serenity
serenity copied to clipboard
Published
20 hours ago •
SerenityOS
SerenityOS
Crash on lichess.org on nullptr dereference of layout_node()
Steps to reproduce:
- visit lichess.org
- click on "1 + 0" button
- 💥
It's a classic case of a dereference of a layout_node.
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
get_mask_type_of_svg () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/SVGMaskable.cpp:52
52 return mask_type_to_gfx_mask_kind(mask->layout_node()->computed_values().mask_type());
(gdb) bt
#0 get_mask_type_of_svg () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/SVGMaskable.cpp:52
#1 0x00007fede83f1c40 in Web::Painting::SVGGraphicsPaintable::get_mask_type() const ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/Painting/SVGGraphicsPaintable.h:56
#2 0x00007fede83f6cfe in paint () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:315
#3 0x00007fede83f6887 in paint_child () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:185
#4 0x00007fede83f8dbb in for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)> ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:228
#5 for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)> ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:221
#6 paint_descendants () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99
#7 operator()<Web::Painting::Paintable> () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:164
#8 0x00007fede83f8dbb in for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)> ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:228
#9 for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)> ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:221
#10 paint_descendants () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99
#11 operator()<Web::Painting::Paintable> () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:164
#12 0x00007fede83f680b in for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)> ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:228
#13 for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)>(void) ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:221
#14 0x00007fede83f667b in paint_descendants () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99
#15 paint_node_as_stacking_context () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:89
#16 0x00007fede83f73f0 in paint_internal () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:229
#17 0x00007fede83f7022 in paint () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:325
#18 0x00007fede83f6887 in paint_child () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:185
#19 0x00007fede83f897b in void Web::TreeNode<Web::Painting::Paintable>::for_each_child<Web::Painting::StackingContext::paint_descendants(Web::PaintContext&, Web::Painting::Paintable const&, Web::Painting::StackingContext::StackingContextPaintPhase)::$_0>(Web::Painting::StackingContext::paint_descendants(Web::PaintContext&, Web::Painting::Paintable const&, Web::Painting::StackingContext::StackingContextPaintPhase)::$_0) () at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:228
#20 0x00007fede83f7364 in for_each_child<(lambda at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99:30)> ()
at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibWeb/TreeNode.h:221
#21 paint_descendants () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:99
#22 paint_internal () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:213
#23 0x00007fede83f7022 in paint () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Painting/StackingContext.cpp:325
#24 0x00007fede826256c in paint () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/HTML/Navigable.cpp:2156
#25 0x0000560f21c4591c in paint () at /home/shannon/personal/serenity/Userland/Services/WebContent/PageClient.cpp:212
#26 0x0000560f21c48a53 in operator() () at /home/shannon/personal/serenity/Userland/Services/WebContent/PageClient.cpp:67
#27 call () at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/SafeFunction.h:133
#28 0x00007fede840ce30 in operator() () at /home/shannon/personal/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/SafeFunction.h:85
#29 operator() () at /home/shannon/personal/serenity/Userland/Libraries/LibWeb/Platform/TimerSerenity.cpp:23
#30 call () at /home/shannon/personal/serenity/Meta/Lagom/../../AK/Function.h:192
#31 0x00007fede6fc5fd9 in operator() () at /home/shannon/personal/serenity/Meta/Lagom/../../AK/Function.h:125
#32 0x00007fede6fc5525 in dispatch_event () at /home/shannon/personal/serenity/Userland/Libraries/LibCore/EventReceiver.cpp:162
#33 0x0000560f21c95e9d in qt_timer_fired () at /home/shannon/personal/serenity/Ladybird/Qt/EventLoopImplementationQt.cpp:88
#34 operator() () at /home/shannon/personal/serenity/Ladybird/Qt/EventLoopImplementationQt.cpp:102
#35 call () at /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:146
#36 call<QtPrivate::List<>, void> () at /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:256
#37 impl () at /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:420
--Type <RET> for more, q to quit, c to continue without paging--c
#38 0x00007fede984f023 in ?? () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#39 0x00007fede985d4be in QTimer::timeout(QTimer::QPrivateSignal) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#40 0x00007fede984362f in QObject::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#41 0x00007fede97f6a2d in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#42 0x00007fede995f203 in QTimerInfoList::activateTimers() () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#43 0x00007fede9a1ec44 in ?? () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#44 0x00007fede5dead3b in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#45 0x00007fede5e40258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#46 0x00007fede5de83e3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#47 0x00007fede9a1eeae in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#48 0x00007fede9803adb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#49 0x00007fede6fbe963 in exec () at /home/shannon/personal/serenity/Userland/Libraries/LibCore/EventLoop.cpp:88
#50 0x0000560f21c9ea75 in serenity_main () at /home/shannon/personal/serenity/Ladybird/WebContent/main.cpp:171
#51 0x0000560f21ca0252 in main () at /home/shannon/personal/serenity/Userland/Libraries/LibMain/Main.cpp:39
