Bug 164076

Summary: ASSERTION FAILED: !m_trailingWhitespaceWidth in WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace
Product: WebKit Reporter: Renata Hodovan <hodovan>
Component: Layout and RenderingAssignee: alan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, esprehn+autocc, glenn, koivisto, kondapallykalyan, simon.fraser, zalan
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test
none
Patch none

Renata Hodovan
Reported 2016-10-27 13:43:09 PDT
Load the attached test with debug WebKitTestRunner: Checked version: 2c9fa6e OS: Darwin-15.6.0-x86_64-i386-64bit <style>a,a{white-space:pre-wrap;font-size:0;display:grid</style><a>&#9 Backtrace: ASSERTION FAILED: !m_trailingWhitespaceWidth WebKit/Source/WebCore/rendering/SimpleLineLayout.cpp(529) : void WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace(Layout::RunVector &) 1 0x1191bc4f1 WTFCrash 2 0x123174387 WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&) 3 0x12316d52d WebCore::SimpleLineLayout::removeTrailingWhitespace(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::SimpleLineLayout::TextFragmentIterator const&) 4 0x12316a75d WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WTF::Optional<unsigned int>, unsigned int&, WebCore::SimpleLineLayout::TextFragmentIterator const&, bool) 5 0x1231640e3 WebCore::SimpleLineLayout::createTextRuns(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::RenderBlockFlow&, unsigned int&) 6 0x123163752 WebCore::SimpleLineLayout::create(WebCore::RenderBlockFlow&) 7 0x12221fbbf WebCore::RenderBlockFlow::layoutSimpleLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 8 0x12221563b WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 9 0x122212791 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 10 0x12215c1b2 WebCore::RenderBlock::layout() 11 0x11ebe93ec WebCore::RenderElement::layoutIfNeeded() 12 0x1224f2e41 WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const 13 0x1224f4652 WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 14 0x1224f373e WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 15 0x1224f657c WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const 16 0x1224eeca7 WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 17 0x1224e5317 WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const 18 0x1224eac6d WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) 19 0x1224e85ad WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) 20 0x12215c1b2 WebCore::RenderBlock::layout() 21 0x11ebe93ec WebCore::RenderElement::layoutIfNeeded() 22 0x1224f2e41 WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const 23 0x1224f4652 WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 24 0x1224f373e WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 25 0x1224f657c WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const 26 0x1224eeca7 WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 27 0x1224e5317 WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const 28 0x1224eac6d WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) 29 0x1224e85ad WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) 30 0x12215c1b2 WebCore::RenderBlock::layout() 31 0x11ebe93ec WebCore::RenderElement::layoutIfNeeded() ASAN:DEADLYSIGNAL ================================================================= ==9085==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001191bc529 bp 0x7fff502e1690 sp 0x7fff502e1680 T0) #0 0x1191bc528 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) #1 0x123174386 in WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d21386) #2 0x12316d52c in WebCore::SimpleLineLayout::removeTrailingWhitespace(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::SimpleLineLayout::TextFragmentIterator const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d1a52c) #3 0x12316a75c in WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WTF::Optional<unsigned int>, unsigned int&, WebCore::SimpleLineLayout::TextFragmentIterator const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d1775c) #4 0x1231640e2 in WebCore::SimpleLineLayout::createTextRuns(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::RenderBlockFlow&, unsigned int&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d110e2) #5 0x123163751 in WebCore::SimpleLineLayout::create(WebCore::RenderBlockFlow&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d10751) #6 0x12221fbbe in WebCore::RenderBlockFlow::layoutSimpleLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dccbbe) #7 0x12221563a in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dc263a) #8 0x122212790 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dbf790) #9 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #10 0x11ebe93eb in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x17963eb) #11 0x1224f2e40 in WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509fe40) #12 0x1224f4651 in WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a1651) #13 0x1224f373d in WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a073d) #14 0x1224f657b in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a357b) #15 0x1224eeca6 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509bca6) #16 0x1224e5316 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5092316) #17 0x1224eac6c in WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5097c6c) #18 0x1224e85ac in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50955ac) #19 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #20 0x11ebe93eb in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x17963eb) #21 0x1224f2e40 in WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509fe40) #22 0x1224f4651 in WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a1651) #23 0x1224f373d in WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a073d) #24 0x1224f657b in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a357b) #25 0x1224eeca6 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509bca6) #26 0x1224e5316 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5092316) #27 0x1224eac6c in WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5097c6c) #28 0x1224e85ac in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50955ac) #29 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #30 0x11ebe93eb in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x17963eb) #31 0x1224f2e40 in WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509fe40) #32 0x1224f4651 in WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a1651) #33 0x1224f373d in WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a073d) #34 0x1224f657b in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a357b) #35 0x1224eeca6 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509bca6) #36 0x1224e5316 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5092316) #37 0x1224eac6c in WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5097c6c) #38 0x1224e85ac in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50955ac) #39 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #40 0x12221d3e3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dca3e3) #41 0x122215f4f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dc2f4f) #42 0x122212807 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dbf807) #43 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #44 0x122ba33b5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57503b5) #45 0x122ba5815 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5752815) #46 0x11ef576a1 in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b046a1) #47 0x11e5df9d5 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x118c9d5) #48 0x11eec51e2 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a721e2) #49 0x11eec4ccb in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71ccb) #50 0x11eec1176 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a6e176) #51 0x11e603ab2 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11b0ab2) #52 0x11f28a555 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e37555) #53 0x11f5825b7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x212f5b7) #54 0x11f2fdcfb in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaacfb) #55 0x11f2f99e6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea69e6) #56 0x11f2f964d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea664d) #57 0x11f2fdd9b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaad9b) #58 0x11f2fddf3 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaadf3) #59 0x11e7c897f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x137597f) #60 0x11e722e56 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cfe56) #61 0x11e72298a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cf98a) #62 0x11da64b23 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611b23) #63 0x11da64d13 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611d13) #64 0x11da59d54 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x606d54) #65 0x123552e8e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ffe8e) #66 0x1113b843e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9143e) #67 0x1113c66ce in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f6ce) #68 0x1113c6374 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f374) #69 0x1113c3680 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9c680) #70 0x1113c1a10 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9aa10) #71 0x1100eada9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c3da9) #72 0x10fafefba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d7fba) #73 0x10fae77c4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c07c4) #74 0x10faffca5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8ca5) #75 0x10fb1025c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e925c) #76 0x10fb10188 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9188) #77 0x119240830 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d85830) #78 0x11928ad50 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dcfd50) #79 0x11928bb11 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dd0b11) #80 0x7fff81c1f880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880) #81 0x7fff81bfefbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb) #82 0x7fff81bfe4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de) #83 0x7fff81bfded7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7) #84 0x7fff82fde934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #85 0x7fff82fde76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #86 0x7fff82fde5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #87 0x7fff8e643df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #88 0x7fff8e643225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #89 0x7fff8e637d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #90 0x7fff8e601367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #91 0x7fff92f09193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #92 0x7fff92f07bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #93 0x10f90ef73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #94 0x7fff8ab8d5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #95 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) in WTFCrash ==9085==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 9085)
Attachments
Test (70 bytes, application/octet-stream)
2016-10-27 13:43 PDT, Renata Hodovan 		no flags
Details
Patch (4.40 KB, patch)
2016-10-31 11:49 PDT, alan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Renata Hodovan
Comment 1 2016-10-27 13:43:13 PDT
Created attachment 293051 [details] Test
alan
Comment 2 2016-10-28 21:17:12 PDT
It looks like we end up with a NaN tab width when the font-size is 0. FontCascade::tabWidth() -> float tabDeltaWidth = tabWidth - fmodf(position, tabWidth); when tabWidth = 0 -> tabDeltaWidth = NaN diff --git a/Source/WebCore/platform/graphics/FontCascade.h b/Source/WebCore/platform/graphics/FontCascade.h index a463e37..a461402 100644 --- a/Source/WebCore/platform/graphics/FontCascade.h +++ b/Source/WebCore/platform/graphics/FontCascade.h @@ -365,6 +365,8 @@ inline float FontCascade::tabWidth(const Font& font, unsigned tabSize, float pos if (!tabSize) return letterSpacing(); float tabWidth = tabSize * font.spaceWidth() + letterSpacing(); + if (!tabWidth) + return 0; float tabDeltaWidth = tabWidth - fmodf(position, tabWidth); return (tabDeltaWidth < font.spaceWidth() / 2) ? tabWidth : tabDeltaWidth; } ^^ fixes the NaN issue, though I guess it's pretty useless to iterate through all the runs when the font size is 0.
alan
Comment 3 2016-10-28 21:45:55 PDT
early return on zero fonts. diff --git a/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp b/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp index 251dfe3..cb68346 100644 --- a/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp +++ b/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp @@ -149,6 +149,8 @@ float TextFragmentIterator::textWidth(unsigned from, unsigned to, float xPositio auto& segment = *m_currentSegment; ASSERT(segment.start <= from && from <= segment.end && segment.start <= to && to <= segment.end); ASSERT(is<RenderText>(segment.renderer)); + if (!m_style.font.size()) + return 0; if (m_style.font.isFixedPitch() || (from == segment.start && to == segment.end)) return downcast<RenderText>(segment.renderer).width(from - segment.start, to - from, m_style.font, xPosition, nullptr, nullptr); return segment.text.is8Bit() ? runWidth<LChar>(segment, from, to, xPosition) : runWidth<UChar>(segment, from, to, xPosition); @@ -197,7 +199,7 @@ template <typename CharacterType> float TextFragmentIterator::runWidth(const FlowContents::Segment& segment, unsigned startPosition, unsigned endPosition, float xPosition) const { ASSERT(startPosition <= endPosition); - if (startPosition == endPosition) + if (startPosition == endPosition || !m_style.font.size()) return 0; unsigned segmentFrom = startPosition - segment.start; unsigned segmentTo = endPosition - segment.start;
alan
Comment 4 2016-10-31 11:49:35 PDT
Created attachment 293444 [details] Patch
WebKit Commit Bot
Comment 5 2016-10-31 13:19:33 PDT
Comment on attachment 293444 [details] Patch Clearing flags on attachment: 293444 Committed r208170: <http://trac.webkit.org/changeset/208170>
WebKit Commit Bot
Comment 6 2016-10-31 13:19:37 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.