Bug 260038

Summary: Crash under ReportingScope::unregisterReportingObserver()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Chris Dumez 2023-08-10 13:28:34 PDT 
Crash under ReportingScope::unregisterReportingObserver():

```
      23 WTF::RefCountedBase::ref() const <==
        23 WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >::Ref(WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> > const&)
          23 WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >::Ref(WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> > const&)
            23 bool WTF::Vector<WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::removeFirstMatching<WebCore::ReportingScope::unregisterReportingObserver(WebCore::ReportingObserver&)::$_2>(WebCore::ReportingScope::unregisterReportingObserver(WebCore::ReportingObserver&)::$_2 const&, unsigned long)
              23 WebCore::ReportingScope::unregisterReportingObserver(WebCore::ReportingObserver&)
                23 WebCore::ReportingObserver::disconnect()
                  23 WebCore::ReportingObserver::~ReportingObserver()
                    23 WebCore::ReportingObserver::~ReportingObserver()
                      23 std::__1::default_delete<WebCore::ReportingObserver>::operator()[abi:v160002](WebCore::ReportingObserver*) const
                        23 WTF::RefCounted<WebCore::ReportingObserver, std::__1::default_delete<WebCore::ReportingObserver> >::deref() const
                          23 WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >::~Ref()
                            23 WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >::~Ref()
                              23 WTF::VectorDestructor<true, WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> > >::destruct(WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >*, WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >*)
                                23 WTF::VectorTypeOperations<WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> > >::destruct(WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >*, WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >*)
                                  23 WTF::Vector<WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::shrink(unsigned long)
                                    23 WTF::Vector<WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::shrinkCapacity(unsigned long)
                                      23 WTF::Vector<WTF::Ref<WebCore::ReportingObserver, WTF::RawPtrTraits<WebCore::ReportingObserver> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::clear()
                                        23 WebCore::ReportingScope::removeAllObservers()
                                          23 WebCore::Document::removeAllEventListeners()
```
Comment 1 Chris Dumez 2023-08-10 13:28:43 PDT 
<rdar://113533957>
Comment 2 Chris Dumez 2023-08-10 13:33:55 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/16578
Comment 3 EWS 2023-08-10 16:43:50 PDT 
Committed 266791@main (a7dc74b15bbc): <https://commits.webkit.org/266791@main>

Reviewed commits have been landed. Closing PR #16578 and removing active labels.