Bug 263100

Summary: Nullptr crash in elementCannotHaveEndTag
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Ryosuke Niwa 2023-10-12 18:13:23 PDT 
e.g.

0   WebCore                       	       0x1a63261b0 WebCore::elementCannotHaveEndTag(WebCore::Node const&) + 25534896
1   WebCore                       	       0x1a6325c68 WebCore::MarkupAccumulator::serializeNodesWithNamespaces(WebCore::Node&, WebCore::SerializedNodes, WTF::HashMap<WTF::AtomString, WTF::AtomStringImpl*, WTF::DefaultHash<WTF::AtomString>, WTF::HashTraits<WTF::AtomString>, WTF::HashTraits<WTF::AtomStringImpl*>, WTF::HashTableTraits> const*, WTF::Vector<WebCore::QualifiedName, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*) + 25533544
2   WebCore                       	       0x1a63942e8 WebCore::MarkupAccumulator::serializeNodes(WebCore::Node&, WebCore::SerializedNodes, WTF::Vector<WebCore::QualifiedName, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*) + 25985768 [inlined]
3   WebCore                       	       0x1a63942e8 WebCore::serializeFragment(WebCore::Node const&, WebCore::SerializedNodes, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WebCore::ResolveURLs, WTF::Vector<WebCore::QualifiedName, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, std::__1::optional<WebCore::SerializationSyntax>) + 25985768
4   WebCore                       	       0x1a5133f48 WebCore::Element::innerHTML() const + 6717256 [inlined]
5   WebCore                       	       0x1a5133f48 WebCore::jsElement_innerHTMLGetter(JSC::JSGlobalObject&, WebCore::JSElement&) + 6717256 [inlined]
6   WebCore                       	       0x1a5133f48 long long WebCore::IDLAttribute<WebCore::JSElement>::get<&(WebCore::jsElement_innerHTMLGetter(JSC::JSGlobalObject&, WebCore::JSElement&)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName) + 6717256 [inlined]
7   WebCore                       	       0x1a5133f48 WebCore::jsElement_innerHTML(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 6717256
8   JavaScriptCore                	       0x1a19dc5fc WTF::FunctionPtr<(WTF::PtrTag)28802, long long (JSC::JSGlobalObject*, long long, JSC::PropertyName), 

<rdar://116331745>
Comment 1 Ryosuke Niwa 2023-10-12 18:17:48 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/19035
Comment 2 EWS 2023-10-13 14:57:28 PDT 
Committed 269320@main (a32bbf9a6209): <https://commits.webkit.org/269320@main>

Reviewed commits have been landed. Closing PR #19035 and removing active labels.