Bug 200340

Summary:

[Win] Specifying huge font-size causes crashing

Product:

WebKit

Reporter:

Fujii Hironori <Hironori.Fujii>

Component:

Platform

Assignee:

Fujii Hironori <Hironori.Fujii>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, don.olmstead, ews-watchlist, mmaxfield, pvollan, ross.kirsling, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=196463

Attachments:

Description	Flags
test case (font-size:1500)	none
WIP patch	none
float-append-child-crash-crash-log.txt	none
Patch	none

Description Fujii Hironori 2019-08-01 02:16:06 PDT

[WinCairo] Specifying huge font-size causes crashing

In Debug build, an assertion fails. "Bitmap fonts not supported with CoreGraphics."

Callstack:

> WTF.dll!WTFCrash() Line 305	C++
> WebKit.dll!WebCore::FontPlatformData::FontPlatformData(WTF::GDIObject<HFONT__ *> font, float size, bool bold, bool oblique, bool useGDI) Line 57	C++
> [External Code]	
> WebKit.dll!WebCore::FontCache::createFontPlatformData(const WebCore::FontDescription & fontDescription, const WTF::AtomString & family, const WebCore::FontTaggedSettings<int> *, const WebCore::FontVariantSettings *, WebCore::FontSelectionSpecifiedCapabilities) Line 652	C++
> WebKit.dll!WebCore::FontCache::getCachedFontPlatformData(const WebCore::FontDescription & fontDescription, const WTF::AtomString & passedFamilyName, const WebCore::FontTaggedSettings<int> * fontFaceFeatures, const WebCore::FontVariantSettings * fontFaceVariantSettings, WebCore::FontSelectionSpecifiedCapabilities fontFaceCapabilities, bool checkingAlternateName) Line 234	C++
> WebKit.dll!WebCore::FontCache::fontForFamily(const WebCore::FontDescription & fontDescription, const WTF::AtomString & family, const WebCore::FontTaggedSettings<int> * fontFaceFeatures, const WebCore::FontVariantSettings * fontFaceVariantSettings, WebCore::FontSelectionSpecifiedCapabilities fontFaceCapabilities, bool checkingAlternateName) Line 328	C++
> WebKit.dll!WebCore::CSSFontSelector::fontRangesForFamily(const WebCore::FontDescription & fontDescription, const WTF::AtomString & familyName) Line 344	C++
> WebKit.dll!WebCore::realizeNextFallback::<unnamed-tag>::operator()(const WTF::AtomString & family) Line 147	C++
> WebKit.dll!WTF::__visit_helper<0,WTF::__index_sequence<0> >::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> >(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1901	C++
> WebKit.dll!WTF::__visit_helper2<0,1>::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1936	C++
> WebKit.dll!WTF::__visit_helper2<1,1>::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1936	C++
> WebKit.dll!WTF::__visit_helper<1,WTF::__index_sequence<> >::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1975	C++
> WebKit.dll!WTF::visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> &,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1987	C++
> WebKit.dll!WebCore::realizeNextFallback(const WebCore::FontCascadeDescription & description, unsigned int & index, WebCore::FontSelector * fontSelector) Line 158	C++
> WebKit.dll!WebCore::FontCascadeFonts::realizeFallbackRangesAt(const WebCore::FontCascadeDescription & description, unsigned int index) Line 184	C++
> WebKit.dll!WebCore::FontCascadeFonts::primaryFont(const WebCore::FontCascadeDescription & description) Line 128	C++
> WebKit.dll!WebCore::FontCascade::primaryFont() Line 337	C++
> WebKit.dll!WebCore::SimpleLineLayout::canUseForFontAndText(const WebCore::RenderBlockFlow & flow, WebCore::SimpleLineLayout::IncludeReasons includeReasons) Line 162	C++
> WebKit.dll!WebCore::SimpleLineLayout::canUseForWithReason(const WebCore::RenderBlockFlow & flow, WebCore::SimpleLineLayout::IncludeReasons includeReasons) Line 347	C++
> WebKit.dll!WebCore::SimpleLineLayout::canUseFor(const WebCore::RenderBlockFlow & flow) Line 355	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, WebCore::LayoutUnit & repaintLogicalBottom) Line 669	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 508	C++
> WebKit.dll!WebCore::RenderBlock::layout() Line 603	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 738	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 637	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 511	C++
> WebKit.dll!WebCore::RenderBlock::layout() Line 603	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 738	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 637	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 511	C++
> WebKit.dll!WebCore::RenderBlock::layout() Line 603	C++
> WebKit.dll!WebCore::RenderView::layout() Line 186	C++
> WebKit.dll!WebCore::FrameViewLayoutContext::layout() Line 217	C++
> WebKit.dll!WebCore::Document::implicitClose() Line 3009	C++
> WebKit.dll!WebCore::FrameLoader::checkCallImplicitClose() Line 959	C++
> WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 899	C++
> WebKit.dll!WebCore::FrameLoader::finishedParsing() Line 788	C++
> WebKit.dll!WebCore::Document::finishedParsing() Line 5691	C++
> WebKit.dll!WebCore::HTMLConstructionSite::finishedParsing() Line 420	C++
> WebKit.dll!WebCore::HTMLTreeBuilder::finished() Line 2845	C++
> WebKit.dll!WebCore::HTMLDocumentParser::end() Line 429	C++
> WebKit.dll!WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() Line 438	C++
> WebKit.dll!WebCore::HTMLDocumentParser::prepareToStopParsing() Line 143	C++
> WebKit.dll!WebCore::HTMLDocumentParser::attemptToEnd() Line 450	C++
> WebKit.dll!WebCore::HTMLDocumentParser::finish() Line 478	C++
> WebKit.dll!WebCore::DocumentWriter::end() Line 276	C++
> WebKit.dll!WebCore::DocumentLoader::finishedLoading() Line 445	C++
> WebKit.dll!WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource & resource) Line 393	C++
> WebKit.dll!WebCore::CachedResource::checkNotify() Line 351	C++
> WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::SharedBuffer *) Line 369	C++
> WebKit.dll!WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer * data) Line 121	C++
> WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(const WebCore::NetworkLoadMetrics & networkLoadMetrics) Line 661	C++
> WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle *) Line 706	C++
> WebKit.dll!WebCore::CurlResourceHandleDelegate::curlDidComplete(WebCore::CurlRequest &, WebCore::NetworkLoadMetrics &&) Line 166	C++
> WebKit.dll!WebCore::CurlRequest::didCompleteTransfer::<unnamed-tag>::operator()(WebCore::CurlRequest & request, WebCore::CurlRequestClient & client) Line 462	C++
> WebKit.dll!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebCore\platform\network\curl\CurlRequest.cpp:458:20',void,WebCore::CurlRequest &,WebCore::CurlRequestClient &>::call(WebCore::CurlRequest & in, WebCore::CurlRequestClient & in) Line 52	C++
> WebKit.dll!WTF::Function<void (WebCore::CurlRequest &, WebCore::CurlRequestClient &)>::operator()(WebCore::CurlRequest & in, WebCore::CurlRequestClient & in) Line 79	C++
> WebKit.dll!WebCore::CurlRequest::callClient::<unnamed-tag>::operator()() Line 181	C++
> WebKit.dll!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebCore\platform\network\curl\CurlRequest.cpp:179:21',void>::call() Line 52	C++
> WTF.dll!WTF::Function<void ()>::operator()() Line 79	C++
> WTF.dll!WTF::dispatchFunctionsFromMainThread() Line 114	C++
> WTF.dll!WTF::ThreadingWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 48	C++
> [External Code]	
> WebKit.dll!WebKitMessageLoop::run(HACCEL__ * hAccelTable) Line 94	C++
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 97	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 115	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 232	C++
> [External Code]

Comment 1 Fujii Hironori 2019-08-01 02:16:20 PDT

Created attachment 375295 [details]
test case (font-size:1500)

Comment 2 Fujii Hironori 2019-08-01 02:57:46 PDT

The following LayoutTests are crashing with the same callstack:

fast/block/float/float-append-child-crash.html
fast/multicol/assert-on-column-count-when-zoomed-in.html
fast/scrolling/adjust-scroll-offset-on-zoom.html
fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash.html
fast/text/combining-mark-paint.html
fast/text/international/spaces-combined-in-vertical-text.html

Comment 3 Fujii Hironori 2019-08-02 01:22:20 PDT

Created attachment 375401 [details]
WIP patch

Comment 4 Fujii Hironori 2019-08-04 21:17:52 PDT

Created attachment 375518 [details]
float-append-child-crash-crash-log.txt

In Relese build, the crash happens in FontCache::lastResortFallbackFont.

Callstack:

> WebKit2!WTF::RefCountedBase::ref [C:\webkit\gc\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 46]
> WebKit2!WTF::Ref<WebCore::Font,WTF::DumbPtrTraits<WebCore::Font> >::Ref+0x7 [C:\webkit\gc\WebKitBuild\Release\WTF\Headers\wtf\Ref.h @ 66]
> WebKit2!WebCore::FontCache::lastResortFallbackFont(class WebCore::FontDescription * fontDescription = 0x000001ff`e98f5cc0)+0x4fc [C:\webkit\gc\Source\WebCore\platform\graphics\win\FontCacheWin.cpp @ 398]
> WebKit2!WebCore::FontCascadeFonts::realizeFallbackRangesAt(class WebCore::FontCascadeDescription * description = 0x000001ff`e98f5cc0, unsigned int index = <Value unavailable error>)+0x571 [C:\webkit\gc\Source\WebCore\platform\graphics\FontCascadeFonts.cpp @ 188]
> WebKit2!WebCore::FontCascadeFonts::primaryFont(class WebCore::FontCascadeDescription * description = 0x000001ff`e98f5cc0)+0x37 [C:\webkit\gc\WebKitBuild\Release\WebCore\PrivateHeaders\WebCore\FontCascadeFonts.h @ 128]
> WebKit2!WebCore::FontCascade::primaryFont+0xd [C:\webkit\gc\Source\WebCore\platform\graphics\FontCascade.h @ 337]
> WebKit2!WebCore::SimpleLineLayout::canUseForFontAndText+0x18 [C:\webkit\gc\Source\WebCore\rendering\SimpleLineLayout.cpp @ 162]
> WebKit2!WebCore::SimpleLineLayout::canUseForWithReason(class WebCore::RenderBlockFlow * flow = 0x000001ff`e9c2be40, WebCore::SimpleLineLayout::IncludeReasons includeReasons = First (0n0))+0x9bb [C:\webkit\gc\Source\WebCore\rendering\SimpleLineLayout.cpp @ 347]
> WebKit2!WebCore::SimpleLineLayout::canUseFor(class WebCore::RenderBlockFlow * flow = 0xe43796b5`a6f60000)+0xb [C:\webkit\gc\Source\WebCore\rendering\SimpleLineLayout.cpp @ 355]
> WebKit2!WebCore::RenderBlockFlow::layoutInlineChildren(class WebCore::LayoutUnit * repaintLogicalTop = 0x000000bb`1c7cd770, class WebCore::LayoutUnit * repaintLogicalBottom = 0x000000bb`1c7cd768)+0x28 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 669]
> WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x35f [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 511]
> WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e9c2be40, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`00208894, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7cd9c8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cda70)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cda70)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637]
> WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510]
> WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e9c2bae0, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`00008a94, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7cdcd8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cdd80)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cdd80)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637]
> WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510]
> WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e7868e40, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`00088894, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7cdfe8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce090)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce090)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637]
> WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510]
> WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e7868780, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`40018894, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7ce2f8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce3a0)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738]
> WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce3a0)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637]
> WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510]
> WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603]
> WebKit2!WebCore::RenderView::layout(void)+0x350 [C:\webkit\gc\Source\WebCore\rendering\RenderView.cpp @ 191]
> WebKit2!WebCore::FrameViewLayoutContext::layout(void)+0x48a [C:\webkit\gc\Source\WebCore\page\FrameViewLayoutContext.cpp @ 221]
> WebKit2!WebCore::Document::updateLayout(void)+0xf0 [C:\webkit\gc\Source\WebCore\dom\Document.cpp @ 2080]
> WebKit2!WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks runPostLayoutTasks = Asynchronously (0n0))+0x56 [C:\webkit\gc\Source\WebCore\dom\Document.cpp @ 2095]
> WebKit2!WebCore::Element::offsetTop+0xf [C:\webkit\gc\Source\WebCore\dom\Element.cpp @ 1078]
> WebKit2!WebCore::Element::offsetTopForBindings(void)+0x3b [C:\webkit\gc\Source\WebCore\dom\Element.cpp @ 1057]
> WebKit2!WebCore::jsHTMLElementOffsetTopGetter+0x9 [C:\webkit\gc\WebKitBuild\Release\WebCore\DerivedSources\JSHTMLElement.cpp @ 1046]
> WebKit2!WebCore::IDLAttribute<WebCore::JSHTMLElement>::get+0x9 [C:\webkit\gc\Source\WebCore\bindings\js\JSDOMAttribute.h @ 69]
> WebKit2!WebCore::jsHTMLElementOffsetTop(class JSC::ExecState * state = <Value unavailable error>, int64 thisValue = <Value unavailable error>)+0x13 [C:\webkit\gc\WebKitBuild\Release\WebCore\DerivedSources\JSHTMLElement.cpp @ 1052]
> JavaScriptCore!JSC::PropertySlot::customGetter(class JSC::ExecState * exec = <Value unavailable error>, class JSC::PropertyName propertyName = <Value unavailable error>)+0x96 [C:\webkit\gc\Source\JavaScriptCore\runtime\PropertySlot.cpp @ 50]
> JavaScriptCore!JSC::PropertySlot::getValue+0x194 [C:\webkit\gc\Source\JavaScriptCore\runtime\PropertySlot.h @ 414]
> JavaScriptCore!JSC::JSValue::get+0x9ee [C:\webkit\gc\Source\JavaScriptCore\runtime\JSCJSValueInlines.h @ 873]
> JavaScriptCore!llint_slow_path_get_by_id(class JSC::ExecState * exec = 0x000000bb`1c7cea30, struct JSC::Instruction * pc = 0x000001ff`e992793a)+0xba4 [C:\webkit\gc\Source\JavaScriptCore\llint\LLIntSlowPaths.cpp @ 762]
> JavaScriptCore!llint_entry+0xa166
> 0x1

Comment 5 Fujii Hironori 2019-08-04 21:24:43 PDT

Created attachment 375519 [details]
Patch

Comment 6 Fujii Hironori 2019-08-05 19:08:05 PDT

Comment on attachment 375519 [details]
Patch

Clearing flags on attachment: 375519

Committed r248285: <https://trac.webkit.org/changeset/248285>

Comment 7 Fujii Hironori 2019-08-05 19:08:09 PDT

All reviewed patches have been landed.  Closing bug.

Comment 8 Radar WebKit Bug Importer 2019-08-05 19:09:17 PDT

<rdar://problem/53968576>