176061 2017-08-29 11:31:21 -0700 Assertion failure when opening a file with a missing tag closing bracket 2017-08-29 19:26:48 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 sabouhallawa sabouhallawa buildbot cdumez commit-queue darin esprehn+autocc gyuyoung.kim webkit-bug-importer oldest_to_newest 1343164 0 sabouhallawa 2017-08-29 11:31:21 -0700 Open the following page in WebKit: <!DOCTYPE html> <html> <body> <script> </script </body> </html> Notice the "</script" does not have a closing bracket. Result: Assertion failure with the following call stack: #1 0x00000001c8d61f39 in WebCore::SegmentedString::advancePastNonNewline() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/text/SegmentedString.h:242 #2 0x00000001c8e4ebc9 in WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString&, unsigned short, WebCore::HTMLTokenizer::State) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLTokenizer.cpp:162 #3 0x00000001c8e50d4d in WebCore::HTMLTokenizer::processToken(WebCore::SegmentedString&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLTokenizer.cpp:469 #4 0x00000001c8d42a9f in WebCore::HTMLTokenizer::nextToken(WebCore::SegmentedString&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLTokenizer.h:284 #5 0x00000001c8df7711 in WebCore::HTMLMetaCharsetParser::checkForMetaCharset(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLMetaCharsetParser.cpp:158 #6 0x00000001cabb2198 in WebCore::TextResourceDecoder::checkForMetaCharset(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/TextResourceDecoder.cpp:559 #7 0x00000001cabb2100 in WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/TextResourceDecoder.cpp:554 #8 0x00000001cabb2a6a in WebCore::TextResourceDecoder::decode(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/TextResourceDecoder.cpp:617 #9 0x00000001c8719cad in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/DecodedDataDocumentParser.cpp:45 #10 0x00000001c885e879 in WebCore::DocumentWriter::addData(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentWriter.cpp:253 #11 0x00000001c88155af in WebCore::DocumentLoader::commitData(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:914 #12 0x00000001094606af in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:975 #13 0x00000001c88182cd in WebCore::DocumentLoader::commitLoad(char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:832 #14 0x00000001c88181ef in WebCore::DocumentLoader::dataReceived(char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:947 #15 0x00000001c8818924 in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:920 #16 0x00000001c8290e98 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedRawResource.cpp:115 #17 0x00000001c8290cfd in WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedRawResource.cpp:64 #18 0x00000001ca9dbd3a in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:406 #19 0x00000001ca9dbb02 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:374 #20 0x000000010983f014 in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:135 #21 0x00000001098429f0 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:40 #22 0x00000001098427c0 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:46 #23 0x0000000109841c11 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:126 #24 0x00000001098413d6 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebKit2/WebResourceLoaderMessageReceiver.cpp:61 #25 0x0000000108f975a9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:68 #26 0x0000000108d33983 in IPC::Connection::dispatchMessage(IPC::Decoder&) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:901 #27 0x0000000108d28ea8 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:928 #28 0x0000000108d33f8a in IPC::Connection::dispatchOneMessage() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:959 #29 0x0000000108d4c4bd in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:895 #30 0x0000000108d4c419 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/Function.h:101 #31 0x00000001d60efe2b in WTF::Function<void ()>::operator()() const at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/Function.h:56 #32 0x00000001d61112e3 in WTF::RunLoop::performWork() at /Volumes/Data/WebKit/OpenSource/Source/WTF/wtf/RunLoop.cpp:106 #33 0x00000001d6111b64 in WTF::RunLoop::performWork(void*) at /Volumes/Data/WebKit/OpenSource/Source/WTF/wtf/cf/RunLoopCF.cpp:38 1343165 1 webkit-bug-importer 2017-08-29 11:31:51 -0700 <rdar://problem/34137537> 1343288 2 darin 2017-08-29 16:08:14 -0700 The bug here is in HTMLTokenizer::commitToPartialEndTag, which calls SegmentedString ::advancePastNonNewline, but instead it needs to call SegmentedString::advance. That's all it will take to fix this; just call advance instead of advancePastNonNewline. 1343334 3 319313 sabouhallawa 2017-08-29 17:12:46 -0700 Created attachment 319313 Patch 1343393 4 319313 commit-queue 2017-08-29 19:26:46 -0700 Comment on attachment 319313 Patch Clearing flags on attachment: 319313 Committed r221335: <http://trac.webkit.org/changeset/221335> 1343394 5 commit-queue 2017-08-29 19:26:48 -0700 All reviewed patches have been landed. Closing bug. 319313 2017-08-29 17:12:46 -0700 2017-08-29 19:26:46 -0700 Patch bug-176061-20170829171245.patch text/plain 3156 sabouhallawa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIyMTMyNikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE5IEBACisyMDE3LTA4LTI5ICBTYWlkIEFi b3UtSGFsbGF3YSAgPHNhYm91aGFsbGF3YUBhcHBsZS5jb20+CisKKyAgICAgICAgQXNzZXJ0aW9u IGZhaWx1cmUgd2hlbiBvcGVuaW5nIGEgZmlsZSB3aXRoIGEgbWlzc2luZyB0YWcgY2xvc2luZyBi cmFja2V0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0x NzYwNjEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJ ZiBhIHRhZyBpcyBtaXNzaW5nIGl0cyBjbG9zaW5nIGJyYWNrZXQsIHRoZSB0b2tlbml6ZXIganVz dCBuZWVkcyB0byBhZHZhbmNlKCkKKyAgICAgICAgdGhlIGNoYXJhY3RlciBwb3NpdGlvbiB3aXRo b3V0IGNoZWNraW5nIG1fY3VycmVudENoYXJhY3RlciAhPSAnXG4nLiBOZXdsaW5lCisgICAgICAg IGNoYXJhY3RlciBpcyBhIHZhbGlkIGVuZGluZyBmb3IgcGFydGlhbGx5IGNsb3NlZCB0YWdzLgor CisgICAgICAgIFRlc3Q6IGZhc3QvdG9rZW5pemVyL21pc3Npbmctc2NyaXB0LXRhZy1jbG9zaW5n LWJyYWNrZXQuaHRtbAorCisgICAgICAgICogaHRtbC9wYXJzZXIvSFRNTFRva2VuaXplci5jcHA6 CisgICAgICAgIChXZWJDb3JlOjpIVE1MVG9rZW5pemVyOjpjb21taXRUb1BhcnRpYWxFbmRUYWcp OgorCiAyMDE3LTA4LTI5ICBBbmR5IEVzdGVzICA8YWVzdGVzQGFwcGxlLmNvbT4KIAogICAgICAg ICBSRUdSRVNTSU9OIChyMjE1MjkwKTogIldoZXJlIEZyb20iIG1ldGFkYXRhIGlzIGVtcHR5IHdo ZW4gZHJhZ2dpbmcgYW4gaW1hZ2Ugb3V0IG9mIFNhZmFyaQpJbmRleDogU291cmNlL1dlYkNvcmUv aHRtbC9wYXJzZXIvSFRNTFRva2VuaXplci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNv cmUvaHRtbC9wYXJzZXIvSFRNTFRva2VuaXplci5jcHAJKHJldmlzaW9uIDIyMTMyMCkKKysrIFNv dXJjZS9XZWJDb3JlL2h0bWwvcGFyc2VyL0hUTUxUb2tlbml6ZXIuY3BwCSh3b3JraW5nIGNvcHkp CkBAIC0xNTksNyArMTU5LDcgQEAgYm9vbCBIVE1MVG9rZW5pemVyOjpjb21taXRUb1BhcnRpYWxF bmRUYQogewogICAgIEFTU0VSVChzb3VyY2UuY3VycmVudENoYXJhY3RlcigpID09IGNoYXJhY3Rl cik7CiAgICAgYXBwZW5kVG9UZW1wb3JhcnlCdWZmZXIoY2hhcmFjdGVyKTsKLSAgICBzb3VyY2Uu YWR2YW5jZVBhc3ROb25OZXdsaW5lKCk7CisgICAgc291cmNlLmFkdmFuY2UoKTsKIAogICAgIGlm IChoYXZlQnVmZmVyZWRDaGFyYWN0ZXJUb2tlbigpKSB7CiAgICAgICAgIC8vIEVtaXQgdGhlIGJ1 ZmZlcmVkIGNoYXJhY3RlciB0b2tlbi4KSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDIyMTMyMCkKKysrIExh eW91dFRlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBACisyMDE3 LTA4LTI5ICBTYWlkIEFib3UtSGFsbGF3YSAgPHNhYm91aGFsbGF3YUBhcHBsZS5jb20+CisKKyAg ICAgICAgQXNzZXJ0aW9uIGZhaWx1cmUgd2hlbiBvcGVuaW5nIGEgZmlsZSB3aXRoIGEgbWlzc2lu ZyB0YWcgY2xvc2luZyBicmFja2V0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0xNzYwNjEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICAqIGZhc3QvdG9rZW5pemVyL21pc3Npbmctc2NyaXB0LXRhZy1jbG9zaW5n LWJyYWNrZXQtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L3Rva2VuaXplci9t aXNzaW5nLXNjcmlwdC10YWctY2xvc2luZy1icmFja2V0Lmh0bWw6IEFkZGVkLgorCiAyMDE3LTA4 LTI5ICBQZXIgQXJuZSBWb2xsYW4gIDxwdm9sbGFuQGFwcGxlLmNvbT4KIAogICAgICAgICBSZWJh c2VsaW5lIGVkaXRpbmcvc3R5bGUvNTA2NTkxMC5odG1sIGFmdGVyIHIyMjA3MDYuCkluZGV4OiBM YXlvdXRUZXN0cy9mYXN0L3Rva2VuaXplci9taXNzaW5nLXNjcmlwdC10YWctY2xvc2luZy1icmFj a2V0LWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L3Rva2VuaXpl ci9taXNzaW5nLXNjcmlwdC10YWctY2xvc2luZy1icmFja2V0LWV4cGVjdGVkLnR4dAkobm9uZXhp c3RlbnQpCisrKyBMYXlvdXRUZXN0cy9mYXN0L3Rva2VuaXplci9taXNzaW5nLXNjcmlwdC10YWct Y2xvc2luZy1icmFja2V0LWV4cGVjdGVkLnR4dAkod29ya2luZyBjb3B5KQpAQCAtMCwwICsxIEBA CitQYXNzIGlmIG5vIGFzc2VydGlvbiBmYWlsdXJlIGhhcHBlbnMuCkluZGV4OiBMYXlvdXRUZXN0 cy9mYXN0L3Rva2VuaXplci9taXNzaW5nLXNjcmlwdC10YWctY2xvc2luZy1icmFja2V0Lmh0bWwK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC90b2tlbml6ZXIvbWlzc2luZy1zY3JpcHQt dGFnLWNsb3NpbmctYnJhY2tldC5odG1sCShub25leGlzdGVudCkKKysrIExheW91dFRlc3RzL2Zh c3QvdG9rZW5pemVyL21pc3Npbmctc2NyaXB0LXRhZy1jbG9zaW5nLWJyYWNrZXQuaHRtbAkod29y a2luZyBjb3B5KQpAQCAtMCwwICsxLDcgQEAKKzxib2R5PgorICAgIDxwPlBhc3MgaWYgbm8gYXNz ZXJ0aW9uIGZhaWx1cmUgaGFwcGVucy48L3A+CisgICAgPHNjcmlwdD4KKyAgICAgICAgaWYgKHdp bmRvdy50ZXN0UnVubmVyKQorICAgICAgICAgICAgdGVzdFJ1bm5lci5kdW1wQXNUZXh0KCk7Cisg ICAgPC9zY3JpcHQKKzwvYm9keT4K