Bug 261421

Summary: REGRESSION(267280@main): costco.com crash in WebCore::ShorthandSerializer::serializeGridTemplate const
Product: WebKit Reporter: Sammy Gill <sgill26>
Component: CSSAssignee: Sammy Gill <sgill26>
Status: RESOLVED FIXED    
Severity: Normal CC: w0nka, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://github.com/web-platform-tests/wpt/pull/41946
Attachments:
Description Flags
Testcase none

Description Sammy Gill 2023-09-11 11:41:25 PDT 
Created attachment 467643 [details]
Testcase

Costco's checkout page uses element.TextContent = "" and this ends up disconnecting some nodes from the tree. When the ShorthandSerializer tries to get the value for each of the longhands of grid-template, the ComputedStyleExtractor is unable to resolve the RenderStyle to use via computeRenderStyleForProperty and returns nullptr for the longhand value. This results in a hard nullptr deref ShorthandSerializer::longhandValue
Comment 1 Sammy Gill 2023-09-11 11:42:15 PDT 
rdar://115046351
Comment 2 Sammy Gill 2023-09-11 11:54:04 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/17661
Comment 3 Sammy Gill 2023-09-12 14:10:09 PDT 
Submitted web-platform-tests pull request: https://github.com/web-platform-tests/wpt/pull/41946
Comment 4 EWS 2023-09-14 09:19:48 PDT 
Committed 267989@main (7d7be769ce2d): <https://commits.webkit.org/267989@main>

Reviewed commits have been landed. Closing PR #17661 and removing active labels.
Comment 5 Sammy Gill 2023-09-25 11:45:40 PDT 
*** Bug 261760 has been marked as a duplicate of this bug. ***