WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
250365
Nullptr crash in effectiveAssignedNodes
https://bugs.webkit.org/show_bug.cgi?id=250365
Summary
Nullptr crash in effectiveAssignedNodes
Ryosuke Niwa
Reported
2023-01-10 00:15:31 PST
e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x8094adc90 WebCore::Node::parentNode() const + 112 (Node.h:858) 1 WebCore 0x80cb94548 std::__1::optional<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData> > WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7::operator()<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData> const>(WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData> const&) const + 56 (SlotAssignment.cpp:437) 2 WebCore 0x80cb94447 WTF::CompactMapper<WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, void>::compactMap(WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7 const&) + 119 (Vector.h:1848) 3 WebCore 0x80cb943c5 WTF::Vector<WTF::CompactMapper<WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, void>::DestinationItemType, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> WTF::compactMap<WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&>(WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_7&&) + 69 (Vector.h:1879) 4 WebCore 0x80cb8f073 WebCore::effectiveAssignedNodes(WebCore::ShadowRoot&, WTF::Vector<WTF::WeakPtr<WebCore::Node, WebCore::WeakPtrImplWithEventTargetData>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 51 (SlotAssignment.cpp:436) 5 WebCore 0x80cb8ede8 WebCore::ManualSlotAssignment::assignedNodesForSlot(WebCore::HTMLSlotElement const&, WebCore::ShadowRoot&) + 200 (SlotAssignment.cpp:449) 6 WebCore 0x80cb8f210 WebCore::ManualSlotAssignment::addSlotElementByName(WTF::AtomString const&, WebCore::HTMLSlotElement&, WebCore::ShadowRoot&) + 128 (SlotAssignment.cpp:470) 7 WebCore 0x80cb75121 WebCore::ShadowRoot::addSlotElementByName(WTF::AtomString const&, WebCore::HTMLSlotElement&) + 289 (ShadowRoot.cpp:276) 8 WebCore 0x80ceebb9d WebCore::HTMLSlotElement::insertedIntoAncestor(WebCore::Node::InsertionType, WebCore::ContainerNode&) + 285 (HTMLSlotElement.cpp:67)
Attachments
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2023-01-10 00:19:01 PST
Pull request:
https://github.com/WebKit/WebKit/pull/8437
Ryosuke Niwa
Comment 2
2023-01-10 00:23:10 PST
<
rdar://104063331
>
EWS
Comment 3
2023-01-10 01:44:10 PST
Committed
258708@main
(bb2cc188a3a9): <
https://commits.webkit.org/258708@main
> Reviewed commits have been landed. Closing PR #8437 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug