Bug 263381

Summary:	Regression(269372@main) Crash under SVGPathElement::attributeChanged() after memory pressure
Product:	WebKit	Reporter:	Chris Dumez <cdumez>
Component:	SVG	Assignee:	Chris Dumez <cdumez>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	sabouhallawa, webkit-bug-importer, zimmermann
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Description Chris Dumez 2023-10-19 09:33:22 PDT

Crash under SVGPathElement::attributeChanged() after memory pressure caused by 269372@main:
```
Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                       	       0x283372c2c WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::size() const + 12 (Vector.h:782)
1   WebCore                       	       0x285e94650 WebCore::SVGPathElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 540 (SVGPathElement.cpp:80)
2   WebCore                       	       0x283c66d14 WebCore::Element::notifyAttributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 120 (Element.cpp:2088)
3   WebCore                       	       0x283c6a090 WebCore::Element::parserSetAttributes(std::__1::span<WebCore::Attribute const, 18446744073709551615ul>) + 696 (Element.cpp:2535)
4   WebCore                       	       0x2843ebe6c WebCore::setAttributes(WebCore::Element&, WTF::Vector<WebCore::Attribute, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::HasDuplicateAttribute, WTF::OptionSet<WebCore::ParserContentPolicy>) + 132 (HTMLConstructionSite.cpp:73)
5   WebCore                       	       0x2843e8734 WebCore::setAttributes(WebCore::Element&, WebCore::AtomHTMLToken&, WTF::OptionSet<WebCore::ParserContentPolicy>) + 112 (HTMLConstructionSite.cpp:79)
6   WebCore                       	       0x2843ec760 WebCore::HTMLConstructionSite::createElement(WebCore::AtomHTMLToken&, WTF::AtomString const&) + 164 (HTMLConstructionSite.cpp:768)
7   WebCore                       	       0x2843ec5c0 WebCore::HTMLConstructionSite::insertForeignElement(WebCore::AtomHTMLToken&&, WTF::AtomString const&) + 244 (HTMLConstructionSite.cpp:632)
```

Comment 1 Chris Dumez 2023-10-19 09:33:32 PDT

<rdar://117176058>

Comment 2 Chris Dumez 2023-10-19 09:36:36 PDT

Pull request: https://github.com/WebKit/WebKit/pull/19284

Comment 3 EWS 2023-10-19 15:12:58 PDT

Committed 269547@main (ec2d23a0902a): <https://commits.webkit.org/269547@main>

Reviewed commits have been landed. Closing PR #19284 and removing active labels.