127775 2014-01-28 06:45:18 -0800 ASSERTION FAILED: from.y() <= to.y() in WebCore::RenderMathMLOperator::fillWithExtensionGlyph 2016-08-03 14:03:26 -0700 1 1 1 Unclassified WebKit MathML 528+ (Nightly build) PC Linux RESOLVED WORKSFORME P2 Normal --- 153991 116980 1 mhodovan.u-szeged webkit-unassigned bfulgham fred.wang hyatt mrobinson rhodovan.u-szeged oldest_to_newest 972895 0 mhodovan.u-szeged 2014-01-28 06:45:18 -0800 The failing test case: <math xmlns="http://www.w3.org/1998/Math/MathML"> <mn style="font-size: 45px">1</mn> <msup> <mo>)</mo> </math> Note: the assert fails only in case of 45px or larger font-size. The error message: ASSERTION FAILED: from.y() <= to.y() /home/martin/Data/WebKit/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp(320) : void WebCore::RenderMathMLOperator::fillWithExtensionGlyph(WebCore::PaintInfo&, const WebCore::LayoutPoint&, const WebCore::LayoutPoint&) Program received signal SIGSEGV, Segmentation fault. The backtrace: #1 0x00007ffff1381cfe in WebCore::RenderMathMLOperator::fillWithExtensionGlyph (this=0x6b7540, info=..., from=..., to=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp:320 #2 0x00007ffff138296a in WebCore::RenderMathMLOperator::paint (this=0x6b7540, info=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp:392 #3 0x00007ffff1185cc9 in WebCore::RenderBlock::paintChild (this=0x968c60, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2424 #4 0x00007ffff12356cd in WebCore::RenderFlexibleBox::paintChildren (this=0x968c60, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderFlexibleBox.cpp:343 #5 0x00007ffff118586c in WebCore::RenderBlock::paintContents (this=0x968c60, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2387 #6 0x00007ffff118649f in WebCore::RenderBlock::paintObject (this=0x968c60, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2510 #7 0x00007ffff1183f21 in WebCore::RenderBlock::paint (this=0x968c60, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2187 #8 0x00007ffff1185cc9 in WebCore::RenderBlock::paintChild (this=0xa548a0, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2424 #9 0x00007ffff12356cd in WebCore::RenderFlexibleBox::paintChildren (this=0xa548a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderFlexibleBox.cpp:343 #10 0x00007ffff118586c in WebCore::RenderBlock::paintContents (this=0xa548a0, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2387 #11 0x00007ffff118649f in WebCore::RenderBlock::paintObject (this=0xa548a0, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2510 #12 0x00007ffff1183f21 in WebCore::RenderBlock::paint (this=0xa548a0, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2187 #13 0x00007ffff1185cc9 in WebCore::RenderBlock::paintChild (this=0xa54600, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2424 #14 0x00007ffff12356cd in WebCore::RenderFlexibleBox::paintChildren (this=0xa54600, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderFlexibleBox.cpp:343 #15 0x00007ffff118586c in WebCore::RenderBlock::paintContents (this=0xa54600, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2387 #16 0x00007ffff118649f in WebCore::RenderBlock::paintObject (this=0xa54600, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2510 #17 0x00007ffff1183f21 in WebCore::RenderBlock::paint (this=0xa54600, paintInfo=..., paintOffset=...) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2187 #18 0x00007ffff128a625 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=0xa524a0, phase=WebCore::PaintPhaseForeground, layerFragments=..., context=0x715370, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4477 #19 0x00007ffff128a236 in WebCore::RenderLayer::paintForegroundForFragments (this=0xa524a0, layerFragments=..., context=0x715370, transparencyLayerContext=0x715370, transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4441 #20 0x00007ffff1288b32 in WebCore::RenderLayer::paintLayerContents (this=0xa524a0, context=0x715370, paintingInfo=..., paintFlags=224) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4162 #21 0x00007ffff1287bca in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0xa524a0, context=0x715370, paintingInfo=..., paintFlags=224) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3858 #22 0x00007ffff1287a92 in WebCore::RenderLayer::paintLayer (this=0xa524a0, context=0x715370, paintingInfo=..., paintFlags=224) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3839 #23 0x00007ffff12891bb in WebCore::RenderLayer::paintList (this=0x92b4c0, list=0x7452a0, context=0x715370, paintingInfo=..., paintFlags=224) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4255 #24 0x00007ffff1288bf5 in WebCore::RenderLayer::paintLayerContents (this=0x92b4c0, context=0x715370, paintingInfo=..., paintFlags=224) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4173 #25 0x00007ffff1287bca in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x92b4c0, context=0x715370, paintingInfo=..., paintFlags=0) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3858 #26 0x00007ffff1287a92 in WebCore::RenderLayer::paintLayer (this=0x92b4c0, context=0x715370, paintingInfo=..., paintFlags=0) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3839 #27 0x00007ffff1286c4c in WebCore::RenderLayer::paint (this=0x92b4c0, context=0x715370, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3623 #28 0x00007ffff0ee30e4 in WebCore::FrameView::paintContents (this=0x8b67e0, p=0x715370, rect=...) at /home/martin/Data/WebKit/Source/WebCore/page/FrameView.cpp:3497 #29 0x00007ffff0f8b403 in WebCore::ScrollView::paint (this=0x8b67e0, context=0x715370, rect=...) at /home/martin/Data/WebKit/Source/WebCore/platform/ScrollView.cpp:1162 #30 0x00007ffff7b4ca05 in ewk_paint_context_paint (context=0x87f530, view=0x8b67e0, area=0x6b8748) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_paint_context.cpp:179 #31 0x00007ffff7b6e0a5 in ewk_view_paint (priv=0x886c90, context=0x87f530, area=0x6b8748) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:3019 #32 0x00007ffff7b5629f in _ewk_view_smart_repaints_process (smartData=0x8868a0) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:1210 #33 0x00007ffff7b56643 in _ewk_view_smart_calculate (ewkView=0x772710) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:1281 #34 0x00007ffff6969124 in evas_call_smarts_calculate (e=0x914e00) at evas_object_smart.c:838 #35 0x00007ffff69926a7 in evas_render_updates_internal (e=0x914e00, make_updates=make_updates@entry=1 '\001', do_draw=do_draw@entry=1 '\001') at evas_render.c:1255 #36 0x00007ffff6994fd9 in evas_render_updates (e=<optimized out>) at evas_render.c:1708 #37 0x00007ffff734adb4 in _ecore_evas_x_render (ee=0x8844c0) at ecore_evas_x.c:288 #38 0x00007ffff7347c31 in _ecore_evas_idle_enter (data=<optimized out>) at ecore_evas.c:59 #39 0x00007ffff756fef9 in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at ecore_private.h:267 #40 _ecore_idle_enterer_call () at ecore_idle_enterer.c:168 #41 0x00007ffff75716ab in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1848 #42 0x00007ffff7571d57 in ecore_main_loop_begin () at ecore_main.c:956 #43 0x00000000004068e7 in main (argc=2, argv=0x7fffffffde48) at /home/martin/Data/WebKit/Tools/EWebLauncher/main.c:1008 972896 1 222440 mhodovan.u-szeged 2014-01-28 06:48:11 -0800 Created attachment 222440 Test case 1205928 2 fred.wang 2016-06-28 00:24:27 -0700 @Martin: This code has changed a lot recently. Do you still see this ASSERTION? 1217166 3 bfulgham 2016-08-03 14:03:26 -0700 This issue no longer occurs under GuardMalloc or ASAN as of r204037. If you believe there is still a bug, please reopen this issue with a revised test case. 222440 2014-01-28 06:48:11 -0800 2014-01-28 06:48:11 -0800 Test case test.xhtml application/xhtml+xml 164 mhodovan.u-szeged PG1hdGggeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTgvTWF0aC9NYXRoTUwiPiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCgk8bW4gc3R5bGU9ImZv bnQtc2l6ZTogNDVweCI+MTwvbW4+Cgk8bXN1cD4KCTxtbz4pPC9tbz4gCjwvbWF0aD4=