Bug 139397

Summary: Should never be reached failure in WebCore::floatValueForLength
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: CSSAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, joethomas, koivisto, sabouhallawa, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case
none
Patch none

Description Renata Hodovan 2014-12-08 07:27:31 PST 
Created attachment 242810 [details]
Test case

Load this with debug WK:

<!DOCTYPE html>
<svg>
    <rect style="width: -webkit-fit-content;"></rect>
</svg>


Backtrace:

SHOULD NEVER BE REACHED
../../Source/WebCore/css/LengthFunctions.cpp(142) : float WebCore::floatValueForLength(const WebCore::Length&, float)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff98927700 (LWP 17446)]
0x00007fffedbca36f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321	    *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fffedbca36f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff2f7b689 in WebCore::floatValueForLength (length=..., maximumValue=300) at ../../Source/WebCore/css/LengthFunctions.cpp:142
#2  0x00007ffff3d01143 in WebCore::SVGLengthContext::valueForLength (this=0x7fffffffbd30, length=..., mode=WebCore::LengthModeWidth) at ../../Source/WebCore/svg/SVGLengthContext.cpp:102
#3  0x00007ffff3bc496b in WebCore::RenderSVGRect::updateShapeFromElement (this=0x7cd890) at ../../Source/WebCore/rendering/svg/RenderSVGRect.cpp:59
#4  0x00007ffff3be5535 in WebCore::RenderSVGShape::layout (this=0x7cd890) at ../../Source/WebCore/rendering/svg/RenderSVGShape.cpp:163
#5  0x00007ffff3bf7030 in WebCore::SVGRenderSupport::layoutChildren (start=..., selfNeedsLayout=true) at ../../Source/WebCore/rendering/svg/SVGRenderSupport.cpp:276
#6  0x00007ffff3be17a8 in WebCore::RenderSVGRoot::layout (this=0x841b70) at ../../Source/WebCore/rendering/svg/RenderSVGRoot.cpp:179
#7  0x00007ffff3900519 in WebCore::RenderElement::layoutIfNeeded (this=0x841b70) at ../../Source/WebCore/rendering/RenderElement.h:119
#8  0x00007ffff397faac in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x6c2890, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1500
#9  0x00007ffff395f687 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x6c2890, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:640
#10 0x00007ffff395e98a in WebCore::RenderBlockFlow::layoutBlock (this=0x6c2890, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:471
#11 0x00007ffff393456f in WebCore::RenderBlock::layout (this=0x6c2890) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#12 0x00007ffff395fa64 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x6c1310, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:699
#13 0x00007ffff395f581 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x6c1310, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:620
#14 0x00007ffff395e9ae in WebCore::RenderBlockFlow::layoutBlock (this=0x6c1310, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:473
#15 0x00007ffff393456f in WebCore::RenderBlock::layout (this=0x6c1310) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#16 0x00007ffff395fa64 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x747a00, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:699
#17 0x00007ffff395f581 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x747a00, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:620
#18 0x00007ffff395e9ae in WebCore::RenderBlockFlow::layoutBlock (this=0x747a00, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:473
#19 0x00007ffff393456f in WebCore::RenderBlock::layout (this=0x747a00) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#20 0x00007ffff3b2e84d in WebCore::RenderView::layoutContent (this=0x747a00, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232
#21 0x00007ffff3b2ef1d in WebCore::RenderView::layout (this=0x747a00) at ../../Source/WebCore/rendering/RenderView.cpp:357
#22 0x00007ffff369c389 in WebCore::FrameView::layout (this=0x829950, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1313
#23 0x00007ffff3067dc5 in WebCore::Document::implicitClose (this=0x473860) at ../../Source/WebCore/dom/Document.cpp:2486
#24 0x00007ffff3547a0d in WebCore::FrameLoader::checkCallImplicitClose (this=0x701e88) at ../../Source/WebCore/loader/FrameLoader.cpp:898
#25 0x00007ffff3547779 in WebCore::FrameLoader::checkCompleted (this=0x701e88) at ../../Source/WebCore/loader/FrameLoader.cpp:844
#26 0x00007ffff35474e2 in WebCore::FrameLoader::finishedParsing (this=0x701e88) at ../../Source/WebCore/loader/FrameLoader.cpp:764
#27 0x00007ffff3070c99 in WebCore::Document::finishedParsing (this=0x473860) at ../../Source/WebCore/dom/Document.cpp:4615
#28 0x00007ffff33c6039 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7467f8) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395
#29 0x00007ffff3403a33 in WebCore::HTMLTreeBuilder::finished (this=0x7467e0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3009
#30 0x00007ffff33ced4e in WebCore::HTMLDocumentParser::end (this=0x616c50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#31 0x00007ffff33cee39 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x616c50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#32 0x00007ffff33cd8e7 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x616c50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#33 0x00007ffff33cee7c in WebCore::HTMLDocumentParser::attemptToEnd (this=0x616c50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#34 0x00007ffff33cef33 in WebCore::HTMLDocumentParser::finish (this=0x616c50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#35 0x00007ffff3538b7f in WebCore::DocumentWriter::end (this=0x8c1620) at ../../Source/WebCore/loader/DocumentWriter.cpp:246
#36 0x00007ffff35248db in WebCore::DocumentLoader::finishedLoading (this=0x8c1580, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440
#37 0x00007ffff3524644 in WebCore::DocumentLoader::notifyFinished (this=0x8c1580, resource=0x7cfa70) at ../../Source/WebCore/loader/DocumentLoader.cpp:374
#38 0x00007ffff35d5370 in WebCore::CachedResource::checkNotify (this=0x7cfa70) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293
#39 0x00007ffff35d546e in WebCore::CachedResource::finishLoading (this=0x7cfa70) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309
#40 0x00007ffff35d1b63 in WebCore::CachedRawResource::finishLoading (this=0x7cfa70, data=0x8a88d0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104
#41 0x00007ffff358594c in WebCore::SubresourceLoader::didFinishLoading (this=0x7d0130, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:306
#42 0x00007ffff35816e1 in WebCore::ResourceLoader::didFinishLoading (this=0x7d0130, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:508
#43 0x00007ffff3f303e1 in WebCore::readCallback (asyncResult=0x6b8a00, data=0x7d2f60) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1300
#44 0x00007fffeb7ab7d6 in async_ready_callback_wrapper (source_object=0x7ce830, res=0x6b8a00, user_data=user_data@entry=0x7d2f60) at ginputstream.c:523
#45 0x00007fffeb7d10d5 in g_task_return_now (task=0x6b8a00) at gtask.c:1077
#46 0x00007fffeb7d10f9 in complete_in_idle_cb (task=0x6b8a00) at gtask.c:1086
#47 0x00007fffeaa10a1d in g_main_dispatch (context=0x47a580) at gmain.c:3064
#48 g_main_context_dispatch (context=context@entry=0x47a580) at gmain.c:3663
#49 0x00007fffeaa10d88 in g_main_context_iterate (context=0x47a580, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734
#50 0x00007fffeaa1104a in g_main_loop_run (loop=0x4b8890) at gmain.c:3928
#51 0x00007ffff45df9dc in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#52 0x00007ffff2b44f82 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#53 0x00007ffff2b44de7 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#54 0x0000000000400891 in main (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Comment 1 Brent Fulgham 2016-08-04 12:00:51 PDT 
Reproduces under r204037.
Comment 2 Radar WebKit Bug Importer 2016-08-04 12:01:13 PDT 
<rdar://problem/27704376>
Comment 3 Radar WebKit Bug Importer 2016-08-04 12:01:17 PDT 
<rdar://problem/27704377>
Comment 4 Brent Fulgham 2016-08-04 12:02:19 PDT 
Asserting because type is 'FitContent'
Comment 5 zalan 2016-09-02 16:16:47 PDT 
Created attachment 287830 [details]
Patch
Comment 6 WebKit Commit Bot 2016-09-02 17:55:34 PDT 
Comment on attachment 287830 [details]
Patch

Clearing flags on attachment: 287830

Committed r205392: <http://trac.webkit.org/changeset/205392>
Comment 7 WebKit Commit Bot 2016-09-02 17:55:38 PDT 
All reviewed patches have been landed.  Closing bug.