Bug 123354

Summary:

fast/frames/seamless/seamless-nested-crash.html asserts on wk2 only

Product:

WebKit

Reporter:

Antti Koivisto <koivisto>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED CONFIGURATION CHANGED

Severity:

Normal

CC:

ahmad.saleem792, commit-queue, esprehn+autocc, glenn, koivisto, kondapallykalyan, mark.lam, mmaxfield, simon.fraser

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	kling: review+

Antti Koivisto

Reported 2013-10-25 11:59:33 PDT

http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r158013%20(13677)/fast/frames/seamless/seamless-nested-crash-crash-log.txt Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 0000000101985000-0000000101986000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: CRASHING TEST: fast/frames/seamless/seamless-nested-crash.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001039cac1a WTFCrash + 42 (Assertions.cpp:342) 1 com.apple.WebCore 0x000000010642fde3 WebCore::RenderBlockFlow::ensureLineBoxes() + 531 (RenderBlockFlow.cpp:3052) 2 com.apple.WebCore 0x0000000105ea13b0 WebCore::RenderText::ensureLineBoxes() + 80 (RenderText.cpp:1057) 3 com.apple.WebCore 0x0000000105ea16a4 WebCore::RenderText::absoluteQuads(WTF::Vector<WebCore::FloatQuad, 0ul, WTF::CrashOnOverflow>&, bool*) const + 36 (RenderText.cpp:313) 4 com.apple.WebCore 0x0000000105dc7e34 WebCore::RenderObject::absoluteBoundingBoxRect(bool) const + 100 (RenderObject.cpp:1146) 5 com.apple.WebCore 0x0000000105b0544e WebCore::Node::boundingBox() const + 78 (Node.cpp:659) 6 com.apple.WebKit2 0x0000000101dba8b8 WebCore::Node::pixelSnappedBoundingBox() const + 24 (Node.h:375) 7 com.apple.WebKit2 0x0000000101dba4d7 WebKit::WebHitTestResult::Data::elementBoundingBoxInWindowCoordinates(WebCore::HitTestResult const&) + 167 (WebHitTestResult.cpp:105) 8 com.apple.WebKit2 0x0000000101dba3f6 WebKit::WebHitTestResult::Data::Data(WebCore::HitTestResult const&) + 406 (WebHitTestResult.cpp:53) 9 com.apple.WebKit2 0x0000000101dba24d WebKit::WebHitTestResult::Data::Data(WebCore::HitTestResult const&) + 29 (WebHitTestResult.cpp:56) 10 com.apple.WebKit2 0x0000000101d06198 WebKit::WebChromeClient::mouseDidMoveOverElement(WebCore::HitTestResult const&, unsigned int) + 104 (WebChromeClient.cpp:561) 11 com.apple.WebCore 0x0000000104ae728b WebCore::Chrome::mouseDidMoveOverElement(WebCore::HitTestResult const&, unsigned int) + 187 (Chrome.cpp:388) 12 com.apple.WebCore 0x0000000104f65497 WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) + 471 (EventHandler.cpp:1704) 13 com.apple.WebKit2 0x0000000101e17088 WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*, bool) + 408 (WebPage.cpp:1580) 14 com.apple.WebKit2 0x0000000101e17334 WebKit::WebPage::mouseEventSyncForTesting(WebKit::WebMouseEvent const&, bool&) + 596 (WebPage.cpp:1649) 15 com.apple.WebKit2 0x0000000101e6bf0f void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)

Attachments
patch (4.02 KB, patch) 2013-10-26 08:31 PDT, Antti Koivisto	kling: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Antti Koivisto

Comment 1 2013-10-25 12:06:06 PDT

Skipped temporarily in https://trac.webkit.org/r158031

Antti Koivisto

Comment 2 2013-10-26 08:31:41 PDT

Created attachment 215249 [details] patch

Andreas Kling

Comment 3 2013-10-26 08:37:42 PDT

Comment on attachment 215249 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=215249&action=review OK > Source/WebCore/ChangeLog:12 > + to use the primary font metrics for all lines but those wont match the fallbacks won't

Mark Lam

Comment 4 2013-10-26 09:10:46 PDT

This broke the build: http://build.webkit.org/builders/Apple%20MountainLion%20Debug%20%28Build%29/builds/17795/steps/compile-webkit/logs/stdio Fixed in r158086: <http://trac.webkit.org/r158086>.

Mark Lam

Comment 5 2013-10-26 09:12:32 PDT

(In reply to comment #4) > This broke the build: > http://build.webkit.org/builders/Apple%20MountainLion%20Debug%20%28Build%29/builds/17795/steps/compile-webkit/logs/stdio > > Fixed in r158086: <http://trac.webkit.org/r158086>. FYI, the commit that broke the build is r158085: <http://trac.webkit.org/r158085>.

Myles C. Maxfield

Comment 6 2016-01-25 13:03:44 PST

r158085 - RefPtr<SimpleFontData>& fontData = m_fontDataTable.add(hashKey, nullptr).iterator->value; + RefPtr<SimpleFontData> fontData = m_fontDataTable.add(hashKey, nullptr).iterator->value; Means that we no longer add anything to the cache (ever!)

Ahmad Saleem

Comment 7 2023-12-23 05:39:28 PST

iframe 'seamless' support is gone and this test was removed as well: https://github.com/WebKit/WebKit/commit/3e2010a853456a8ad1e097897ef35ff5b54b2877 Nothing to do here.

Note You need to log in before you can comment on or make changes to this bug.