Bug 155646

Summary:

ASSERTION FAILED: areEssentiallyEqual(rendererMappedResult, result) in WebCore::RenderGeometryMap::mapToContainer

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WORKSFORME

Severity:

Normal

CC:

achristensen, bfulgham, jer.noble, simon.fraser

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=155562
https://bugs.webkit.org/show_bug.cgi?id=151030

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test case	none

Renata Hodovan

Reported 2016-03-18 09:49:47 PDT

Created attachment 274423 [details] Test case Load the attached test with minibrowser: <!DOCTYPE html> <style> :invalid { height: 6933px } :valid { position: fixed; } </style> <input size="33921569" required="true"> <input src="chrome://" autofocus="true"> <object vspace="2327064000"></object> <pre> <textarea></textarea> </pre> OS: Mac OS X 10.11.1 (x86_64), x86_64 Checked build: ASAN debug Checked version: 5e169ea Backtrace: ASSERTION FAILED: areEssentiallyEqual(rendererMappedResult, result) /Users/reni/work/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp(119) : WebCore::FloatPoint WebCore::RenderGeometryMap::mapToContainer(const WebCore::FloatPoint &, const WebCore::RenderLayerModelObject *) const 1 0x10f3250d4 WTFCrash 2 0x117bef16a WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatPoint const&, WebCore::RenderLayerModelObject const*) const 3 0x117d0f498 WebCore::RenderGeometryMap::absolutePoint(WebCore::FloatPoint const&) const 4 0x117c92434 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) 5 0x117c93277 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) 6 0x117c93277 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) 7 0x117c920e7 WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, unsigned int) 8 0x114be6717 WebCore::FrameView::layout(bool) 9 0x114c08406 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 10 0x1076167ab WebKit::WebPage::layoutIfNeeded() 11 0x107122469 WebKit::TiledCoreAnimationDrawingArea::flushLayers() 12 0x107123b2c non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() 13 0x116ebeade WebCore::LayerFlushScheduler::layerFlushCallback() 14 0x116ec230f WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const 15 0x116ec222d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ 16 0x116ec21cc std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() 17 0x1131001eb std::__1::function<void ()>::operator()() const 18 0x118479273 WebCore::RunLoopObserver::runLoopObserverFired() 19 0x1184791f0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) 20 0x7fff88849097 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 21 0x7fff88849007 __CFRunLoopDoObservers 22 0x7fff88827fe8 CFRunLoopRunSpecific 23 0x7fff86540d55 RunCurrentEventLoopInMode 24 0x7fff86540b8f ReceiveNextEventCommon 25 0x7fff865409cf _BlockUntilNextEventMatchingListInModeWithFilter 26 0x7fff97bc6d96 _DPSNextEvent 27 0x7fff97bc61c5 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 28 0x7fff97bbad28 -[NSApplication run] 29 0x7fff97b83fbe NSApplicationMain 30 0x7fff9408b4f2 _xpc_objc_main 31 0x7fff94089f1e xpc_main ASAN:SIGSEGV ================================================================= ==43767==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010f32510c bp 0x7fff599a53b0 sp 0x7fff599a53a0 T0) #0 0x10f32510b in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b2110b) #1 0x117bef169 in WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatPoint const&, WebCore::RenderLayerModelObject const*) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4bce169) #2 0x117d0f497 in WebCore::RenderGeometryMap::absolutePoint(WebCore::FloatPoint const&) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4cee497) #3 0x117c92433 in WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c71433) #4 0x117c93276 in WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c72276) #5 0x117c93276 in WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c72276) #6 0x117c920e6 in WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c710e6) #7 0x114be6716 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bc5716) #8 0x114c08405 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1be7405) #9 0x1076167aa in WebKit::WebPage::layoutIfNeeded() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13ac7aa) #10 0x107122468 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xeb8468) #11 0x107123b2b in non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xeb9b2b) #12 0x116ebeadd in WebCore::LayerFlushScheduler::layerFlushCallback() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3e9dadd) #13 0x116ec230e in WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ea130e) #14 0x116ec222c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ea122c) #15 0x116ec21cb in std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ea11cb) #16 0x1131001ea in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0xdf1ea) #17 0x118479272 in WebCore::RunLoopObserver::runLoopObserverFired() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5458272) #18 0x1184791ef in WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54581ef) #19 0x7fff88849096 in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa096) #20 0x7fff88849006 in __CFRunLoopDoObservers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa006) #21 0x7fff88827fe7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fe7) #22 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54) #23 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e) #24 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce) #25 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95) #26 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4) #27 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27) #28 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd) #29 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1) #30 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d) #31 0x1062591cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb) #32 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #33 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash ==43767==ABORTING

Attachments
Test case (284 bytes, text/html) 2016-03-18 09:49 PDT, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2016-03-19 13:45:24 PDT

Did the fix in bug 155562 not work, or is this an entirely different case?

Renata Hodovan

Comment 2 2016-03-19 15:23:33 PDT

(In reply to comment #1) > Did the fix in bug 155562 not work, or is this an entirely different case? I haven't analysed the reason of the bugs but this test fails even with that fix.

Brent Fulgham

Comment 3 2016-08-05 09:37:11 PDT

This problem does not reproduce under r204037. If you believe there is still a problem please reopen the bug and provide a revised test case.

Note You need to log in before you can comment on or make changes to this bug.