170284 2017-03-30 06:30:28 -0700 ASSERTION FAILED: codePath(TextRun(text)) != FontCascade::Complex in WebCore::FontCascade::widthForSimpleText 2021-08-11 00:08:06 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Local Build Unspecified Unspecified RESOLVED CONFIGURATION CHANGED P2 Normal --- 116980 1 hodovan webkit-unassigned mmaxfield rniwa wenson_hsieh oldest_to_newest 1292781 0 305860 hodovan 2017-03-30 06:30:28 -0700 Created attachment 305860 Test Load the attached test with debug WebKitTestRunner: Checked version: ea2710e OS: macOS Sierra (10.12.3) <script> window.onload = function(){ document.execCommand('selectAll') document.designMode='on' document.execCommand('indent') } </script> <style> * { font-feature-settings:"swsh" } </style> Backtrace: ASSERTION FAILED: codePath(TextRun(text)) != FontCascade::Complex WebKit/Source/WebCore/platform/graphics/FontCascade.cpp(425) : float WebCore::FontCascade::widthForSimpleText(WTF::StringView) const 1 0x136223a31 WTFCrash 2 0x1191317bb WebCore::FontCascade::widthForSimpleText(WTF::StringView) const 3 0x11e04d99b WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style(WebCore::RenderStyle const&, bool) 4 0x11e04e3bc WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style(WebCore::RenderStyle const&, bool) 5 0x11e04e6a3 WebCore::SimpleLineLayout::TextFragmentIterator::TextFragmentIterator(WebCore::RenderBlockFlow const&) 6 0x11e04e7fd WebCore::SimpleLineLayout::TextFragmentIterator::TextFragmentIterator(WebCore::RenderBlockFlow const&) 7 0x11e00534c WebCore::SimpleLineLayout::createTextRuns(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::RenderBlockFlow&, unsigned int&) 8 0x11e004de5 WebCore::SimpleLineLayout::create(WebCore::RenderBlockFlow&) 9 0x11d0b9f71 WebCore::RenderBlockFlow::layoutSimpleLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 10 0x11d0ad73b WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 11 0x11d0aa1b1 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 12 0x11cfeb564 WebCore::RenderBlock::layout() 13 0x11d0b76f4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 14 0x11d0ae03f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 15 0x11d0aa228 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 16 0x11cfeb564 WebCore::RenderBlock::layout() 17 0x11d0b76f4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 18 0x11d0ae03f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 19 0x11d0aa228 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 20 0x11cfeb564 WebCore::RenderBlock::layout() 21 0x11d0b76f4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 22 0x11d0ae03f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 23 0x11d0aa228 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 24 0x11cfeb564 WebCore::RenderBlock::layout() 25 0x11d0b76f4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 26 0x11d0ae03f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 27 0x11d0aa228 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 28 0x11cfeb564 WebCore::RenderBlock::layout() 29 0x11d9f3b46 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 30 0x11d9f5fa6 WebCore::RenderView::layout() 31 0x1194127ab WebCore::FrameView::layout(bool) ASAN:DEADLYSIGNAL ================================================================= ==89606==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000136223a69 bp 0x7fff51454cf0 sp 0x7fff51454ce0 T0) #0 0x136223a68 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3793a68) #1 0x1191317ba in WebCore::FontCascade::widthForSimpleText(WTF::StringView) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x192f7ba) #2 0x11e04d99a in WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style(WebCore::RenderStyle const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x684b99a) #3 0x11e04e3bb in WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style(WebCore::RenderStyle const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x684c3bb) #4 0x11e04e6a2 in WebCore::SimpleLineLayout::TextFragmentIterator::TextFragmentIterator(WebCore::RenderBlockFlow const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x684c6a2) #5 0x11e04e7fc in WebCore::SimpleLineLayout::TextFragmentIterator::TextFragmentIterator(WebCore::RenderBlockFlow const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x684c7fc) #6 0x11e00534b in WebCore::SimpleLineLayout::createTextRuns(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::RenderBlockFlow&, unsigned int&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x680334b) #7 0x11e004de4 in WebCore::SimpleLineLayout::create(WebCore::RenderBlockFlow&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6802de4) #8 0x11d0b9f70 in WebCore::RenderBlockFlow::layoutSimpleLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58b7f70) #9 0x11d0ad73a in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58ab73a) #10 0x11d0aa1b0 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58a81b0) #11 0x11cfeb563 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57e9563) #12 0x11d0b76f3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58b56f3) #13 0x11d0ae03e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58ac03e) #14 0x11d0aa227 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58a8227) #15 0x11cfeb563 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57e9563) #16 0x11d0b76f3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58b56f3) #17 0x11d0ae03e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58ac03e) #18 0x11d0aa227 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58a8227) #19 0x11cfeb563 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57e9563) #20 0x11d0b76f3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58b56f3) #21 0x11d0ae03e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58ac03e) #22 0x11d0aa227 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58a8227) #23 0x11cfeb563 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57e9563) #24 0x11d0b76f3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58b56f3) #25 0x11d0ae03e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58ac03e) #26 0x11d0aa227 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58a8227) #27 0x11cfeb563 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57e9563) #28 0x11d9f3b45 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61f1b45) #29 0x11d9f5fa5 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61f3fa5) #30 0x1194127aa in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1c107aa) #31 0x1189f5619 in WebCore::Document::updateLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11f3619) #32 0x1189ffe31 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11fde31) #33 0x11ec0ab07 in WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x7408b07) #34 0x11ec0a6cc in WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x74086cc) #35 0x11ec0a502 in WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::EAffinity) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x7408502) #36 0x11ec0a8d2 in WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::EAffinity) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x74088d2) #37 0x11ec17104 in WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x7415104) #38 0x11ec14c14 in WebCore::VisibleSelection::validate(WebCore::TextGranularity) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x7412c14) #39 0x11ec14ecd in WebCore::VisibleSelection::VisibleSelection(WebCore::Position const&, WebCore::Position const&, WebCore::EAffinity, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x7412ecd) #40 0x11ec14f1b in WebCore::VisibleSelection::VisibleSelection(WebCore::Position const&, WebCore::Position const&, WebCore::EAffinity, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x7412f1b) #41 0x1180aa624 in WebCore::CompositeEditCommand::moveParagraphWithClones(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::Element*, WebCore::Node*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x8a8624) #42 0x119f0b7cf in WebCore::IndentOutdentCommand::indentIntoBlockquote(WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x27097cf) #43 0x119f0d48b in WebCore::IndentOutdentCommand::formatRange(WebCore::Position const&, WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x270b48b) #44 0x117a7a470 in WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x278470) #45 0x119f0d3fe in WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x270b3fe) #46 0x117a79037 in WebCore::ApplyBlockElementCommand::doApply() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x277037) #47 0x1180969b9 in WebCore::CompositeEditCommand::apply() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x8949b9) #48 0x1180965d0 in WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x8945d0) #49 0x118db05fc in WebCore::executeIndent(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15ae5fc) #50 0x118dac2eb in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x15aa2eb) #51 0x118a2b5f1 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12295f1) #52 0x11a799b3a in WebCore::jsDocumentPrototypeFunctionExecCommandCaller(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f97b3a) #53 0x11a74b743 in long long WebCore::BindingCaller<WebCore::JSDocument>::callOperation<&(WebCore::jsDocumentPrototypeFunctionExecCommandCaller(JSC::ExecState*, WebCore::JSDocument*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, char const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f49743) #54 0x11a74b2b9 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2f492b9) #55 0x33da6f801027 (<unknown module>) #56 0x13538c30e in llint_entry (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x28fc30e) #57 0x135384bdd in vmEntryToJavaScript (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x28f4bdd) #58 0x134d4ba2f in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x22bba2f) #59 0x134c65bf5 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x21d5bf5) #60 0x1335a625a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xb1625a) #61 0x1335a67d7 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xb167d7) #62 0x1335a734d in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xb1734d) #63 0x11a4aedb0 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2cacdb0) #64 0x11acad749 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x34ab749) #65 0x118ed0369 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16ce369) #66 0x118ecfb95 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16cdb95) #67 0x118c7d5ea in WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x147b5ea) #68 0x118c9b7e6 in WebCore::DOMWindow::dispatchLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x14997e6) #69 0x118a0c1fc in WebCore::Document::dispatchWindowLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x120a1fc) #70 0x1189ff2dc in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11fd2dc) #71 0x11937b982 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b79982) #72 0x11937b17c in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b7917c) #73 0x11937720b in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b7520b) #74 0x118a2fa58 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122da58) #75 0x1197e6ab5 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1fe4ab5) #76 0x119af8cd7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x22f6cd7) #77 0x1198629bb in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x20609bb) #78 0x11985d146 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x205b146) #79 0x11985ccfd in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x205acfd) #80 0x119862adb in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2060adb) #81 0x119862c17 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2060c17) #82 0x118bf6c7f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13f4c7f) #83 0x118b3f956 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x133d956) #84 0x118b3f352 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x133d352) #85 0x117e202f3 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61e2f3) #86 0x117e20983 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61e983) #87 0x117e12218 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x610218) #88 0x11e445af1 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6c43af1) #89 0x1106fbd15 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f51d15) #90 0x11070bbd9 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f61bd9) #91 0x11070b7e4 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f617e4) #92 0x110708898 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f5e898) #93 0x110706a4a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f5ca4a) #94 0x10f0d702c in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x92d02c) #95 0x10e9d0f1a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x226f1a) #96 0x10e9b5544 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x20b544) #97 0x10e9d1c05 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x227c05) #98 0x10ea1285c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x26885c) #99 0x10ea12788 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x268788) #100 0x1362a7980 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3817980) #101 0x1362f6266 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3866266) #102 0x1362f73a1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x38673a1) #103 0x7fff90bdc980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980) #104 0x7fff90bbda7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c) #105 0x7fff90bbcf75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75) #106 0x7fff90bbc973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973) #107 0x7fff90148a5b in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30a5b) #108 0x7fff90148890 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30890) #109 0x7fff901486c5 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x306c5) #110 0x7fff8e6ee5b3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x475b3) #111 0x7fff8ee68d6a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c1d6a) #112 0x7fff8e6e2f34 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3bf34) #113 0x7fff8e6ad84f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x684f) #114 0x7fffa636e8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6) #115 0x7fffa636d2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3) #116 0x10e797fb2 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001fb2) #117 0x7fffa610a254 in start (/usr/lib/system/libdyld.dylib+0x5254) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3793a68) in WTFCrash ==89606==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 89606) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy 1783409 1 mmaxfield 2021-08-11 00:08:06 -0700 I can't reproduce this. This bug is 4 years old - can you verify that it still happens? 305860 2017-03-30 06:30:28 -0700 2017-03-30 06:30:28 -0700 Test test.html text/html 206 hodovan PHNjcmlwdD4Kd2luZG93Lm9ubG9hZCA9IGZ1bmN0aW9uKCl7CiAgICBkb2N1bWVudC5leGVjQ29t bWFuZCgnc2VsZWN0QWxsJykKICAgIGRvY3VtZW50LmRlc2lnbk1vZGU9J29uJwogICAgZG9jdW1l bnQuZXhlY0NvbW1hbmQoJ2luZGVudCcpCn0KPC9zY3JpcHQ+CjxzdHlsZT4KKiB7CiAgICBmb250 LWZlYXR1cmUtc2V0dGluZ3M6InN3c2giCn0KPC9zdHlsZT4=