Bug 263381

Summary:	Regression(269372@main) Crash under SVGPathElement::attributeChanged() after memory pressure
Product:	WebKit	Reporter:	Chris Dumez <cdumez>
Component:	SVG	Assignee:	Chris Dumez <cdumez>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	sabouhallawa, webkit-bug-importer, zimmermann
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Chris Dumez

Reported 2023-10-19 09:33:22 PDT

Crash under SVGPathElement::attributeChanged() after memory pressure caused by 269372@main: ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x283372c2c WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::size() const + 12 (Vector.h:782) 1 WebCore 0x285e94650 WebCore::SVGPathElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 540 (SVGPathElement.cpp:80) 2 WebCore 0x283c66d14 WebCore::Element::notifyAttributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason) + 120 (Element.cpp:2088) 3 WebCore 0x283c6a090 WebCore::Element::parserSetAttributes(std::__1::span<WebCore::Attribute const, 18446744073709551615ul>) + 696 (Element.cpp:2535) 4 WebCore 0x2843ebe6c WebCore::setAttributes(WebCore::Element&, WTF::Vector<WebCore::Attribute, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::HasDuplicateAttribute, WTF::OptionSet<WebCore::ParserContentPolicy>) + 132 (HTMLConstructionSite.cpp:73) 5 WebCore 0x2843e8734 WebCore::setAttributes(WebCore::Element&, WebCore::AtomHTMLToken&, WTF::OptionSet<WebCore::ParserContentPolicy>) + 112 (HTMLConstructionSite.cpp:79) 6 WebCore 0x2843ec760 WebCore::HTMLConstructionSite::createElement(WebCore::AtomHTMLToken&, WTF::AtomString const&) + 164 (HTMLConstructionSite.cpp:768) 7 WebCore 0x2843ec5c0 WebCore::HTMLConstructionSite::insertForeignElement(WebCore::AtomHTMLToken&&, WTF::AtomString const&) + 244 (HTMLConstructionSite.cpp:632) ```

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2023-10-19 09:33:32 PDT

<rdar://117176058>

Chris Dumez

Comment 2 2023-10-19 09:36:36 PDT

Pull request: https://github.com/WebKit/WebKit/pull/19284

EWS

Comment 3 2023-10-19 15:12:58 PDT

Committed 269547@main (ec2d23a0902a): <https://commits.webkit.org/269547@main> Reviewed commits have been landed. Closing PR #19284 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.