Bug 69000

Summary: [GTK] fast/borders/inline-mask-overlay-image-outset-vertical-rl.html crashes in 64-bits Debug
Product: WebKit Reporter: Philippe Normand <pnormand>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: hyatt, macpherson, mrobinson
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Philippe Normand 2011-09-28 06:35:50 PDT
#0  0x00002b7fe4c88764 in WebCore::CSSPrimitiveValue::CSSPrimitiveValue (this=0x2f722ee0, num=-nan(0xfff2600000100), type=WebCore::CSSPrimitiveValue::CSS_IDENT) at ../../Source/WebCore/css/CSSPrimitiveValue.cpp:184
184	    ASSERT(isfinite(num));

Thread 1 (Thread 0x2b7ff2800e40 (LWP 32139)):
#0  0x00002b7fe4c88764 in WebCore::CSSPrimitiveValue::CSSPrimitiveValue (this=0x2f722ee0, num=-nan(0xfff2600000100), type=WebCore::CSSPrimitiveValue::CSS_IDENT) at ../../Source/WebCore/css/CSSPrimitiveValue.cpp:184
#1  0x00002b7fe4c0b85f in WebCore::CSSPrimitiveValue::create (value=-nan(0xfff2600000100), type=WebCore::CSSPrimitiveValue::CSS_IDENT) at ../../Source/WebCore/css/CSSPrimitiveValue.h:127
#2  0x00002b7fe4c8fbcd in WebCore::CSSPrimitiveValueCache::createValue (this=0x2f70efe0, value=-nan(0xfff2600000100), type=WebCore::CSSPrimitiveValue::CSS_IDENT) at ../../Source/WebCore/css/CSSPrimitiveValueCache.cpp:90
#3  0x00002b7fe4c73a83 in WebCore::BorderImageQuadParseContext::commitBorderImageQuad (this=0x7fff581b5080) at ../../Source/WebCore/css/CSSParser.cpp:5490
#4  0x00002b7fe4c66a36 in WebCore::CSSParser::parseBorderImageQuad (this=0x7fff581b7e60, validUnits=525, result=...) at ../../Source/WebCore/css/CSSParser.cpp:5544
#5  0x00002b7fe4c66ac1 in WebCore::CSSParser::parseBorderImageWidth (this=0x7fff581b7e60, result=...) at ../../Source/WebCore/css/CSSParser.cpp:5552
#6  0x00002b7fe4c6630c in WebCore::CSSParser::parseBorderImage (this=0x7fff581b7e60, propId=1244, result=...) at ../../Source/WebCore/css/CSSParser.cpp:5271
#7  0x00002b7fe4c56908 in WebCore::CSSParser::parseValue (this=0x7fff581b7e60, propId=1244, important=false) at ../../Source/WebCore/css/CSSParser.cpp:1445
#8  0x00002b7fe56e1933 in cssyyparse (parser=0x7fff581b7e60) at ../../Source/WebCore/css/CSSGrammar.y:1277
#9  0x00002b7fe4c52ee0 in WebCore::CSSParser::parseSheet (this=0x7fff581b7e60, sheet=0x2f72b3e0, string="\n.inlineTest {\n\tfont-size:24px;\n\t background-color:grey;\n         -webkit-mask-box-image: url(resources/mask.png) 75 / auto / 10px;\n    padding:75px 10px;\n    line-height:3\n}\n", startLineNumber=1, ruleRangeMap=0x0) at ../../Source/WebCore/css/CSSParser.cpp:269
#10 0x00002b7fe4d0299e in WebCore::CSSStyleSheet::parseStringAtLine (this=0x2f72b3e0, string="\n.inlineTest {\n\tfont-size:24px;\n\t background-color:grey;\n         -webkit-mask-box-image: url(resources/mask.png) 75 / auto / 10px;\n    padding:75px 10px;\n    line-height:3\n}\n", strict=false, startLineNumber=1) at ../../Source/WebCore/css/CSSStyleSheet.cpp:204
#11 0x00002b7fe4e1d6c7 in WebCore::StyleElement::createSheet (this=0x2f6e5530, e=0x2f6e54b0, startLineNumber=1, text="\n.inlineTest {\n\tfont-size:24px;\n\t background-color:grey;\n         -webkit-mask-box-image: url(resources/mask.png) 75 / auto / 10px;\n    padding:75px 10px;\n    line-height:3\n}\n") at ../../Source/WebCore/dom/StyleElement.cpp:163
#12 0x00002b7fe4e1d2db in WebCore::StyleElement::process (this=0x2f6e5530, e=0x2f6e54b0) at ../../Source/WebCore/dom/StyleElement.cpp:139
#13 0x00002b7fe4e1d060 in WebCore::StyleElement::finishParsingChildren (this=0x2f6e5530, element=0x2f6e54b0) at ../../Source/WebCore/dom/StyleElement.cpp:109
#14 0x00002b7fe4f6886b in WebCore::HTMLStyleElement::finishParsingChildren (this=0x2f6e54b0) at ../../Source/WebCore/html/HTMLStyleElement.cpp:65
#15 0x00002b7fe4f927fa in WebCore::HTMLElementStack::popCommon (this=0x2f629098) at ../../Source/WebCore/html/parser/HTMLElementStack.cpp:570
#16 0x00002b7fe4f910ac in WebCore::HTMLElementStack::pop (this=0x2f629098) at ../../Source/WebCore/html/parser/HTMLElementStack.cpp:221
#17 0x00002b7fe4fb4f45 in WebCore::HTMLTreeBuilder::processEndTag (this=0x2f629050, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2237
#18 0x00002b7fe4faa842 in WebCore::HTMLTreeBuilder::processToken (this=0x2f629050, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:484
#19 0x00002b7fe4faa6da in WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken (this=0x2f629050, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:462
#20 0x00002b7fe4faa631 in WebCore::HTMLTreeBuilder::constructTreeFromToken (this=0x2f629050, rawToken=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:452
#21 0x00002b7fe4f8ce35 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x2f6ff2e0, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:278
#22 0x00002b7fe4f8c838 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x2f6ff2e0, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:177
#23 0x00002b7fe4f8d438 in WebCore::HTMLDocumentParser::append (this=0x2f6ff2e0, source=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:370
#24 0x00002b7fe4d3ec6a in WebCore::DecodedDataDocumentParser::flush (this=0x2f6ff2e0, writer=0x2f6af5d0) at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#25 0x00002b7fe50d6a29 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x2f6af5d0) at ../../Source/WebCore/loader/DocumentWriter.cpp:232
#26 0x00002b7fe50d6973 in WebCore::DocumentWriter::end (this=0x2f6af5d0) at ../../Source/WebCore/loader/DocumentWriter.cpp:214
#27 0x00002b7fe50caa23 in WebCore::DocumentLoader::finishedLoading (this=0x2f6af4b0) at ../../Source/WebCore/loader/DocumentLoader.cpp:284
#28 0x00002b7fe50e23f3 in WebCore::FrameLoader::finishedLoading (this=0x163f438) at ../../Source/WebCore/loader/FrameLoader.cpp:2084
#29 0x00002b7fe51171d8 in WebCore::MainResourceLoader::didFinishLoading (this=0x2f614020, finishTime=0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:476
#30 0x00002b7fe5123ded in WebCore::ResourceLoader::didFinishLoading (this=0x2f614020, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:457
#31 0x00002b7fe52b97f2 in WebCore::readCallback (source=0xa9356a0, asyncResult=0xa935640, data=0x0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:781
#32 0x00002b7fe9198b59 in async_ready_callback_wrapper (source_object=0xa9356a0, res=0xa935640, user_data=0x0) at /tmp/buildd/glib2.0-2.28.6/./gio/ginputstream.c:470
#33 0x00002b7fe91a8a68 in complete_in_idle_cb_for_thread (_data=0x2f733170) at /tmp/buildd/glib2.0-2.28.6/./gio/gsimpleasyncresult.c:812
#34 0x00002b7fe9d154a3 in g_main_dispatch (context=0x159af00) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:2440
#35 g_main_context_dispatch (context=0x159af00) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3013
#36 0x00002b7fe9d15c80 in g_main_context_iterate (context=0x159af00, block=1, dispatch=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3091
#37 0x00002b7fe9d162f2 in g_main_loop_run (loop=0x2f2cddb0) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3299
#38 0x00002b7fe7ac34cd in gtk_main () from /usr/lib/libgtk-3.so.0
#39 0x000000000042f7c9 in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:710
#40 0x000000000042ee01 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:502
#41 0x000000000043113c in main (argc=2, argv=0x7fff581b9418) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1205
Comment 1 Philippe Normand 2011-09-28 06:47:28 PDT
Hi Luke, I think this crash might be related with http://trac.webkit.org/changeset/96192 ... What do you think?
Comment 2 Luke Macpherson 2011-09-28 15:24:58 PDT
Seems extremely unlikely to me that http://trac.webkit.org/changeset/96192 could have caused a bug. If those values were referenced anywhere before their new position it would cause a compile error.
Comment 3 Martin Robinson 2011-09-28 15:29:04 PDT
Is this a flaky assertion failure or does it happen all the time?
Comment 4 Philippe Normand 2011-09-29 00:00:12 PDT
(In reply to comment #3)
> Is this a flaky assertion failure or does it happen all the time?

Consistent failure
Comment 5 Philippe Normand 2011-11-18 06:50:23 PST

*** This bug has been marked as a duplicate of bug 69933 ***