281131 – Immediate crash when WebComponents are combined with global styles & container queries.

NEW 281131

Immediate crash when WebComponents are combined with global styles & container queries.

https://bugs.webkit.org/show_bug.cgi?id=281131

Summary Immediate crash when WebComponents are combined with global styles & containe...

herr.moms

Reported 2024-10-09 03:18:03 PDT

Created attachment 472875 [details] Crash Sample Component The following issue occurs with Safari 18 on all platforms, including Mac, also Technology Preview. When using container queries, I noticed a malfunction that I cannot further isolate. The combination of container queries, WebComponents, and (this is where I get stuck) the application of irrelevant CSS causes the page to crash. I have isolated a Stackblitz sample and partially narrowed down the problem. https://stackblitz.com/edit/stackblitz-starters-gxvbz9?file=index.html Steps to Reproduce: 1. Open the provided Stackblitz or sample-crash.html sample in Safari 18. 2. Ensure lines 7 to 9 are active. 3. Observe the page crash a few seconds after loading. The page crashes a few seconds after loading with no error message or indication of the cause. There is no apparent connection between the responsible CSS block and the WebComponent in the example. Additional Information: - The issue does not occur when CSS lines 14-20 are commented out. - The problem seems to be related to the interaction between container queries and WebComponents. - `.ux-button--no-border:not(:active):not(:disabled):hover ux-icon`==> crashed immediately - `.ux-button--no-border:not(:active):not(:disabled):hover > ux-icon` ==> works

Attachments
Crash Sample Component (1.02 KB, text/html) 2024-10-09 03:18 PDT, herr.moms	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2024-10-14 12:52:50 PDT

rdar://137812974 I can reproduce this after uncommenting lines 7-9 (as per original steps to reproduce), and clicking in the content (which is not). Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x11a38a380 WebCore::Style::Update::elementStyle(WebCore::Element const&) + 0 1 WebCore 0x11a32ddd8 WebCore::Style::ContainerQueryEvaluator::selectContainer(WTF::OptionSet<WebCore::CQ::Axis>, WTF::String const&, WebCore::Element const&, WebCore::Style::ContainerQueryEvaluator::SelectionMode, WebCore::Style::ScopeOrdinal, WebCore::Style::ContainerQueryEvaluationState const*)::$_0::operator()(WebCore::Element const&, WebCore::Element const*) const + 120 2 WebCore 0x11a32db90 WebCore::Style::ContainerQueryEvaluator::selectContainer(WTF::OptionSet<WebCore::CQ::Axis>, WTF::String const&, WebCore::Element const&, WebCore::Style::ContainerQueryEvaluator::SelectionMode, WebCore::Style::ScopeOrdinal, WebCore::Style::ContainerQueryEvaluationState const*) + 464 3 WebCore 0x11a335a44 WebCore::Style::ElementRuleCollector::containerQueriesMatch(WebCore::Style::RuleData const&, WebCore::Style::MatchRequest const&) + 392 4 WebCore 0x11a3332c0 WebCore::Style::ElementRuleCollector::collectMatchingRulesForList(WTF::Vector<WebCore::Style::RuleData, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const*, WebCore::Style::MatchRequest const&) + 1944

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Safari Technology Preview

Hardware All

OS iOS 18

Product WebKit

Component CSS

Assignee

Nobody

Reported

2024-10-09 03:18 PDT

Modified

2024-10-14 12:56 PDT History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks

148695

Dependencies

tree graph