Bug 263288

Summary: Regression(269372@main) Crash under SVGPathElement::attributeChanged()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: SVGAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: sabouhallawa, webkit-bug-importer, zimmermann
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 263195    

Chris Dumez
Reported 2023-10-17 15:08:08 PDT
Crash under SVGPathElement::attributeChanged(): ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x111aa4e74 WebCore::SVGPathElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 1500 1 WebCore 0x110bab550 WebCore::Element::parserSetAttributes(std::__1::span<WebCore::Attribute const, 18446744073709551615ul>) + 1044 2 WebCore 0x110f86e78 WebCore::HTMLConstructionSite::insertForeignElement(WebCore::AtomHTMLToken&&, WTF::AtomString const&) + 264 3 WebCore 0x110fb0a90 WebCore::HTMLTreeBuilder::processTokenInForeignContent(WebCore::AtomHTMLToken&&) + 1020 4 WebCore 0x110fb0480 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomHTMLToken&&) + 200 5 WebCore 0x10f4ca8e4 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 560 6 WebCore 0x110f88134 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString&&) + 208 ```
Attachments
Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2023-10-17 15:08:16 PDT
<rdar://117091905>
Chris Dumez
Comment 2 2023-10-17 15:11:05 PDT
Pull request: https://github.com/WebKit/WebKit/pull/19194
EWS
Comment 3 2023-10-17 16:19:24 PDT
Committed 269431@main (386d03be6b4c): <https://commits.webkit.org/269431@main> Reviewed commits have been landed. Closing PR #19194 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.