22 WebCore 0x115116f20 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) + 140 23 WebCore 0x115116e14 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&) + 92 24 WebCore 0x1135371f8 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 104 25 WebCore 0x1134c9268 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 820 26 WebCore 0x1133fde14 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 108 27 WebCore 0x1150fcbe8 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&, WebCore::HTMLDocumentParser::SynchronousMode) + 324 28 WebCore 0x114d32208 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, std::__1::span<unsigned char const, 18446744073709551615ul>) + 200 29 WebCore 0x1152bca6c WebCore::DocumentWriter::addData(WebCore::SharedBuffer const&) + 108 30 WebCore 0x1152a4aac WebCore::DocumentLoader::commitData(WebCore::SharedBuffer const&) + 1308 31 WebKit 0x10518dfb8 WebKit::WebLocalFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, WebCore::SharedBuffer const&) + 60 (WebLocalFrameLoaderClient.cpp:1206) 32 WebCore 0x1152a72a4 WebCore::DocumentLoader::commitLoad(WebCore::SharedBuffer const&) + 200 33 WebCore 0x11533f0c0 WebCore::CachedRawResource::notifyClientsDataWasReceived(WebCore::SharedBuffer const&) + 112 34 WebCore 0x11533ee7c WebCore::CachedRawResource::updateBuffer(WebCore::FragmentedSharedBuffer const&) + 192 35 WebCore 0x115321d64 WebCore::SubresourceLoader::didReceiveBuffer(WebCore::FragmentedSharedBuffer const&, long long, WebCore::DataPayloadType) + 328 36 WebKit 0x10510c6a4 WebKit::WebResourceLoader::didReceiveData(IPC::SharedBufferReference&&, unsigned long long) + 268 (WebResourceLoader.cpp:251) 37 WebKit 0x1048decd0 auto void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...)::operator()<IPC::SharedBufferReference, unsigned long long>(auto&&...) const + 72 (HandleMessage.h:135) [inlined] 38 WebKit 0x1048decd0 std::__1::__invoke_result_impl<void, auto...>::type std::__1::__invoke[abi:sn210101]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...), IPC::SharedBufferReference, unsigned long long>(auto&&...) + 72 (invoke.h:87) [inlined] 39 WebKit 0x1048decd0 decltype(auto) std::__1::__apply_tuple_impl[abi:sn210101]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>, 0ul, 1ul>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&, std::__1::__tuple_indices<0ul, 1ul>) + 72 (tuple:1380) [inlined] 40 WebKit 0x1048decd0 decltype(auto) std::__1::apply[abi:sn210101]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&)::'lambda'(auto&&...), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&) + 72 (tuple:1384) [inlined] 41 WebKit 0x1048decd0 void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long), std::__1::tuple<IPC::SharedBufferReference, unsigned long long>&&) + 72 (HandleMessage.h:132) [inlined] 42 WebKit 0x1048decd0 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, IPC::Connection, WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long long)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long long)) + 132 (HandleMessage.h:337) 43 WebKit 0x1048de7c4 WebKit::WebResourceLoader::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 232 (WebResourceLoaderMessageReceiver.cpp:84) 44 WebKit 0x105104ad8 WebKit::NetworkProcessConnection::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 188 (NetworkProcessConnection.cpp:106) 45 WebKit 0x104226468 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 108 (NetworkProcessConnectionMessageReceiver.cpp:132) 46 WebKit 0x1053402ec IPC::Connection::dispatchMessage(IPC::Decoder&) + 160 (Connection.cpp:1423) 47 WebKit 0x105340464 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 152 (Connection.cpp:1473) 48 WebKit 0x10423a1c0 IPC::Connection::dispatchOneIncomingMessage() + 124 (Connection.cpp:1546) 49 JavaScriptCore 0x10a5aa440 WTF::RunLoop::performWork() + 508 50 JavaScriptCore 0x10a5aa22c WTF::RunLoop::performWork(void*) + 40 51 CoreFoundation 0x1811c6544 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 52 CoreFoundation 0x1811c64d8 __CFRunLoopDoSource0 + 172 53 CoreFoundation 0x1811c6244 __CFRunLoopDoSources0 + 232 54 CoreFoundation 0x1811c4ed4 __CFRunLoopRun + 820 55 CoreFoundation 0x18127edac _CFRunLoopRunSpecificWithOptions + 532 56 Foundation 0x1833c7ae4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 57 Foundation 0x1829d5ea8 -[NSRunLoop(NSRunLoop) run] + 64 58 libxpc.dylib 0x180e16dc4 _xpc_objc_main + 668 59 libxpc.dylib 0x180e28d08 _xpc_main + 40 60 libxpc.dylib 0x180e16984 xpc_main + 64 61 WebKit 0x104217af4 WebKit::XPCServiceMain(int, char const**) + 44 (XPCServiceMain.mm:299) 62 dyld 0x180d79244 start + 7188
Sihui Liu
Comment 2
2025-10-28 21:50:15 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/53124
Radar WebKit Bug Importer
Comment 3
2025-10-28 21:52:21 PDT
<
rdar://problem/163618423
>
EWS
Comment 4
2025-10-29 14:50:56 PDT
Committed
302316@main
(15cade05e54f): <
https://commits.webkit.org/302316@main
> Reviewed commits have been landed. Closing PR #53124 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug