Bug 166010

Summary: ASSERTION FAILED: !parent->renderer()->isEmbeddedObject() in WebCore::HTMLEmbedElement::rendererIsNeeded
Product: WebKit Reporter: Renata Hodovan <hodovan>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: ahmad.saleem792, cdumez, koivisto, zalan
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test none

Renata Hodovan
Reported 2016-12-18 03:36:35 PST
Load the attached test with debug WebKitTestRunner: Checked version: f368f1d OS: Darwin-15.6.0-x86_64-i386-64bit <object><embed src><LINK REL="stylesheet"href=.> Backtrace: ASSERTION FAILED: !parent->renderer()->isEmbeddedObject() WebKit/Source/WebCore/html/HTMLEmbedElement.cpp(199) : virtual bool WebCore::HTMLEmbedElement::rendererIsNeeded(const WebCore::RenderStyle &) 1 0x11980bf31 WTFCrash 2 0x11fc2f78b WebCore::HTMLEmbedElement::rendererIsNeeded(WebCore::RenderStyle const&) 3 0x1242a4d28 WebCore::Style::affectsRenderedSubtree(WebCore::Element&, WebCore::RenderStyle const&) 4 0x1242a3524 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) 5 0x1242a6d40 WebCore::Style::TreeResolver::resolveComposedTree() 6 0x1242a887a WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) 7 0x11ee814a3 WebCore::Document::recalcStyle(WebCore::Style::Change) 8 0x11ee6c10b WebCore::Document::updateStyleIfNeeded() 9 0x11f8439e7 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 10 0x111086a85 WebKit::WebPage::layoutIfNeeded() 11 0x1109daf58 WebKit::TiledCoreAnimationDrawingArea::flushLayers() 12 0x12244795c WebCore::LayerFlushScheduler::layerFlushCallback() 13 0x12244ad6c WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const 14 0x12244ac8d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ 15 0x12244ac39 std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() 16 0x11de01445 std::__1::function<void ()>::operator()() const 17 0x123ac355f WebCore::RunLoopObserver::runLoopObserverFired() 18 0x123ac34e0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) 19 0x7fff927c8fc7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 20 0x7fff927c8f37 __CFRunLoopDoObservers 21 0x7fff927a7e58 CFRunLoopRunSpecific 22 0x7fff90b63935 RunCurrentEventLoopInMode 23 0x7fff90b6376f ReceiveNextEventCommon 24 0x7fff90b635af _BlockUntilNextEventMatchingListInModeWithFilter 25 0x7fff95a03df6 _DPSNextEvent 26 0x7fff95a03226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 27 0x7fff959f7d80 -[NSApplication run] 28 0x7fff959c1368 NSApplicationMain 29 0x7fff897b8194 _xpc_objc_main 30 0x7fff897b6bbe xpc_main 31 0x10fc81f74 main ASAN:DEADLYSIGNAL ================================================================= ==53912==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011980bf69 bp 0x7fff4ff79a60 sp 0x7fff4ff79a50 T0) #0 0x11980bf68 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e6ef68) #1 0x11fc2f78a in WebCore::HTMLEmbedElement::rendererIsNeeded(WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f2578a) #2 0x1242a4d27 in WebCore::Style::affectsRenderedSubtree(WebCore::Element&, WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659ad27) #3 0x1242a3523 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6599523) #4 0x1242a6d3f in WebCore::Style::TreeResolver::resolveComposedTree() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659cd3f) #5 0x1242a8879 in WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659e879) #6 0x11ee814a2 in WebCore::Document::recalcStyle(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11774a2) #7 0x11ee6c10a in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x116210a) #8 0x11f8439e6 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b399e6) #9 0x111086a84 in WebKit::WebPage::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13eda84) #10 0x1109daf57 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xd41f57) #11 0x12244795b in WebCore::LayerFlushScheduler::layerFlushCallback() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x473d95b) #12 0x12244ad6b in WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740d6b) #13 0x12244ac8c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740c8c) #14 0x12244ac38 in std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740c38) #15 0x11de01444 in std::__1::function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0xf7444) #16 0x123ac355e in WebCore::RunLoopObserver::runLoopObserverFired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5db955e) #17 0x123ac34df in WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5db94df) #18 0x7fff927c8fc6 in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9fc6) #19 0x7fff927c8f36 in __CFRunLoopDoObservers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9f36) #20 0x7fff927a7e57 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e57) #21 0x7fff90b63934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #22 0x7fff90b6376e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #23 0x7fff90b635ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #24 0x7fff95a03df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #25 0x7fff95a03225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #26 0x7fff959f7d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #27 0x7fff959c1367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #28 0x7fff897b8193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #29 0x7fff897b6bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #30 0x10fc81f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #31 0x7fff9c5a45ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #32 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e6ef68) in WTFCrash ==53912==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 53912)
Attachments
Test (48 bytes, text/html)
2016-12-18 03:36 PST, Renata Hodovan
no flags
Renata Hodovan
Comment 1 2016-12-18 03:36:38 PST
Ahmad Saleem
Comment 2 2023-01-20 10:11:21 PST
Loading this test case in WK2 Debug Mini-Browser only load following in Terminal logs: CONSOLE SECURITY ERROR Did not parse stylesheet at 'https://bug-166010-attachments.webkit.org/' because non CSS MIME types are not allowed when 'X-Content-Type-Options: nosniff' is given. Any steps to reproduce it or if it is not instantly showing assert failed while loading, we can consider this as fixed or resolved?
Ahmad Saleem
Comment 3 2023-01-20 10:11:45 PST
(In reply to Ahmad Saleem from comment #2) > Loading this test case in WK2 Debug Mini-Browser only load following in > Terminal logs: > > CONSOLE SECURITY ERROR Did not parse stylesheet at > 'https://bug-166010-attachments.webkit.org/' because non CSS MIME types are > not allowed when 'X-Content-Type-Options: nosniff' is given. > > Any steps to reproduce it or if it is not instantly showing assert failed > while loading, we can consider this as fixed or resolved? WebKit Debug based of 259136@main.
Note You need to log in before you can comment on or make changes to this bug.