Bug 132870

Summary: ASSERTION FAILED: leftCategory != CalcOther && rightCategory != CalcOther in WebCore::CSSCalcBinaryOperation::createSimplified
Product: WebKit Reporter: Martin Hodovan <mhodovan.u-szeged>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, darin, esprehn+autocc, giles_joplin, glenn, gyuyoung.kim, kling, krit, macpherson, menard, simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 134059    
Bug Blocks:    
Attachments:
Description Flags
Proposed patch none

Martin Hodovan
Reported 2014-05-13 08:49:09 PDT
The failing test case: <style> * { width: calc(300hz/2); } </style>> The output: ASSERTION FAILED: leftCategory != CalcOther && rightCategory != CalcOther /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp(338) : static WTF::PassRefPtr<WebCore::CSSCalcExpressionNode> WebCore::CSSCalcBinaryOperation::createSimplified(WebCore::CalcOperator, WTF::PassRefPtr<WebCore::CSSCalcExpressionNode>, WTF::PassRefPtr<WebCore::CSSCalcExpressionNode>) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff92d86700 (LWP 24135)] 0x00007ffff583cd31 in WTFCrash () at /home/martin/Data/WebKit/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; The backtrace: #1 0x00007ffff0bda29f in WebCore::CSSCalcBinaryOperation::createSimplified (op=WebCore::CalcDivide, leftSide=..., rightSide=...) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:338 #2 0x00007ffff0bdb856 in WebCore::CSSCalcExpressionNodeParser::parseValueMultiplicativeExpression (this=0x7fffffff9edf, tokens=0x6dce40, depth=2, index=0x7fffffff9e7c, result=0x7fffffff9e80) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:618 #3 0x00007ffff0bdb9a5 in WebCore::CSSCalcExpressionNodeParser::parseAdditiveValueExpression (this=0x7fffffff9edf, tokens=0x6dce40, depth=1, index=0x7fffffff9e7c, result=0x7fffffff9e80) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:632 #4 0x00007ffff0bdbb93 in WebCore::CSSCalcExpressionNodeParser::parseValueExpression (this=0x7fffffff9edf, tokens=0x6dce40, depth=0, index=0x7fffffff9e7c, result=0x7fffffff9e80) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:656 #5 0x00007ffff0bdb3b0 in WebCore::CSSCalcExpressionNodeParser::parseCalc (this=0x7fffffff9edf, tokens=0x6dce40) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:541 #6 0x00007ffff0bd9047 in WebCore::CSSCalcValue::create (name=..., parserValueList=..., range=WebCore::CalculationRangeNonNegative) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:727 #7 0x00007ffff0c64d65 in WebCore::CSSParser::parseCalculation (this=0x7fffffffbe70, value=0x6dcf18, range=WebCore::CalculationRangeNonNegative) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:9646 #8 0x00007ffff0c468b4 in WebCore::CSSParser::validCalculationUnit (this=0x7fffffffbe70, value=0x6dcf18, unitflags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), releaseCalc=WebCore::CSSParser::DoNotReleaseParsedCalcValue) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:1556 #9 0x00007ffff0c46ad7 in WebCore::CSSParser::validUnit (this=0x7fffffffbe70, value=0x6dcf18, unitflags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), cssParserMode=WebCore::CSSQuirksMode, releaseCalc=WebCore::CSSParser::DoNotReleaseParsedCalcValue) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:1599 #10 0x00007ffff0c6dac0 in WebCore::CSSParser::validUnit (this=0x7fffffffbe70, value=0x6dcf18, unitflags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), releaseCalc=WebCore::CSSParser::DoNotReleaseParsedCalcValue) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.h:617 #11 0x00007ffff0c46de0 in WebCore::CSSParser::validWidth (this=0x7fffffffbe70, value=0x6dcf18) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:1705 #12 0x00007ffff0c487a2 in WebCore::CSSParser::parseValue (this=0x7fffffffbe70, propId=WebCore::CSSPropertyWidth, important=false) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:2150 #13 0x00007ffff1bd9d58 in cssyyparse (parser=0x7fffffffbe70) at /home/martin/Data/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/CSSGrammar.y:1054 #14 0x00007ffff0c43582 in WebCore::CSSParser::parseSheet (this=0x7fffffffbe70, sheet=0x6dc9c0, string=..., startLineNumber=6, ruleSourceDataResult=0x0, logErrors=true) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:438 #15 0x00007ffff0d69913 in WebCore::StyleSheetContents::parseStringAtLine (this=0x6dc9c0, sheetText=..., startLineNumber=6, createdByParser=true) at /home/martin/Data/WebKit/Source/WebCore/css/StyleSheetContents.cpp:326 #16 0x00007ffff0e4a6e0 in WebCore::InlineStyleSheetOwner::createSheet (this=0x6db658, element=..., text=...) at /home/martin/Data/WebKit/Source/WebCore/dom/InlineStyleSheetOwner.cpp:147 #17 0x00007ffff0e4a198 in WebCore::InlineStyleSheetOwner::createSheetFromTextContents (this=0x6db658, element=...) at /home/martin/Data/WebKit/Source/WebCore/dom/InlineStyleSheetOwner.cpp:97 #18 0x00007ffff0e4a155 in WebCore::InlineStyleSheetOwner::finishParsingChildren (this=0x6db658, element=...) at /home/martin/Data/WebKit/Source/WebCore/dom/InlineStyleSheetOwner.cpp:91 #19 0x00007ffff1042c25 in WebCore::HTMLStyleElement::finishParsingChildren (this=0x6db5f0) at /home/martin/Data/WebKit/Source/WebCore/html/HTMLStyleElement.cpp:90 #20 0x00007ffff10e3ab6 in WebCore::HTMLElementStack::popCommon (this=0x6d1368) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLElementStack.cpp:578 #21 0x00007ffff10e24da in WebCore::HTMLElementStack::pop (this=0x6d1368) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLElementStack.cpp:214 #22 0x00007ffff110a4fd in WebCore::HTMLTreeBuilder::processEndTag (this=0x6d1330, token=0x7fffffffd2a0) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2179 #23 0x00007ffff1100cf4 in WebCore::HTMLTreeBuilder::processToken (this=0x6d1330, token=0x7fffffffd2a0) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:386 #24 0x00007ffff1100b06 in WebCore::HTMLTreeBuilder::constructTree (this=0x6d1330, token=0x7fffffffd2a0) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:354 #25 0x00007ffff10dbd60 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x6f48c0, rawToken=...) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:352 #26 0x00007ffff10db9e7 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x6f48c0, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:309 #27 0x00007ffff10db1ed in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x6f48c0, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189 #28 0x00007ffff10dc2a7 in WebCore::HTMLDocumentParser::append (this=0x6f48c0, inputSource=...) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:428 #29 0x00007ffff0dbf43d in WebCore::DecodedDataDocumentParser::flush (this=0x6f48c0, writer=...) at /home/martin/Data/WebKit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #30 0x00007ffff12298c7 in WebCore::DocumentWriter::end (this=0x766dd0) at /home/martin/Data/WebKit/Source/WebCore/loader/DocumentWriter.cpp:245 #31 0x00007ffff1214229 in WebCore::DocumentLoader::finishedLoading (this=0x766d30, finishTime=0) at /home/martin/Data/WebKit/Source/WebCore/loader/DocumentLoader.cpp:440 #32 0x00007ffff1213f92 in WebCore::DocumentLoader::notifyFinished (this=0x766d30, resource=0x7812e0) at /home/martin/Data/WebKit/Source/WebCore/loader/DocumentLoader.cpp:374 #33 0x00007ffff12bf300 in WebCore::CachedResource::checkNotify (this=0x7812e0) at /home/martin/Data/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:332 #34 0x00007ffff12bf3de in WebCore::CachedResource::finishLoading (this=0x7812e0) at /home/martin/Data/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:348 #35 0x00007ffff12bc0da in WebCore::CachedRawResource::finishLoading (this=0x7812e0, data=0x76b7e0) at /home/martin/Data/WebKit/Source/WebCore/loader/cache/CachedRawResource.cpp:97 #36 0x00007ffff12743e8 in WebCore::SubresourceLoader::didFinishLoading (this=0x781820, finishTime=0) at /home/martin/Data/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:310 #37 0x00007ffff12706fb in WebCore::ResourceLoader::didFinishLoading (this=0x781820, finishTime=0) at /home/martin/Data/WebKit/Source/WebCore/loader/ResourceLoader.cpp:510 #38 0x00007ffff1b55071 in WebCore::readCallback (asyncResult=0x7851e0, data=0x781c40) at /home/martin/Data/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1333 #39 0x00007fffec2d3aaa in async_ready_callback_wrapper (source_object=0x66ddb0, res=0x7851e0, user_data=0x781c40) at ginputstream.c:519 #40 0x00007fffec2f347b in g_task_return_now (task=0x7851e0) at gtask.c:1108 #41 0x00007fffec2f3499 in complete_in_idle_cb (task=0x7851e0) at gtask.c:1117 #42 0x00007fffebd43536 in g_main_dispatch (context=0x6691a0) at gmain.c:3065 #43 g_main_context_dispatch (context=context@entry=0x6691a0) at gmain.c:3641 #44 0x00007fffed024708 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffda10, rfds=0x7fffffffd990, ecore_fds=8, ctx=<optimized out>) at ecore_glib.c:171 #45 _ecore_glib_select (ecore_fds=8, rfds=0x7fffffffd990, wfds=0x7fffffffda10, efds=<optimized out>, ecore_timeout=<optimized out>) at ecore_glib.c:205 #46 0x00007fffed01eb37 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466 #47 0x00007fffed01f6c5 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1894 #48 0x00007fffed01f9c7 in ecore_main_loop_begin () at ecore_main.c:956 #49 0x00007ffff7655ea7 in WTF::RunLoop::run () at /home/martin/Data/WebKit/Source/WTF/wtf/efl/RunLoopEfl.cpp:51 #50 0x00007ffff75dd989 in WebKit::WebProcessMainEfl (argc=2, argv=0x7fffffffde98) at /home/martin/Data/WebKit/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:126 #51 0x0000000000400840 in main (argc=2, argv=0x7fffffffde98) at /home/martin/Data/WebKit/Source/WebKit2/efl/MainEfl.cpp:30
Attachments
Proposed patch (11.08 KB, patch)
2014-05-13 08:57 PDT, Martin Hodovan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Martin Hodovan
Comment 1 2014-05-13 08:57:01 PDT
Created attachment 231384 [details] Proposed patch
Darin Adler
Comment 2 2014-05-13 09:38:02 PDT
Comment on attachment 231384 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=231384&action=review > LayoutTests/ChangeLog:8 > + Added test contains calc() expressions with angle, time and frequency values, > + covering all the newly introduced unit types, each of which used to fail. But it doesn’t cover adding or subtracting combinations of these unit types, and the patch adds code to handle that. It doesn’t cover the behavior either. Need much more test coverage. I’d also like to see tests covering serialization of these kinds of style rules.
WebKit Commit Bot
Comment 3 2014-05-13 10:09:13 PDT
Comment on attachment 231384 [details] Proposed patch Clearing flags on attachment: 231384 Committed r168685: <http://trac.webkit.org/changeset/168685>
WebKit Commit Bot
Comment 4 2014-05-13 10:09:18 PDT
All reviewed patches have been landed. Closing bug.
Simon Fraser (smfr)
Comment 5 2014-06-20 08:28:19 PDT
This caused bug 134059.
Note You need to log in before you can comment on or make changes to this bug.