Bug 200340

Summary: [Win] Specifying huge font-size causes crashing
Product: WebKit Reporter: Fujii Hironori <fujii.hironori>
Component: PlatformAssignee: Fujii Hironori <fujii.hironori>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, don.olmstead, ews-watchlist, mmaxfield, pvollan, ross.kirsling, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=196463
Attachments:
Description Flags
test case (font-size:1500)
none
WIP patch
none
float-append-child-crash-crash-log.txt
none
Patch none

Fujii Hironori
Reported 2019-08-01 02:16:06 PDT
[WinCairo] Specifying huge font-size causes crashing In Debug build, an assertion fails. "Bitmap fonts not supported with CoreGraphics." Callstack: > WTF.dll!WTFCrash() Line 305 C++ > WebKit.dll!WebCore::FontPlatformData::FontPlatformData(WTF::GDIObject<HFONT__ *> font, float size, bool bold, bool oblique, bool useGDI) Line 57 C++ > [External Code] > WebKit.dll!WebCore::FontCache::createFontPlatformData(const WebCore::FontDescription & fontDescription, const WTF::AtomString & family, const WebCore::FontTaggedSettings<int> *, const WebCore::FontVariantSettings *, WebCore::FontSelectionSpecifiedCapabilities) Line 652 C++ > WebKit.dll!WebCore::FontCache::getCachedFontPlatformData(const WebCore::FontDescription & fontDescription, const WTF::AtomString & passedFamilyName, const WebCore::FontTaggedSettings<int> * fontFaceFeatures, const WebCore::FontVariantSettings * fontFaceVariantSettings, WebCore::FontSelectionSpecifiedCapabilities fontFaceCapabilities, bool checkingAlternateName) Line 234 C++ > WebKit.dll!WebCore::FontCache::fontForFamily(const WebCore::FontDescription & fontDescription, const WTF::AtomString & family, const WebCore::FontTaggedSettings<int> * fontFaceFeatures, const WebCore::FontVariantSettings * fontFaceVariantSettings, WebCore::FontSelectionSpecifiedCapabilities fontFaceCapabilities, bool checkingAlternateName) Line 328 C++ > WebKit.dll!WebCore::CSSFontSelector::fontRangesForFamily(const WebCore::FontDescription & fontDescription, const WTF::AtomString & familyName) Line 344 C++ > WebKit.dll!WebCore::realizeNextFallback::<unnamed-tag>::operator()(const WTF::AtomString & family) Line 147 C++ > WebKit.dll!WTF::__visit_helper<0,WTF::__index_sequence<0> >::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> >(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1901 C++ > WebKit.dll!WTF::__visit_helper2<0,1>::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1936 C++ > WebKit.dll!WTF::__visit_helper2<1,1>::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1936 C++ > WebKit.dll!WTF::__visit_helper<1,WTF::__index_sequence<> >::__visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'>,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1975 C++ > WebKit.dll!WTF::visit<WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> &,const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> &>(WTF::Visitor<`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:143:41',`lambda at ..\..\Source\WebCore\platform/graphics/FontCascadeFonts.cpp:154:12'> & __visitor, const WTF::Variant<WTF::AtomString,WebCore::FontFamilySpecificationNull> & __v) Line 1987 C++ > WebKit.dll!WebCore::realizeNextFallback(const WebCore::FontCascadeDescription & description, unsigned int & index, WebCore::FontSelector * fontSelector) Line 158 C++ > WebKit.dll!WebCore::FontCascadeFonts::realizeFallbackRangesAt(const WebCore::FontCascadeDescription & description, unsigned int index) Line 184 C++ > WebKit.dll!WebCore::FontCascadeFonts::primaryFont(const WebCore::FontCascadeDescription & description) Line 128 C++ > WebKit.dll!WebCore::FontCascade::primaryFont() Line 337 C++ > WebKit.dll!WebCore::SimpleLineLayout::canUseForFontAndText(const WebCore::RenderBlockFlow & flow, WebCore::SimpleLineLayout::IncludeReasons includeReasons) Line 162 C++ > WebKit.dll!WebCore::SimpleLineLayout::canUseForWithReason(const WebCore::RenderBlockFlow & flow, WebCore::SimpleLineLayout::IncludeReasons includeReasons) Line 347 C++ > WebKit.dll!WebCore::SimpleLineLayout::canUseFor(const WebCore::RenderBlockFlow & flow) Line 355 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, WebCore::LayoutUnit & repaintLogicalBottom) Line 669 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 508 C++ > WebKit.dll!WebCore::RenderBlock::layout() Line 603 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 738 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 637 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 511 C++ > WebKit.dll!WebCore::RenderBlock::layout() Line 603 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 738 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 637 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 511 C++ > WebKit.dll!WebCore::RenderBlock::layout() Line 603 C++ > WebKit.dll!WebCore::RenderView::layout() Line 186 C++ > WebKit.dll!WebCore::FrameViewLayoutContext::layout() Line 217 C++ > WebKit.dll!WebCore::Document::implicitClose() Line 3009 C++ > WebKit.dll!WebCore::FrameLoader::checkCallImplicitClose() Line 959 C++ > WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 899 C++ > WebKit.dll!WebCore::FrameLoader::finishedParsing() Line 788 C++ > WebKit.dll!WebCore::Document::finishedParsing() Line 5691 C++ > WebKit.dll!WebCore::HTMLConstructionSite::finishedParsing() Line 420 C++ > WebKit.dll!WebCore::HTMLTreeBuilder::finished() Line 2845 C++ > WebKit.dll!WebCore::HTMLDocumentParser::end() Line 429 C++ > WebKit.dll!WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() Line 438 C++ > WebKit.dll!WebCore::HTMLDocumentParser::prepareToStopParsing() Line 143 C++ > WebKit.dll!WebCore::HTMLDocumentParser::attemptToEnd() Line 450 C++ > WebKit.dll!WebCore::HTMLDocumentParser::finish() Line 478 C++ > WebKit.dll!WebCore::DocumentWriter::end() Line 276 C++ > WebKit.dll!WebCore::DocumentLoader::finishedLoading() Line 445 C++ > WebKit.dll!WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource & resource) Line 393 C++ > WebKit.dll!WebCore::CachedResource::checkNotify() Line 351 C++ > WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::SharedBuffer *) Line 369 C++ > WebKit.dll!WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer * data) Line 121 C++ > WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(const WebCore::NetworkLoadMetrics & networkLoadMetrics) Line 661 C++ > WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle *) Line 706 C++ > WebKit.dll!WebCore::CurlResourceHandleDelegate::curlDidComplete(WebCore::CurlRequest &, WebCore::NetworkLoadMetrics &&) Line 166 C++ > WebKit.dll!WebCore::CurlRequest::didCompleteTransfer::<unnamed-tag>::operator()(WebCore::CurlRequest & request, WebCore::CurlRequestClient & client) Line 462 C++ > WebKit.dll!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebCore\platform\network\curl\CurlRequest.cpp:458:20',void,WebCore::CurlRequest &,WebCore::CurlRequestClient &>::call(WebCore::CurlRequest & in, WebCore::CurlRequestClient & in) Line 52 C++ > WebKit.dll!WTF::Function<void (WebCore::CurlRequest &, WebCore::CurlRequestClient &)>::operator()(WebCore::CurlRequest & in, WebCore::CurlRequestClient & in) Line 79 C++ > WebKit.dll!WebCore::CurlRequest::callClient::<unnamed-tag>::operator()() Line 181 C++ > WebKit.dll!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebCore\platform\network\curl\CurlRequest.cpp:179:21',void>::call() Line 52 C++ > WTF.dll!WTF::Function<void ()>::operator()() Line 79 C++ > WTF.dll!WTF::dispatchFunctionsFromMainThread() Line 114 C++ > WTF.dll!WTF::ThreadingWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 48 C++ > [External Code] > WebKit.dll!WebKitMessageLoop::run(HACCEL__ * hAccelTable) Line 94 C++ > MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 97 C++ > MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 115 C++ > MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 232 C++ > [External Code]
Attachments
test case (font-size:1500) (53 bytes, text/html)
2019-08-01 02:16 PDT, Fujii Hironori 		no flags
Details
WIP patch (1.83 KB, patch)
2019-08-02 01:22 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
float-append-child-crash-crash-log.txt (54.62 KB, text/plain)
2019-08-04 21:17 PDT, Fujii Hironori 		no flags
Details
Patch (5.48 KB, patch)
2019-08-04 21:24 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2019-08-01 02:16:20 PDT
Created attachment 375295 [details] test case (font-size:1500)
Fujii Hironori
Comment 2 2019-08-01 02:57:46 PDT
The following LayoutTests are crashing with the same callstack: fast/block/float/float-append-child-crash.html fast/multicol/assert-on-column-count-when-zoomed-in.html fast/scrolling/adjust-scroll-offset-on-zoom.html fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash.html fast/text/combining-mark-paint.html fast/text/international/spaces-combined-in-vertical-text.html
Fujii Hironori
Comment 3 2019-08-02 01:22:20 PDT
Created attachment 375401 [details] WIP patch
Fujii Hironori
Comment 4 2019-08-04 21:17:52 PDT
Created attachment 375518 [details] float-append-child-crash-crash-log.txt In Relese build, the crash happens in FontCache::lastResortFallbackFont. Callstack: > WebKit2!WTF::RefCountedBase::ref [C:\webkit\gc\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 46] > WebKit2!WTF::Ref<WebCore::Font,WTF::DumbPtrTraits<WebCore::Font> >::Ref+0x7 [C:\webkit\gc\WebKitBuild\Release\WTF\Headers\wtf\Ref.h @ 66] > WebKit2!WebCore::FontCache::lastResortFallbackFont(class WebCore::FontDescription * fontDescription = 0x000001ff`e98f5cc0)+0x4fc [C:\webkit\gc\Source\WebCore\platform\graphics\win\FontCacheWin.cpp @ 398] > WebKit2!WebCore::FontCascadeFonts::realizeFallbackRangesAt(class WebCore::FontCascadeDescription * description = 0x000001ff`e98f5cc0, unsigned int index = <Value unavailable error>)+0x571 [C:\webkit\gc\Source\WebCore\platform\graphics\FontCascadeFonts.cpp @ 188] > WebKit2!WebCore::FontCascadeFonts::primaryFont(class WebCore::FontCascadeDescription * description = 0x000001ff`e98f5cc0)+0x37 [C:\webkit\gc\WebKitBuild\Release\WebCore\PrivateHeaders\WebCore\FontCascadeFonts.h @ 128] > WebKit2!WebCore::FontCascade::primaryFont+0xd [C:\webkit\gc\Source\WebCore\platform\graphics\FontCascade.h @ 337] > WebKit2!WebCore::SimpleLineLayout::canUseForFontAndText+0x18 [C:\webkit\gc\Source\WebCore\rendering\SimpleLineLayout.cpp @ 162] > WebKit2!WebCore::SimpleLineLayout::canUseForWithReason(class WebCore::RenderBlockFlow * flow = 0x000001ff`e9c2be40, WebCore::SimpleLineLayout::IncludeReasons includeReasons = First (0n0))+0x9bb [C:\webkit\gc\Source\WebCore\rendering\SimpleLineLayout.cpp @ 347] > WebKit2!WebCore::SimpleLineLayout::canUseFor(class WebCore::RenderBlockFlow * flow = 0xe43796b5`a6f60000)+0xb [C:\webkit\gc\Source\WebCore\rendering\SimpleLineLayout.cpp @ 355] > WebKit2!WebCore::RenderBlockFlow::layoutInlineChildren(class WebCore::LayoutUnit * repaintLogicalTop = 0x000000bb`1c7cd770, class WebCore::LayoutUnit * repaintLogicalBottom = 0x000000bb`1c7cd768)+0x28 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 669] > WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x35f [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 511] > WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e9c2be40, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`00208894, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7cd9c8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cda70)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cda70)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637] > WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510] > WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e9c2bae0, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`00008a94, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7cdcd8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cdd80)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7cdd80)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637] > WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510] > WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e7868e40, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`00088894, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7cdfe8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce090)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce090)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637] > WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510] > WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChild(class WebCore::RenderBox * child = 0x000001ff`e7868780, class WebCore::RenderBlockFlow::MarginInfo * marginInfo = 0x000000bb`40018894, class WebCore::LayoutUnit * previousFloatLogicalBottom = 0x000000bb`1c7ce2f8, class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce3a0)+0x481 [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 738] > WebKit2!WebCore::RenderBlockFlow::layoutBlockChildren(class WebCore::LayoutUnit * maxFloatLogicalBottom = 0x000000bb`1c7ce3a0)+0x1ef [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 637] > WebKit2!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren = <Value unavailable error>, class WebCore::LayoutUnit pageLogicalHeight = class WebCore::LayoutUnit)+0x34b [C:\webkit\gc\Source\WebCore\rendering\RenderBlockFlow.cpp @ 510] > WebKit2!WebCore::RenderBlock::layout(void)+0x36 [C:\webkit\gc\Source\WebCore\rendering\RenderBlock.cpp @ 603] > WebKit2!WebCore::RenderView::layout(void)+0x350 [C:\webkit\gc\Source\WebCore\rendering\RenderView.cpp @ 191] > WebKit2!WebCore::FrameViewLayoutContext::layout(void)+0x48a [C:\webkit\gc\Source\WebCore\page\FrameViewLayoutContext.cpp @ 221] > WebKit2!WebCore::Document::updateLayout(void)+0xf0 [C:\webkit\gc\Source\WebCore\dom\Document.cpp @ 2080] > WebKit2!WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks runPostLayoutTasks = Asynchronously (0n0))+0x56 [C:\webkit\gc\Source\WebCore\dom\Document.cpp @ 2095] > WebKit2!WebCore::Element::offsetTop+0xf [C:\webkit\gc\Source\WebCore\dom\Element.cpp @ 1078] > WebKit2!WebCore::Element::offsetTopForBindings(void)+0x3b [C:\webkit\gc\Source\WebCore\dom\Element.cpp @ 1057] > WebKit2!WebCore::jsHTMLElementOffsetTopGetter+0x9 [C:\webkit\gc\WebKitBuild\Release\WebCore\DerivedSources\JSHTMLElement.cpp @ 1046] > WebKit2!WebCore::IDLAttribute<WebCore::JSHTMLElement>::get+0x9 [C:\webkit\gc\Source\WebCore\bindings\js\JSDOMAttribute.h @ 69] > WebKit2!WebCore::jsHTMLElementOffsetTop(class JSC::ExecState * state = <Value unavailable error>, int64 thisValue = <Value unavailable error>)+0x13 [C:\webkit\gc\WebKitBuild\Release\WebCore\DerivedSources\JSHTMLElement.cpp @ 1052] > JavaScriptCore!JSC::PropertySlot::customGetter(class JSC::ExecState * exec = <Value unavailable error>, class JSC::PropertyName propertyName = <Value unavailable error>)+0x96 [C:\webkit\gc\Source\JavaScriptCore\runtime\PropertySlot.cpp @ 50] > JavaScriptCore!JSC::PropertySlot::getValue+0x194 [C:\webkit\gc\Source\JavaScriptCore\runtime\PropertySlot.h @ 414] > JavaScriptCore!JSC::JSValue::get+0x9ee [C:\webkit\gc\Source\JavaScriptCore\runtime\JSCJSValueInlines.h @ 873] > JavaScriptCore!llint_slow_path_get_by_id(class JSC::ExecState * exec = 0x000000bb`1c7cea30, struct JSC::Instruction * pc = 0x000001ff`e992793a)+0xba4 [C:\webkit\gc\Source\JavaScriptCore\llint\LLIntSlowPaths.cpp @ 762] > JavaScriptCore!llint_entry+0xa166 > 0x1
Fujii Hironori
Comment 5 2019-08-04 21:24:43 PDT
Created attachment 375519 [details] Patch
Fujii Hironori
Comment 6 2019-08-05 19:08:05 PDT
Comment on attachment 375519 [details] Patch Clearing flags on attachment: 375519 Committed r248285: <https://trac.webkit.org/changeset/248285>
Fujii Hironori
Comment 7 2019-08-05 19:08:09 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2019-08-05 19:09:17 PDT
<rdar://problem/53968576>
Note You need to log in before you can comment on or make changes to this bug.