194671 2019-02-14 14:00:13 -0800 Web Inspector: Occasional crash under WebCore::CSSStyleSheet::item called from Inspector 2019-02-15 16:30:39 -0800 1 1 1 Unclassified WebKit Web Inspector WebKit Nightly Build All All RESOLVED FIXED InRadar P2 Normal --- 1 joepeck joepeck commit-queue hi inspector-bugzilla-changes joepeck webkit-bug-importer oldest_to_newest 1506347 0 joepeck 2019-02-14 14:00:13 -0800 Occasional crash under WebCore::CSSStyleSheet::item called from Inspector Unsure how to reproduce, but crash logs have: ---- Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000002, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff51490a02 WebCore::CSSStyleSheet::item(unsigned int) + 370 1 com.apple.WebCore 0x00007fff520acf1a void WebCore::InspectorCSSOMWrappers::collect<WebCore::CSSStyleSheet>(WebCore::CSSStyleSheet*) + 74 2 com.apple.WebCore 0x00007fff520ad34c WebCore::InspectorCSSOMWrappers::collectDocumentWrappers(WebCore::ExtensionStyleSheets&) + 332 3 com.apple.WebCore 0x00007fff5243b383 WebCore::InspectorCSSAgent::buildObjectForRule(WebCore::StyleRule*, WebCore::StyleResolver&, WebCore::Element&) + 67 4 com.apple.WebCore 0x00007fff52437efa WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList(WTF::Vector<WTF::RefPtr<WebCore::StyleRule, WTF::DumbPtrTraits<WebCore::StyleRule> >, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::StyleResolver&, WebCore::Element&, WebCore::PseudoId) + 298 5 com.apple.WebCore 0x00007fff5243755c WebCore::InspectorCSSAgent::getMatchedStylesForNode(WTF::String&, int, bool const*, bool const*, WTF::RefPtr<WTF::JSONImpl::ArrayOf<Inspector::Protocol::CSS::RuleMatch>, WTF::DumbPtrTraits<WTF::JSONImpl::ArrayOf<Inspector::Protocol::CSS::RuleMatch> > >&, WTF::RefPtr<WTF::JSONImpl::ArrayOf<Inspector::Protocol::CSS::PseudoIdMatches>, WTF::DumbPtrTraits<WTF::JSONImpl::ArrayOf<Inspector::Protocol::CSS::PseudoIdMatches> > >&, WTF::RefPtr<WTF::JSONImpl::ArrayOf<Inspector::Protocol::CSS::InheritedStyleEntry>, WTF::DumbPtrTraits<WTF::JSONImpl::ArrayOf<Inspector::Protocol::CSS::InheritedStyleEntry> > >&) + 252 6 com.apple.JavaScriptCore 0x00007fff47f06a95 Inspector::CSSBackendDispatcher::getMatchedStylesForNode(long, WTF::RefPtr<WTF::JSONImpl::Object, WTF::DumbPtrTraits<WTF::JSONImpl::Object> >&&) + 965 7 com.apple.JavaScriptCore 0x00007fff47f06274 Inspector::CSSBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<WTF::JSONImpl::Object, WTF::DumbPtrTraits<WTF::JSONImpl::Object> >&&) + 564 8 com.apple.JavaScriptCore 0x00007fff47f02e3d Inspector::BackendDispatcher::dispatch(WTF::String const&) + 2349 9 com.apple.WebKit 0x00007fff533178ed WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 6055 ... ---- 1506348 1 joepeck 2019-02-14 14:00:22 -0800 <rdar://problem/47628191> 1506367 2 362059 joepeck 2019-02-14 14:15:31 -0800 Created attachment 362059 [PATCH] Proposed Fix 1506371 3 362059 hi 2019-02-14 14:19:41 -0800 Comment on attachment 362059 [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=362059&action=review rs=me > Source/WebCore/ChangeLog:10 > + (WebCore::CSSStyleSheet::item): I think you could add more of the explanation from the bug comments in the ChangeLog. Right now, what you have here doesn't really explain "how" this "might" happen, and what you investigated to arrive at this point. > Source/WebCore/css/CSSStyleSheet.cpp:234 > + if (m_childRuleCSSOMWrappers.size() != ruleCount) NIT: I think it's "smarter" to only expand if we don't have enough room, not if we don't have exactly the right amount of room. if (m_childRuleCSSOMWrappers.size() < ruleCount) 1506391 4 362059 joepeck 2019-02-14 14:58:21 -0800 Comment on attachment 362059 [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=362059&action=review >> Source/WebCore/css/CSSStyleSheet.cpp:234 >> + if (m_childRuleCSSOMWrappers.size() != ruleCount) > > NIT: I think it's "smarter" to only expand if we don't have enough room, not if we don't have exactly the right amount of room. > > if (m_childRuleCSSOMWrappers.size() < ruleCount) Fair enough. 1506392 5 362066 joepeck 2019-02-14 15:01:25 -0800 Created attachment 362066 [PATCH] For Landing 1506407 6 362066 commit-queue 2019-02-14 15:40:05 -0800 Comment on attachment 362066 [PATCH] For Landing Clearing flags on attachment: 362066 Committed r241567: <https://trac.webkit.org/changeset/241567> 362059 2019-02-14 14:15:31 -0800 2019-02-14 14:58:21 -0800 [PATCH] Proposed Fix crash-1.patch text/plain 1733 joepeck ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCA2NTBlMGI0M2Q1NC4uYWI2ZDM4NTExOTUgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNyBAQAorMjAxOS0wMi0xNCAgSm9zZXBoIFBlY29yYXJvICA8cGVjb3Jhcm9AYXBwbGUu Y29tPgorCisgICAgICAgIFdlYiBJbnNwZWN0b3I6IE9jY2FzaW9uYWwgY3Jhc2ggdW5kZXIgV2Vi Q29yZTo6Q1NTU3R5bGVTaGVldDo6aXRlbSBjYWxsZWQgZnJvbSBJbnNwZWN0b3IKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NDY3MQorICAgICAgICA8 cmRhcjovL3Byb2JsZW0vNDc2MjgxOTE+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgKiBjc3MvQ1NTU3R5bGVTaGVldC5jcHA6CisgICAgICAgIChXZWJD b3JlOjpDU1NTdHlsZVNoZWV0OjppdGVtKToKKyAgICAgICAgTWFrZSB0aGlzIHNhZmVyIHRvIGF2 b2lkIG92ZXJmbG93IG9mIHRoZSBhcnJheSB3aGljaCB3YXMgdGhlIGNyYXNoLgorICAgICAgICBQ cm9tb3RlIHRoZSBhc3NlcnRpb24gdGhhdCB3b3VsZCBjYXRjaCB0aGUgbGlzdHMgZ2V0dGluZyBv dXQgb2Ygc3luYworICAgICAgICBpbiBkZWJ1ZyBidWlsZHMuCisKIDIwMTktMDItMTMgIEpvc2Vw aCBQZWNvcmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KIAogICAgICAgICBXZWIgSW5zcGVjdG9y OiBDcmFzaCB3aGVuIGluc3BlY3RpbmcgYW4gZWxlbWVudCB0aGF0IGNvbnN0YW50bHkgY2hhbmdl cyB2aXNpYmlsaXR5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9jc3MvQ1NTU3R5bGVTaGVl dC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9jc3MvQ1NTU3R5bGVTaGVldC5jcHAKaW5kZXggYWViZTk3 ZGM4ZjguLmFiNDI0YjRhYWI5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9jc3MvQ1NTU3R5 bGVTaGVldC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvY3NzL0NTU1N0eWxlU2hlZXQuY3BwCkBA IC0yMjgsMTIgKzIyOCwxMiBAQCBDU1NSdWxlKiBDU1NTdHlsZVNoZWV0OjppdGVtKHVuc2lnbmVk IGluZGV4KQogewogICAgIHVuc2lnbmVkIHJ1bGVDb3VudCA9IGxlbmd0aCgpOwogICAgIGlmIChp bmRleCA+PSBydWxlQ291bnQpCi0gICAgICAgIHJldHVybiAwOworICAgICAgICByZXR1cm4gbnVs bHB0cjsKIAotICAgIGlmIChtX2NoaWxkUnVsZUNTU09NV3JhcHBlcnMuaXNFbXB0eSgpKQorICAg IEFTU0VSVChtX2NoaWxkUnVsZUNTU09NV3JhcHBlcnMuaXNFbXB0eSgpIHx8IG1fY2hpbGRSdWxl Q1NTT01XcmFwcGVycy5zaXplKCkgPT0gcnVsZUNvdW50KTsKKyAgICBpZiAobV9jaGlsZFJ1bGVD U1NPTVdyYXBwZXJzLnNpemUoKSAhPSBydWxlQ291bnQpCiAgICAgICAgIG1fY2hpbGRSdWxlQ1NT T01XcmFwcGVycy5ncm93KHJ1bGVDb3VudCk7Ci0gICAgQVNTRVJUKG1fY2hpbGRSdWxlQ1NTT01X cmFwcGVycy5zaXplKCkgPT0gcnVsZUNvdW50KTsKLSAgICAKKwogICAgIFJlZlB0cjxDU1NSdWxl PiYgY3NzUnVsZSA9IG1fY2hpbGRSdWxlQ1NTT01XcmFwcGVyc1tpbmRleF07CiAgICAgaWYgKCFj c3NSdWxlKQogICAgICAgICBjc3NSdWxlID0gbV9jb250ZW50cy0+cnVsZUF0KGluZGV4KS0+Y3Jl YXRlQ1NTT01XcmFwcGVyKHRoaXMpOwo= 362066 2019-02-14 15:01:25 -0800 2019-02-14 15:40:05 -0800 [PATCH] For Landing for-landing-2.patch text/plain 2087 joepeck ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCA2NTBlMGI0M2Q1NC4uYTNmOTA4ZWMzYjYgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwyMSBAQAorMjAxOS0wMi0xNCAgSm9zZXBoIFBlY29yYXJvICA8cGVjb3Jhcm9AYXBwbGUu Y29tPgorCisgICAgICAgIFdlYiBJbnNwZWN0b3I6IE9jY2FzaW9uYWwgY3Jhc2ggdW5kZXIgV2Vi Q29yZTo6Q1NTU3R5bGVTaGVldDo6aXRlbSBjYWxsZWQgZnJvbSBJbnNwZWN0b3IKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NDY3MQorICAgICAgICA8 cmRhcjovL3Byb2JsZW0vNDc2MjgxOTE+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgRGV2aW4gUm91 c3NvLgorCisgICAgICAgICogY3NzL0NTU1N0eWxlU2hlZXQuY3BwOgorICAgICAgICAoV2ViQ29y ZTo6Q1NTU3R5bGVTaGVldDo6aXRlbSk6CisgICAgICAgIEEgY3Jhc2ggbWF5IGhhcHBlbiBpZiB0 aGUgbV9jaGlsZFJ1bGVDU1NPTVdyYXBwZXJzIFZlY3RvciBnZXRzIG91dCBvZgorICAgICAgICBz eW5jIHdpdGggdGhlIG1fY29udGVudHMgbGlzdCBvZiBydWxlcy4gSW4gcGFydGljdWxhciBpZiB0 aGUgd3JhcHBlcnMKKyAgICAgICAgdmVjdG9yIGlzIHNob3J0ZXIgdGhhbiB0aGUgcnVsZSBsaXN0 LiBXZSB0cmllZCBleGVyY2lzaW5nIGNvZGUgcGF0aHMKKyAgICAgICAgdGhhdCBtb2RpZnkgdGhl c2UgbGlzdHMgYnV0IHdlcmUgbm90IGFibGUgdG8gcmVwcm9kdWNlIHRoZSBjcmFzaC4KKyAgICAg ICAgVG8gYXZvaWQgYSBjcmFzaCB3ZSBjYW4gbWFrZSB0aGlzIGFjY2VzcyBzYWZlciBhbmQgYXZv aWQgdGhlIG9yaWdpbmFsCisgICAgICAgIG92ZXJmbG93LiBBdCB0aGUgc2FtZSB0aW1lIHdlIHdp bGwga2VlcCBhbmQgcHJvbW90ZSB0aGUgYXNzZXJ0aW9uIHRoYXQKKyAgICAgICAgd291bGQgY2F0 Y2ggdGhlIGxpc3RzIGdldHRpbmcgb3V0IG9mIHN5bmMgaW4gZGVidWcgYnVpbGRzLgorCiAyMDE5 LTAyLTEzICBKb3NlcGggUGVjb3Jhcm8gIDxwZWNvcmFyb0BhcHBsZS5jb20+CiAKICAgICAgICAg V2ViIEluc3BlY3RvcjogQ3Jhc2ggd2hlbiBpbnNwZWN0aW5nIGFuIGVsZW1lbnQgdGhhdCBjb25z dGFudGx5IGNoYW5nZXMgdmlzaWJpbGl0eQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvY3Nz L0NTU1N0eWxlU2hlZXQuY3BwIGIvU291cmNlL1dlYkNvcmUvY3NzL0NTU1N0eWxlU2hlZXQuY3Bw CmluZGV4IGFlYmU5N2RjOGY4Li5jYzQxMjU3YzM1MSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNv cmUvY3NzL0NTU1N0eWxlU2hlZXQuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2Nzcy9DU1NTdHls ZVNoZWV0LmNwcApAQCAtMjI4LDEyICsyMjgsMTIgQEAgQ1NTUnVsZSogQ1NTU3R5bGVTaGVldDo6 aXRlbSh1bnNpZ25lZCBpbmRleCkKIHsKICAgICB1bnNpZ25lZCBydWxlQ291bnQgPSBsZW5ndGgo KTsKICAgICBpZiAoaW5kZXggPj0gcnVsZUNvdW50KQotICAgICAgICByZXR1cm4gMDsKKyAgICAg ICAgcmV0dXJuIG51bGxwdHI7CiAKLSAgICBpZiAobV9jaGlsZFJ1bGVDU1NPTVdyYXBwZXJzLmlz RW1wdHkoKSkKKyAgICBBU1NFUlQobV9jaGlsZFJ1bGVDU1NPTVdyYXBwZXJzLmlzRW1wdHkoKSB8 fCBtX2NoaWxkUnVsZUNTU09NV3JhcHBlcnMuc2l6ZSgpID09IHJ1bGVDb3VudCk7CisgICAgaWYg KG1fY2hpbGRSdWxlQ1NTT01XcmFwcGVycy5zaXplKCkgPCBydWxlQ291bnQpCiAgICAgICAgIG1f Y2hpbGRSdWxlQ1NTT01XcmFwcGVycy5ncm93KHJ1bGVDb3VudCk7Ci0gICAgQVNTRVJUKG1fY2hp bGRSdWxlQ1NTT01XcmFwcGVycy5zaXplKCkgPT0gcnVsZUNvdW50KTsKLSAgICAKKwogICAgIFJl ZlB0cjxDU1NSdWxlPiYgY3NzUnVsZSA9IG1fY2hpbGRSdWxlQ1NTT01XcmFwcGVyc1tpbmRleF07 CiAgICAgaWYgKCFjc3NSdWxlKQogICAgICAgICBjc3NSdWxlID0gbV9jb250ZW50cy0+cnVsZUF0 KGluZGV4KS0+Y3JlYXRlQ1NTT01XcmFwcGVyKHRoaXMpOwo=