Bug 252302

Summary:	ASSERT_NOT_REACHED in ImageOverlay updateSubtree()
Product:	WebKit	Reporter:	Jean-Yves Avenard [:jya] <jean-yves.avenard>
Component:	Platform	Assignee:	Nobody <webkit-unassigned>
Status:	NEW ---
Severity:	Normal	CC:	webkit-bug-importer, wenson_hsieh
Priority:	P2	Keywords:	InRadar, Regression
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	235598
Bug Blocks:

Description Jean-Yves Avenard [:jya] 2023-02-15 00:32:47 PST

STR: 
In a debug build,
Create a video element, don't have the controls showing.
Right click on the video element to show the control menu.

Result:
Assertion
ASSERT_NOT_REACHED in updateSubTree
https://searchfox.org/wubkat/rev/6312ca8a662145d355274780bbf68b6ce735d8e8/Source/WebCore/dom/ImageOverlay.cpp#266

```
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
    frame #0: 0x00000001300a8aa0 JavaScriptCore`::WTFCrash() at Assertions.cpp:327:35
    frame #1: 0x00000001460f48d4 WebCore`WTFCrashWithInfo((null)=266, (null)="/Users/jyavenard/Work/webkit/OpenSource/Source/WebCore/dom/ImageOverlay.cpp", (null)="auto WebCore::ImageOverlay::updateSubtree(WebCore::HTMLElement &, const WebCore::TextRecognitionResult &)::(anonymous class)::operator()() const", (null)=2340) at Assertions.h:758:5
  * frame #2: 0x000000014932dee4 WebCore`WebCore::ImageOverlay::updateSubtree(this=0x000000016fa9d660)::$_11::operator()() const at ImageOverlay.cpp:266:13
    frame #3: 0x00000001493290d4 WebCore`WebCore::ImageOverlay::updateSubtree(element=0x000000013b004720, result=0x000000016fa9dda0) at ImageOverlay.cpp:258:30
    frame #4: 0x0000000149327ef0 WebCore`WebCore::ImageOverlay::updateWithTextRecognitionResult(element=0x000000013b004720, result=0x000000016fa9dda0, cacheTextRecognitionResults=Yes) at ImageOverlay.cpp:494:21
    frame #5: 0x00000001165691e8 WebKit`auto WebKit::WebPage::requestTextRecognition(this=0x00000001030d8428, result=0x000000016fa9dda0)>&&)::$_26::operator()<WebCore::TextRecognitionResult>(WebCore::TextRecognitionResult&&) const at WebPage.cpp:8036:9
    frame #6: 0x00000001165690f0 WebKit`decltype(__f=0x00000001030d8428, __args=0x000000016fa9dda0)>&&)::$_26>()(std::declval<WebCore::TextRecognitionResult>())) std::__1::__invoke[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, WebCore::TextRecognitionResult>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, WebCore::TextRecognitionResult&&) at invoke.h:394:23
    frame #7: 0x00000001165690c0 WebKit`decltype(__f=0x00000001030d8428, __t=size=1, (null)=__tuple_indices<0UL> @ 0x000000016fa9dd3f) std::__1::__apply_tuple_impl[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, std::__1::tuple<WebCore::TextRecognitionResult>, 0ul>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, std::__1::tuple<WebCore::TextRecognitionResult>&&, std::__1::__tuple_indices<0ul>) at tuple:1789:1
    frame #8: 0x0000000116568a88 WebKit`decltype(__f=0x00000001030d8428, __t=size=1) std::__1::apply[abi:v15006]<WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26, std::__1::tuple<WebCore::TextRecognitionResult> >(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, std::__1::tuple<WebCore::TextRecognitionResult>&&) at tuple:1798:1
    frame #9: 0x00000001165688f4 WebKit`void IPC::Connection::callReply<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(decoder=0x0000000103064180, completionHandler=0x00000001030d8428)>&&)::$_26&&) at Connection.h:704:13
    frame #10: 0x0000000116568884 WebKit`IPC::Connection::AsyncReplyHandler IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(this=0x00000001030d8428, decoder=0x0000000103064180)>&&)::$_26&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Decoder*)::operator()(IPC::Decoder*) at Connection.h:687:21
    frame #11: 0x0000000116568794 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::AsyncReplyHandler IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::RequestTextRecognition, WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26>(WebKit::WebPage::requestTextRecognition(WebCore::Element&, WebCore::TextRecognitionOptions&&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&&)>&&)::$_26&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(this=0x00000001030d8420, in=0x0000000103064180) at Function.h:53:39
    frame #12: 0x000000011539b7cc WebKit`WTF::Function<void (IPC::Decoder*)>::operator(this=0x000000016fa9dea8, in=0x0000000103064180)(IPC::Decoder*) const at Function.h:82:35
    frame #13: 0x00000001153848e0 WebKit`WTF::CompletionHandler<void (IPC::Decoder*)>::operator(this=0x000000016fa9df20, in=0x0000000103064180)(IPC::Decoder*) at CompletionHandler.h:75:16
    frame #14: 0x0000000116a7b434 WebKit`IPC::Connection::dispatchMessage(this=0x000000010303c840, decoder=0x0000000103064180) at Connection.cpp:1179:9
    frame #15: 0x0000000116a7ba3c WebKit`IPC::Connection::dispatchMessage(this=0x000000010303c840, message=IPC::Decoder @ 0x0000000103064180) at Connection.cpp:1245:9
    frame #16: 0x0000000116a7bd78 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000010303c840) at Connection.cpp:1310:5
    frame #17: 0x0000000116a99a54 WebKit`IPC::Connection::enqueueIncomingMessage(this=0x0000000103068348)::$_17::operator()() const at Connection.cpp:1159:28
    frame #18: 0x0000000116a99994 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_17, void>::call(this=0x0000000103068340) at Function.h:53:39
    frame #19: 0x00000001300d1128 JavaScriptCore`WTF::Function<void ()>::operator(this=0x000000016fa9e0c0)() const at Function.h:82:35
    frame #20: 0x0000000130169850 JavaScriptCore`WTF::RunLoop::performWork(this=0x0000000103010100) at RunLoop.cpp:147:9
    frame #21: 0x000000013016ded4 JavaScriptCore`WTF::RunLoop::performWork(context=0x0000000103010100) at RunLoopCF.cpp:46:37
    frame #22: 0x000000018821a884 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
    frame #23: 0x000000018821a818 CoreFoundation`__CFRunLoopDoSource0 + 176
    frame #24: 0x000000018821a588 CoreFoundation`__CFRunLoopDoSources0 + 244
    frame #25: 0x0000000188219190 CoreFoundation`__CFRunLoopRun + 828
    frame #26: 0x0000000188218700 CoreFoundation`CFRunLoopRunSpecific + 612
    frame #27: 0x00000001891929bc Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
    frame #28: 0x000000018920b37c Foundation`-[NSRunLoop(NSRunLoop) run] + 64
    frame #29: 0x0000000187e8a5a0 libxpc.dylib`_xpc_objc_main + 860
    frame #30: 0x0000000187e89ec0 libxpc.dylib`xpc_main + 108
    frame #31: 0x00000001149fbde8 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016fa9f588) at XPCServiceMain.mm:207:5
    frame #32: 0x0000000116a4c2f4 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016fa9f588) at WKMain.mm:35:12
    frame #33: 0x0000000100363f9c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016fa9f588) at AuxiliaryProcessMain.cpp:30:12
    frame #34: 0x0000000187de3f28 dyld`start + 2236
```

Comment 1 Radar WebKit Bug Importer 2023-02-15 00:33:12 PST

<rdar://problem/105486027>

Comment 2 Radar WebKit Bug Importer 2023-02-15 00:34:33 PST

<rdar://problem/105486068>

Comment 3 Jean-Yves Avenard [:jya] 2023-02-15 00:39:16 PST

Test case added:
https://jyavenard.github.io/htmltests/tests/252302/index.html