| Summary: | Specific dom node order of Shadow DOM (re)projection causes crash | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Elliott Marquez <emarquez> | ||||||
| Component: | DOM | Assignee: | Nobody <webkit-unassigned> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | cdumez, dfreedm, esprehn+autocc, ews-watchlist, florian, kangil.han, koivisto, rniwa, webkit-bug-importer, zalan | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | Safari 13 | ||||||||
| Hardware: | Mac | ||||||||
| OS: | macOS 10.15 | ||||||||
| Attachments: |
|
||||||||
|
Description
Elliott Marquez
2020-04-28 17:55:53 PDT
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff40c872a3 WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation(WebCore::RenderBlock&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 67 1 com.apple.WebCore 0x00007fff40c86f56 WebCore::RenderTreeBuilder::Block::attach(WebCore::RenderBlock&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 86 2 com.apple.WebCore 0x00007fff40c8ae4a WebCore::RenderTreeBuilder::BlockFlow::attach(WebCore::RenderBlockFlow&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 298 3 com.apple.WebCore 0x00007fff40c86d7b WebCore::RenderTreeBuilder::attach(WebCore::RenderElement&, std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) + 1739 4 com.apple.WebCore 0x00007fff40c96d08 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) + 5912 5 com.apple.WebCore 0x00007fff4024f89c WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 1468 6 com.apple.WebCore 0x00007fff3ef6d044 WebCore::Document::updateStyleIfNeeded() + 468 7 com.apple.WebCore 0x00007fff3ef6cb0b WebCore::Document::finishedParsing() + 539 8 com.apple.WebCore 0x00007fff3ef641b4 WebCore::HTMLDocumentParser::prepareToStopParsing() + 196 9 com.apple.WebCore 0x00007fff3ef63ed4 WebCore::HTMLDocumentParser::finish() + 388 10 com.apple.WebCore 0x00007fff406eff21 WebCore::DocumentLoader::finishedLoading() + 545 11 com.apple.WebCore 0x00007fff3efce24c WebCore::CachedResource::checkNotify() + 92 12 com.apple.WebCore 0x00007fff4077d099 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 1241 Created attachment 398176 [details]
patch
Committed r260997: <https://trac.webkit.org/changeset/260997> All reviewed patches have been landed. Closing bug and clearing flags on attachment 398176 [details]. |