Web+ Rebased crashes when loading the Haiku HIG page

[humdinger]

This is hrev54801, 64bit.

Web+ (Rebased: 90d5fec996134cc8bda5e73ce770ec0a13d2197b, Dec. 6th 2020) crashes reproducibly when showing the ​HIG page (full debug report attached):

state: Exception (Segment violation)

Frame		IP			Function Name
-----------------------------------------------
0x7f67a3ad1030	0x185bced2220	WebCore::RenderStyle::clone(WebCore::RenderStyle const&) + 0 
	Disassembly:
		WebCore::RenderStyle::clone(WebCore::RenderStyle const&):
		0x00000185bced2220:           488b16  mov (%rsi), %rdx <--

	Frame memory:
		[0x7f67a3ad1028]  ........   fc 95 e1 bc 85 01 00 00
0x7f67a3ad1140	0x185bce195f7	WebCore::RenderListItem::computeMarkerStyle() const + 0x47 
0x7f67a3ad1200	0x185bcf3a231	WebCore::RenderTreeBuilder::List::updateItemMarker(WebCore::RenderListItem&) + 0x41 
0x7f67a3ad1220	0x185bcf3512b	WebCore::RenderTreeBuilder::updateAfterDescendants(WebCore::RenderElement&) + 0x8b 
0x7f67a3ad1250	0x185bcf404dc	WebCore::RenderTreeUpdater::updateAfterDescendants(WebCore::Element&, WebCore::Style::ElementUpdates const*) + 0x4c 
0x7f67a3ad1290	0x185bcf40549	WebCore::RenderTreeUpdater::popParent() + 0x39 
0x7f67a3ad12b0	0x185bcf405fb	WebCore::RenderTreeUpdater::popParentsToDepth(unsigned int) + 0x1b 
0x7f67a3ad3a10	0x185bcf411d4	WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) + 0x514 
0x7f67a3ad3ac0	0x185bcf41b26	WebCore::RenderTreeUpdater::commit(std::unique_ptr<WebCore::Style::Update const, std::default_delete<WebCore::Style::Update const> >) + 0x326 
0x7f67a3ad3bd0	0x185bc671bc4	WebCore::Document::updateRenderTree(std::unique_ptr<WebCore::Style::Update const, std::default_delete<WebCore::Style::Update const> >) + 0x74 
0x7f67a3ad40d0	0x185bc69598a	WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 0x2fa 
0x7f67a3ad4110	0x185bc695fc5	WebCore::Document::updateStyleIfNeeded() + 0x125 
0x7f67a3ad4160	0x185bc69d62f	WebCore::Document::implicitClose() + 0x2cf 
0x7f67a3ad4190	0x185bca2ae10	WebCore::FrameLoader::checkCompleted() + 0x100 
0x7f67a3ad41d0	0x185bca8f24e	WebCore::CachedResourceLoader::loadDone(WebCore::LoadCompletionType, bool) + 0x5e 
0x7f67a3ad41f0	0x185bca5a476	WebCore::SubresourceLoader::notifyDone(WebCore::LoadCompletionType) + 0x36 
0x7f67a3ad4320	0x185bca697fc	WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 0x17c 
0x7f67a3ad4410	0x185bca4c660	WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 0x130 
0x7f67a3ad44d0	0x185bd89f7e0	WebCore::BUrlProtocolHandler::RequestCompleted(BUrlRequest*, bool) + 0x2a0 
0x7f67a3ad4590	0x3f666f8146	BUrlProtocolAsynchronousListener::MessageReceived(BMessage*) + 0x166 
0x7f67a3ad47e0	0xb052e33dce	BApplication::DispatchMessage(BMessage*, BHandler*) + 0x1ae 
0x7f67a3ad4830	0xb052e3b1d6	BLooper::task_looper() + 0x266 
0x7f67a3ad4850	0xb052e30fbc	BApplication::Run() + 0x1c 
0x7f67a3ad4870	0xc620328f39	main + 0x29 
0x7f67a3ad48a0	0xc620329119	_start + 0x39 
0x7f67a3ad48d0	0x1f7f2e57503	runtime_loader + 0x103 
00000000	0x7fa3bd720260	commpage_thread_exit + 0 

[humdinger]

crash showing the HIG page

[nephele]

This appears to be a webkit issue

# ./HaikuLauncher https://www.haiku-os.org/docs/HIG                         
Please note that you don't have secure memory on this system
ASSERTION FAILED: markerStyle
../../Source/WebCore/rendering/RenderListItem.cpp(65) : WebCore::RenderStyle WebCore::RenderListItem::computeMarkerStyle() const
Abort

[X512]

Is it regression?

[nephele]

The released Web+/Webkit combo on the nightlies does not crash for me on the same site, so it would appear so.

[pulkomandy]

I do not reproduce this problem with the current version (haikuwebkit 1.8.0). Can you reproduce?

[humdinger]

Seems to be fixed. No crash on WebKit 1.8.1. Thanks!