Bug 151107

Summary: Should never be reached failure in WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ahmad.saleem792, bfulgham, cdumez, krit, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test none

Description Renata Hodovan 2015-11-10 09:59:23 PST 
Created attachment 265192 [details]
Test

Load the attached test with debug MiniBrowser:

<style>
* {
    border-image: repeating-radial-gradient(circle closest-side at right bottom 8%, InactiveBorder, transparent 5%, transparent);
}
</style>


OS: Ubuntu 15.04 x86_64
Checked build: debug EFL
Checked version: 29ae33c


Backtrace:

SHOULD NEVER BE REACHED
../../Source/WebCore/css/CSSPrimitiveValue.cpp(671) : static double WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble(const WebCore::CSSToLengthConversionData&, short unsigned int, double)
1   0x7f3b4474489f WTFCrash
2   0x7f3b4ba79ece WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble(WebCore::CSSToLengthConversionData const&, unsigned short, double)
3   0x7f3b4ba79b09 WebCore::CSSPrimitiveValue::computeLengthDouble(WebCore::CSSToLengthConversionData const&) const
4   0x7f3b4ba79a5f float WebCore::CSSPrimitiveValue::computeLength<float>(WebCore::CSSToLengthConversionData const&) const
5   0x7f3b4c1b74ce
6   0x7f3b4c1b7569 WebCore::CSSGradientValue::computeEndPoint(WebCore::CSSPrimitiveValue*, WebCore::CSSPrimitiveValue*, WebCore::CSSToLengthConversionData const&, WebCore::FloatSize const&)
7   0x7f3b4c1bafad WebCore::CSSRadialGradientValue::createGradient(WebCore::RenderElement&, WebCore::FloatSize const&)
8   0x7f3b4c1b4d77 WebCore::CSSGradientValue::image(WebCore::RenderElement*, WebCore::FloatSize const&)
9   0x7f3b4ba0809c WebCore::CSSImageGeneratorValue::image(WebCore::RenderElement*, WebCore::FloatSize const&)
10  0x7f3b4b2c5dbb WebCore::StyleGeneratedImage::image(WebCore::RenderElement*, WebCore::FloatSize const&) const
11  0x7f3b4b29fe47 WebCore::NinePieceImage::paint(WebCore::GraphicsContext&, WebCore::RenderElement*, WebCore::RenderStyle const&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, float, WebCore::CompositeOperator) const
12  0x7f3b4b0ca7b0 WebCore::RenderBoxModelObject::paintNinePieceImage(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::NinePieceImage const&, WebCore::CompositeOperator)
13  0x7f3b4b0cc6f5 WebCore::RenderBoxModelObject::paintBorder(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::BackgroundBleedAvoidance, bool, bool)
14  0x7f3b4b0a1786 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
15  0x7f3b4b03b601 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
16  0x7f3b4b03a8d1 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
17  0x7f3b4b161cd0 WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*)
18  0x7f3b4b1600d5 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
19  0x7f3b4b15e9a5 WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
20  0x7f3b4b15e882 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
21  0x7f3b4b160a3b WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
22  0x7f3b4b160294 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
23  0x7f3b4b186aca WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int)
24  0x7f3b4b186e34 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&)
25  0x7f3b4af72d64 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&)
26  0x7f3b4b4dd3ad WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint(WebCore::GraphicsContext&, WebCore::IntRect const&)
27  0x7f3b4beb2612 WebCore::Tile::paintToSurfaceContext(WebCore::GraphicsContext&)
28  0x7f3b4b4e8125 WebCore::UpdateAtlasSurfaceClient::paintToSurfaceContext(WebCore::GraphicsContext&)
29  0x7f3b4a54782b WebKit::WebCoordinatedSurface::paintToSurface(WebCore::IntRect const&, WebCore::CoordinatedSurface::Client*)
30  0x7f3b4b4e7e65 WebCore::UpdateAtlas::paintOnAvailableBuffer(WebCore::IntSize const&, unsigned int&, WebCore::IntPoint&, WebCore::CoordinatedSurface::Client*)
31  0x7f3b4b4d1bf5 WebCore::CompositingCoordinator::paintToSurface(WebCore::IntSize const&, unsigned int, unsigned int&, WebCore::IntPoint&, WebCore::CoordinatedSurface::Client*)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f3b447448a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007f3b447448a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f3b4ba79ece in WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble (conversionData=..., primitiveType=100, value=6.9115854316036512e-310)
    at ../../Source/WebCore/css/CSSPrimitiveValue.cpp:671
#2  0x00007f3b4ba79b09 in WebCore::CSSPrimitiveValue::computeLengthDouble (this=0x7f3b27bb7960, conversionData=...)
    at ../../Source/WebCore/css/CSSPrimitiveValue.cpp:603
#3  0x00007f3b4ba79a5f in WebCore::CSSPrimitiveValue::computeLength<float> (this=0x7f3b27bb7960, conversionData=...)
    at ../../Source/WebCore/css/CSSPrimitiveValue.cpp:589
#4  0x00007f3b4c1b74ce in WebCore::positionFromValue (value=..., conversionData=..., size=..., isHorizontal=true)
    at ../../Source/WebCore/css/CSSGradientValue.cpp:528
#5  0x00007f3b4c1b7569 in WebCore::CSSGradientValue::computeEndPoint (this=0x7f3b27acc000, horizontal=0x7f3b27bb7960, vertical=0x7f3b27bb7978, 
    conversionData=..., size=...) at ../../Source/WebCore/css/CSSGradientValue.cpp:536
#6  0x00007f3b4c1bafad in WebCore::CSSRadialGradientValue::createGradient (this=0x7f3b27acc000, renderer=..., size=...)
    at ../../Source/WebCore/css/CSSGradientValue.cpp:1094
#7  0x00007f3b4c1b4d77 in WebCore::CSSGradientValue::image (this=0x7f3b27acc000, renderer=0x7f3b27bb8228, size=...)
    at ../../Source/WebCore/css/CSSGradientValue.cpp:66
#8  0x00007f3b4ba0809c in WebCore::CSSImageGeneratorValue::image (this=0x7f3b27acc000, renderer=0x7f3b27bb8228, size=...)
    at ../../Source/WebCore/css/CSSImageGeneratorValue.cpp:123
#9  0x00007f3b4b2c5dbb in WebCore::StyleGeneratedImage::image (this=0x7f3b27bd7f50, renderer=0x7f3b27bb8228, size=...)
    at ../../Source/WebCore/rendering/style/StyleGeneratedImage.cpp:90
#10 0x00007f3b4b29fe47 in WebCore::NinePieceImage::paint (this=0x7f3b27bc0418, graphicsContext=..., renderer=0x7f3b27bb8228, style=..., destination=..., 
    source=..., deviceScaleFactor=1, op=WebCore::CompositeSourceOver) at ../../Source/WebCore/rendering/style/NinePieceImage.cpp:208
#11 0x00007f3b4b0ca7b0 in WebCore::RenderBoxModelObject::paintNinePieceImage (this=0x7f3b27bb8228, graphicsContext=..., rect=..., style=..., 
    ninePieceImage=..., op=WebCore::CompositeSourceOver) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:1262
#12 0x00007f3b4b0cc6f5 in WebCore::RenderBoxModelObject::paintBorder (this=0x7f3b27bb8228, info=..., rect=..., style=..., 
    bleedAvoidance=WebCore::BackgroundBleedNone, includeLogicalLeftEdge=true, includeLogicalRightEdge=true)
    at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:1584
#13 0x00007f3b4b0a1786 in WebCore::RenderBox::paintBoxDecorations (this=0x7f3b27bb8228, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBox.cpp:1355
#14 0x00007f3b4b03b601 in WebCore::RenderBlock::paintObject (this=0x7f3b27bb8228, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:1553
#15 0x00007f3b4b03a8d1 in WebCore::RenderBlock::paint (this=0x7f3b27bb8228, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:1420
#16 0x00007f3b4b161cd0 in WebCore::RenderLayer::paintBackgroundForFragments (this=0x7f3b27afe7e0, layerFragments=..., context=..., 
    transparencyLayerContext=..., transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0, 
    subtreePaintRootForRenderer=0x0) at ../../Source/WebCore/rendering/RenderLayer.cpp:4656
#17 0x00007f3b4b1600d5 in WebCore::RenderLayer::paintLayerContents (this=0x7f3b27afe7e0, originalContext=..., paintingInfo=..., paintFlags=96)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:4318
#18 0x00007f3b4b15e9a5 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x7f3b27afe7e0, context=..., paintingInfo=..., paintFlags=96)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:3984
#19 0x00007f3b4b15e882 in WebCore::RenderLayer::paintLayer (this=0x7f3b27afe7e0, context=..., paintingInfo=..., paintFlags=96)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:3966
#20 0x00007f3b4b160a3b in WebCore::RenderLayer::paintList (this=0x7f3b27afe5a0, list=0x7f3b27bfb550, context=..., paintingInfo=..., paintFlags=96)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:4433
#21 0x00007f3b4b160294 in WebCore::RenderLayer::paintLayerContents (this=0x7f3b27afe5a0, originalContext=..., paintingInfo=..., paintFlags=96)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:4339
#22 0x00007f3b4b186aca in WebCore::RenderLayerBacking::paintIntoLayer (this=0x7f3b27bda5e8, graphicsLayer=0x7f3b2782e840, context=..., paintDirtyRect=..., 
    paintBehavior=0, paintingPhase=3) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:2303
#23 0x00007f3b4b186e34 in WebCore::RenderLayerBacking::paintContents (this=0x7f3b27bda5e8, graphicsLayer=0x7f3b2782e840, context=..., paintingPhase=3, 
    clip=...) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:2341
#24 0x00007f3b4af72d64 in WebCore::GraphicsLayer::paintGraphicsLayerContents (this=0x7f3b2782e840, context=..., clip=...)
    at ../../Source/WebCore/platform/graphics/GraphicsLayer.cpp:413
#25 0x00007f3b4b4dd3ad in WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint (this=0x7f3b2782e840, context=..., rect=...)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:876
#26 0x00007f3b4beb2612 in WebCore::Tile::paintToSurfaceContext (this=0x11d7120, context=...)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/Tile.cpp:100
#27 0x00007f3b4b4e8125 in WebCore::UpdateAtlasSurfaceClient::paintToSurfaceContext (this=0x7fffe1917b40, context=...)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:50
#28 0x00007f3b4a54782b in WebKit::WebCoordinatedSurface::paintToSurface (this=0x7f3b27bd7578, rect=..., client=0x7fffe1917b40)
    at ../../Source/WebKit2/Shared/CoordinatedGraphics/WebCoordinatedSurface.cpp:190
#29 0x00007f3b4b4e7e65 in WebCore::UpdateAtlas::paintOnAvailableBuffer (this=0x11971f0, size=..., atlasID=@0x7fffe1917ca0: 1, offset=..., client=0x11d7120)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:110
#30 0x00007f3b4b4d1bf5 in WebCore::CompositingCoordinator::paintToSurface (this=0x7f3b27adf000, size=..., flags=0, atlasID=@0x7fffe1917ca0: 1, offset=..., 
    client=0x11d7120) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:383
#31 0x00007f3b4b4dd88e in WebCore::CoordinatedGraphicsLayer::paintToSurface (this=0x7f3b2782e840, size=..., atlas=@0x7fffe1917ca0: 1, offset=..., 
    client=0x11d7120) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:926
#32 0x00007f3b4beb23ba in WebCore::Tile::updateBackBuffer (this=0x11d7120) at ../../Source/WebCore/platform/graphics/texmap/coordinated/Tile.cpp:75
#33 0x00007f3b4b4e2a13 in WebCore::TiledBackingStore::updateTileBuffers (this=0x7f3b27bce980)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp:100
#34 0x00007f3b4b4e334e in WebCore::TiledBackingStore::createTiles (this=0x7f3b27bce980, visibleRect=..., scaledContentsRect=...)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp:234
#35 0x00007f3b4b4e2705 in WebCore::TiledBackingStore::createTilesIfNeeded (this=0x7f3b27bce980, unscaledVisibleRect=..., contentsRect=...)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp:64
#36 0x00007f3b4b4dddd0 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x7f3b2782e840)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:995
#37 0x00007f3b4b4ddbee in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f3b2782e840)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:967
#38 0x00007f3b4b4ddc3f in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f3b2782e000)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#39 0x00007f3b4b4ddc3f in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f3b2781d180)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#40 0x00007f3b4b4d0441 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7f3b27adf000)
    at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:99
#41 0x00007f3b4a5fa626 in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7f3b27be3210)
    at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:212
#42 0x00007f3b4a5fa6de in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7f3b27be3210)
    at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:227
#43 0x00007f3b4a5fbf27 in std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const (
    this=0x11071c0, __object=0x7f3b27be3210) at /usr/include/c++/4.9/functional:569
#44 0x00007f3b4a5fbdd9 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x11071c0, 
    __args=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x10504e98, DIE 0x10676d67>)
    at /usr/include/c++/4.9/functional:1264
#45 0x00007f3b4a5fbc51 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() (
    this=0x11071c0) at /usr/include/c++/4.9/functional:1323
#46 0x00007f3b4a5fb9aa in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.9/functional:2039
#47 0x00007f3b4a05f392 in std::function<void ()>::operator()() const (this=0x7f3b27be3280) at /usr/include/c++/4.9/functional:2439
#48 0x00007f3b4a10bbaa in WebCore::Timer::fired (this=0x7f3b27be3248) at ../../Source/WebCore/platform/Timer.h:133
#49 0x00007f3b4af032cd in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f3b27bd7258) at ../../Source/WebCore/platform/ThreadTimers.cpp:121
#50 0x00007f3b4af02ebb in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0x10fe160) at ../../Source/WebCore/platform/ThreadTimers.cpp:73
#51 0x00007f3b4af034de in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039
#52 0x00007f3b4a05f392 in std::function<void ()>::operator()() const (this=0x7f3b4fdceae8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>)
    at /usr/include/c++/4.9/functional:2439
#53 0x00007f3b4bc97225 in WebCore::MainThreadSharedTimer::fired (this=0x7f3b4fdceae0 <WebCore::MainThreadSharedTimer::singleton()::instance>)
    at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52
#54 0x00007f3b4bea52d0 in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44
#55 0x00007f3b42106d1e in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336
#56 _ecore_timer_expired_call (when=980823.30137130397) at lib/ecore/ecore_timer.c:733
#57 0x00007f3b42106e6b in _ecore_timer_expired_timers_call (when=980823.30137130397) at lib/ecore/ecore_timer.c:686
#58 0x00007f3b42102b41 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1812
#59 0x00007f3b42102fc7 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983
#60 0x00007f3b4479f795 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#61 0x00007f3b4a5ff87d in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffe19185c8)
    at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#62 0x00007f3b4a5ff48b in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffe19185c8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#63 0x00000000004008ea in main (argc=2, argv=0x7fffe19185c8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Comment 1 Brent Fulgham 2016-08-04 18:24:24 PDT 
This reproduces in r204037.
Comment 2 Radar WebKit Bug Importer 2016-08-04 18:24:44 PDT 
<rdar://problem/27711750>
Comment 3 Ahmad Saleem 2023-01-20 10:50:52 PST 
I am not able to hit this assertion using attached case on Minibrowser WK2 Debug build based of 259136@main.

Do we need to track this any further? Thanks!
Comment 4 Brent Fulgham 2024-01-22 15:18:21 PST 
Closing based on Ahmad's testing.