Bug 64844
| Summary: | REGRESSION(r91283-r91286): Assertion failure in makeCounterNode | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> |
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | hayato, hyatt, macpherson, mihnea, simon.fraser |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Ryosuke Niwa
According to the flakiness dashboard,
http://test-results.appspot.com/dashboards/flakiness_dashboard.html#showExpectations=true&tests=svg%2Fcustom%2Fcrash-textPath-attributes.html
svg/custom/crash-textPath-attributes.html started hitting an assertion on Chromium Windows and Linux between r91283 and r91286.
Suspicious changesets are http://trac.webkit.org/changeset/91285/ and http://trac.webkit.org/changeset/91286/.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ryosuke Niwa
Here's stack trace on Chromium Windows:
WebCore::makeCounterNode [0x01021F67+807] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\rendercounter.cpp:443)
WebCore::RenderCounter::originalText [0x0102195D+189] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\rendercounter.cpp:493)
WebCore::RenderCounter::computePreferredLogicalWidths [0x01022FBE+46] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\rendercounter.cpp:516)
WebCore::dirtyLineBoxesForRenderer [0x00FE714F+143] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblocklinelayout.cpp:236)
WebCore::RenderBlock::layoutInlineChildren [0x00FE6C59+937] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblocklinelayout.cpp:1213)
WebCore::RenderBlock::layoutBlock [0x00FAB2D8+1080] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1262)
WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159)
WebCore::RenderBlock::layoutBlockChild [0x00FAECAD+637] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:2002)
WebCore::RenderBlock::layoutBlockChildren [0x00FAE97F+815] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1941)
WebCore::RenderBlock::layoutBlock [0x00FAB2EE+1102] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1266)
WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159)
WebCore::RenderBlock::layoutBlockChild [0x00FAECAD+637] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:2002)
WebCore::RenderBlock::layoutBlockChildren [0x00FAE97F+815] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1941)
WebCore::RenderBlock::layoutBlock [0x00FAB2EE+1102] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1266)
WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159)
WebCore::RenderBlock::layoutBlockChild [0x00FAECAD+637] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:2002)
WebCore::RenderBlock::layoutBlockChildren [0x00FAE97F+815] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1941)
WebCore::RenderBlock::layoutBlock [0x00FAB2EE+1102] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1266)
WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159)
WebCore::RenderView::layout [0x00F28006+502] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderview.cpp:132)
WebCore::FrameView::layout [0x0112D0BB+2347] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\page\frameview.cpp:1014)
WebCore::Document::updateLayout [0x017A6D41+209] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\dom\document.cpp:1615)
WebCore::Document::updateLayoutIgnorePendingStylesheets [0x017A6E02+178]
Ryosuke Niwa
Actually, this assertion is hit on Chromium Mac as well.
Mihnea Ovidenie
(In reply to comment #2)
> Actually, this assertion is hit on Chromium Mac as well.
I am taking a look at it. Changelist 91286 is CSS_REGIONS specific and i doubt it may cause such an assertion.
Ryosuke Niwa
(In reply to comment #3)
> I am taking a look at it. Changelist 91286 is CSS_REGIONS specific and i doubt it may cause such an assertion.
So maybe http://trac.webkit.org/changeset/91285/ ?
There's also http://trac.webkit.org/changeset/91283/ but I highly doubt that this change can cause a crash. +smfr, +macpherson just in case.
Luke Macpherson
I doubt it's 91283.
I submitted 91336 recently which could be related, but it's outside the range you're looking at.
Mihnea Ovidenie
The assertion is caused by http://trac.webkit.org/changeset/91285. Have to look more at it.
Ryosuke Niwa
r91285 was rolled out in http://trac.webkit.org/changeset/91349.