192347 2018-12-03 19:43:03 -0800 Crash in HTMLCollection::updateNamedElementCache 2018-12-04 16:31:30 -0800 1 1 1 Unclassified WebKit DOM WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=143203 InRadar P2 Normal --- 1 rniwa rniwa cdumez darin dbates esprehn+autocc ews-watchlist kangil.han koivisto webkit-bug-importer oldest_to_newest 1484675 0 rniwa 2018-12-03 19:43:03 -0800 e.g. 0 com.apple.WebCore 0x00007fff56800e90 WebCore::HTMLCollection::updateNamedElementCache() const + 192 1 com.apple.WebCore 0x00007fff56800b76 WebCore::HTMLCollection::namedItemSlow(WTF::AtomicString const&) const + 22 2 com.apple.WebCore 0x00007fff55fe674e WebCore::CachedHTMLCollection<WebCore::HTMLOptionsCollection, (WebCore::CollectionTraversalType)0>::namedItem(WTF::AtomicString const&) const + 590 3 com.apple.WebCore 0x00007fff55fde376 WebCore::JSHTMLOptionsCollection::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 502 4 com.apple.JavaScriptCore 0x00007fff4b979360 llint_slow_path_get_by_id + 2256 5 com.apple.JavaScriptCore 0x00007fff4b983d56 llint_entry + 12436 6 com.apple.JavaScriptCore 0x00007fff4b987ef7 llint_entry + 29237 7 com.apple.JavaScriptCore 0x00007fff4b980ada vmEntryToJavaScript + 304 8 com.apple.JavaScriptCore 0x00007fff4bfdf063 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 147 9 com.apple.JavaScriptCore 0x00007fff4b7f6ea4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 548 <rdar://problem/38054346> 1484678 1 356451 rniwa 2018-12-03 19:50:47 -0800 Created attachment 356451 Fixes the bug 1485056 2 rniwa 2018-12-04 16:30:25 -0800 Committed r238880: <https://trac.webkit.org/changeset/238880> 1485058 3 webkit-bug-importer 2018-12-04 16:31:30 -0800 <rdar://problem/46470500> 356451 2018-12-03 19:50:47 -0800 2018-12-03 20:29:59 -0800 Fixes the bug bug-192347-20181203195046.patch text/plain 4513 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIzODgxNCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIyIEBACisyMDE4LTEyLTAzICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIENyYXNoIGluIEhUTUxDb2xsZWN0 aW9uOjp1cGRhdGVOYW1lZEVsZW1lbnRDYWNoZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTkyMzQ3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgVGhlIGJ1ZyB3YXMgY2F1c2VkIGJ5IENvbGxlY3Rpb25JbmRl eENhY2hlJ3Mgbm9kZUF0IGNhY2hpbmcgdGhlIGxlbmd0aCBvZiAxCisgICAgICAgIHdoZW4gdGhl cmUgYXJlIG5vIG1hdGNoaW5nIGVsZW1lbnRzIGluIHRoZSBzdWJ0cmVlIHdoZW4gdGhlIGluZGV4 IGlzIG5vbi16ZXJvLgorCisgICAgICAgIEEgcmVsYXRlZCBidWcgd2FzIGZpeGVkIGluIHIxODIx MjUgYnV0IHdlIHdlcmUgbm90IGNvbnNpZGVyaW5nIHRoZSBwb3NzaWJpbGl0eQorICAgICAgICB0 aGF0IHRoZSBpbmRleCBnaXZlbiB0byB0aGlzIGZ1bmN0aW9uIG1pZ2h0IGJlIG5vbi16ZXJvIGV2 ZW4gd2hlbiB0aGVyZSB3ZXJlCisgICAgICAgIG5vIG1hdGNoaW5nIGVsZW1lbnRzLgorCisgICAg ICAgIFRlc3Q6IGZhc3QvZG9tL29wdGlvbnMtY29sbGVjdGlvbi16ZXJvLWxlbmd0aC1jcmFzaC5o dG1sCisKKyAgICAgICAgKiBkb20vQ29sbGVjdGlvbkluZGV4Q2FjaGUuaDoKKyAgICAgICAgKFdl YkNvcmU6OkNvbGxlY3Rpb25JbmRleENhY2hlPENvbGxlY3Rpb24sIEl0ZXJhdG9yPjo6bm9kZUF0 KToKKwogMjAxOC0xMi0wMyAgUnlvc3VrZSBOaXdhICA8cm5pd2FAd2Via2l0Lm9yZz4KIAogICAg ICAgICB0aXRsZSBhdHRyaWJ1dGUgb24gc3R5bGUgJiBsaW5rIGVsZW1lbnRzIHNob3VsZCBiZSBp Z25vcmVkIGluc2lkZSBhIHNoYWRvdyB0cmVlCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9kb20vQ29s bGVjdGlvbkluZGV4Q2FjaGUuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9kb20vQ29s bGVjdGlvbkluZGV4Q2FjaGUuaAkocmV2aXNpb24gMjM4ODE0KQorKysgU291cmNlL1dlYkNvcmUv ZG9tL0NvbGxlY3Rpb25JbmRleENhY2hlLmgJKHdvcmtpbmcgY29weSkKQEAgLTIwMywxMyArMjAz LDE0IEBAIGlubGluZSB0eXBlbmFtZSBDb2xsZWN0aW9uSW5kZXhDYWNoZTxDb2wKIAogICAgIG1f Y3VycmVudCA9IGNvbGxlY3Rpb24uY29sbGVjdGlvbkJlZ2luKCk7CiAgICAgbV9jdXJyZW50SW5k ZXggPSAwOwotICAgIGlmIChpbmRleCAmJiBtX2N1cnJlbnQgIT0gZW5kKSB7CisgICAgYm9vbCBz dGFydElzRW5kID0gbV9jdXJyZW50ID09IGVuZDsKKyAgICBpZiAoaW5kZXggJiYgIXN0YXJ0SXNF bmQpIHsKICAgICAgICAgY29sbGVjdGlvbi5jb2xsZWN0aW9uVHJhdmVyc2VGb3J3YXJkKG1fY3Vy cmVudCwgaW5kZXgsIG1fY3VycmVudEluZGV4KTsKICAgICAgICAgQVNTRVJUKG1fY3VycmVudCAh PSBlbmQgfHwgbV9jdXJyZW50SW5kZXggPCBpbmRleCk7CiAgICAgfQogICAgIGlmIChtX2N1cnJl bnQgPT0gZW5kKSB7CiAgICAgICAgIC8vIEZhaWxlZCB0byBmaW5kIHRoZSBpbmRleCBidXQgYXQg bGVhc3Qgd2Ugbm93IGtub3cgdGhlIHNpemUuCi0gICAgICAgIG1fbm9kZUNvdW50ID0gaW5kZXgg PyBtX2N1cnJlbnRJbmRleCArIDEgOiAwOworICAgICAgICBtX25vZGVDb3VudCA9IHN0YXJ0SXNF bmQgPyAwIDogbV9jdXJyZW50SW5kZXggKyAxOwogICAgICAgICBtX25vZGVDb3VudFZhbGlkID0g dHJ1ZTsKICAgICAgICAgcmV0dXJuIG51bGxwdHI7CiAgICAgfQpJbmRleDogTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24g MjM4ODE0KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMg KzEsMTcgQEAKKzIwMTgtMTItMDMgIFJ5b3N1a2UgTml3YSAgPHJuaXdhQHdlYmtpdC5vcmc+CisK KyAgICAgICAgQ3Jhc2ggaW4gSFRNTENvbGxlY3Rpb246OnVwZGF0ZU5hbWVkRWxlbWVudENhY2hl CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xOTIzNDcK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZGRlZCBh IHJlZ3Jlc3Npb24gdGVzdC4gV2UgY2FuJ3Qgc2ltcGx5IGNhbGwgc2VsZWN0Lm9wdGlvbnMuaXRl bQorICAgICAgICB0byBjYXRjaCB0aGlzIGNyYXNoIGJlY2F1c2UgdGhlIGdlbmVyYXRlZCBiaWRu aW5nIGNvZGUgZmlyc3QgY2FsbCBsZW5ndGgoKQorICAgICAgICB0byBjaGVjayBpZiB0aGUgaW5k ZXggaXMgd2l0aGluIHRoZSB2YWxpZCByYW5nZS4KKworICAgICAgICAqIGZhc3QvZG9tL29wdGlv bnMtY29sbGVjdGlvbi16ZXJvLWxlbmd0aC1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAg ICAgICAqIGZhc3QvZG9tL29wdGlvbnMtY29sbGVjdGlvbi16ZXJvLWxlbmd0aC1jcmFzaC5odG1s OiBBZGRlZC4KKwogMjAxOC0xMi0wMyAgRGFuaWVsIEJhdGVzICA8ZGFiYXRlc0BhcHBsZS5jb20+ CiAKICAgICAgICAgW2lPU10gRG8gbm90IGhhbmRsZSBrZXkgZXZlbnRzIHRoYXQgYXJlIGtleSBj b21tYW5kcwpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9kb20vb3B0aW9ucy1jb2xsZWN0aW9uLXpl cm8tbGVuZ3RoLWNyYXNoLWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9m YXN0L2RvbS9vcHRpb25zLWNvbGxlY3Rpb24temVyby1sZW5ndGgtY3Jhc2gtZXhwZWN0ZWQudHh0 CShub25leGlzdGVudCkKKysrIExheW91dFRlc3RzL2Zhc3QvZG9tL29wdGlvbnMtY29sbGVjdGlv bi16ZXJvLWxlbmd0aC1jcmFzaC1leHBlY3RlZC50eHQJKHdvcmtpbmcgY29weSkKQEAgLTAsMCAr MSwxMSBAQAorVGhpcyB0ZXN0cyBhY2Nlc3NpbmcgdGhlIGxlbmd0aCBhZnRlciBhY2Nlc3Npbmcg YSBwYXJ0aWN1bGFyIGluZGV4IGluIEhUTUxPcHRpb25zQ29sbGVjdGlvbnMgdmlhIEhUTUxTZWxl Y3RFbGVtZW50J3MgaXRlbS4gV2ViS2l0IHNob3VsZCBub3QgY3Jhc2guCisKK09uIHN1Y2Nlc3Ms IHlvdSB3aWxsIHNlZSBhIHNlcmllcyBvZiAiUEFTUyIgbWVzc2FnZXMsIGZvbGxvd2VkIGJ5ICJU RVNUIENPTVBMRVRFIi4KKworCitQQVNTIHNlbGVjdC5pdGVtKDUwMCkgaXMgbnVsbAorUEFTUyBz ZWxlY3Qub3B0aW9ucy5sZW5ndGggaXMgMAorUEFTUyBzdWNjZXNzZnVsbHlQYXJzZWQgaXMgdHJ1 ZQorCitURVNUIENPTVBMRVRFCisKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZG9tL29wdGlvbnMt Y29sbGVjdGlvbi16ZXJvLWxlbmd0aC1jcmFzaC5odG1sCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRl c3RzL2Zhc3QvZG9tL29wdGlvbnMtY29sbGVjdGlvbi16ZXJvLWxlbmd0aC1jcmFzaC5odG1sCShu b25leGlzdGVudCkKKysrIExheW91dFRlc3RzL2Zhc3QvZG9tL29wdGlvbnMtY29sbGVjdGlvbi16 ZXJvLWxlbmd0aC1jcmFzaC5odG1sCSh3b3JraW5nIGNvcHkpCkBAIC0wLDAgKzEsMTkgQEAKKzwh RE9DVFlQRSBodG1sPgorPGh0bWw+Cis8Ym9keT4KKzxzY3JpcHQgc3JjPSIuLi8uLi9yZXNvdXJj ZXMvanMtdGVzdC5qcyI+PC9zY3JpcHQ+Cis8c2NyaXB0PgorCitkZXNjcmlwdGlvbignVGhpcyB0 ZXN0cyBhY2Nlc3NpbmcgdGhlIGxlbmd0aCBhZnRlciBhY2Nlc3NpbmcgYSBwYXJ0aWN1bGFyIGlu ZGV4IGluIEhUTUxPcHRpb25zQ29sbGVjdGlvbnMgdmlhIEhUTUxTZWxlY3RFbGVtZW50XCdzIGl0 ZW0uIFdlYktpdCBzaG91bGQgbm90IGNyYXNoLicpOworCitjb25zdCBzZWxlY3QgPSBkb2N1bWVu dC5jcmVhdGVFbGVtZW50KCdzZWxlY3QnKTsKKworLy8gTmVlZCB0byBrZWVwIEhUTUxPcHRpb25z Q29sbGVjdGlvbiBhbGl2ZSBkdXJpbmcgdGhlIGNhbGwgdG8gaXRlbSgpIGFuZCB1bnRpbCB0aGUg bGVuZ3RoIGdldHRlciBpcyBjYWxsZWQuCitjb25zdCBvcHRpb25zQ29sbGVjdGlvbiA9IHNlbGVj dC5vcHRpb25zOworCitzaG91bGRCZSgnc2VsZWN0Lml0ZW0oNTAwKScsICdudWxsJyk7CitzaG91 bGRCZSgnc2VsZWN0Lm9wdGlvbnMubGVuZ3RoJywgJzAnKTsKKworPC9zY3JpcHQ+Cis8L2JvZHk+ Cis8L2h0bWw+Cg==