The following test crash on Qt after r135025. In this revision the test was marked as Skip on mac debug in the test expectation refer to the webkit.org/b/67434 bug. Because this 67434 is a security bug we can't decide what we should do with this assertion. Could someone who has the permission to check the security bugs have a look at it?
GDB backtrace: $ gdb WebKitBuild/Debug/bin/DumpRenderTree GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree...done. (gdb) run LayoutTests/fast/block/float/overhanging-tall-block.html Starting program: /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree LayoutTests/fast/block/float/overhanging-tall-block.html [Thread debugging using libthread_db enabled] [New Thread 0x7fffa20da700 (LWP 29431)] [Thread 0x7fffa20da700 (LWP 29431) exited] [New Thread 0x7fffa20da700 (LWP 29432)] [New Thread 0x7fffa1351700 (LWP 29433)] ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result) /home/oszi/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp(116) : WebCore::FloatPoint WebCore::RenderGeometryMap::mapToContainer(const WebCore::FloatPoint&, const WebCore::RenderLayerModelObject*) const 1 0x7ffff4b4b538 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(_ZNK7WebCore17RenderGeometryMap14mapToContainerERKNS_10FloatPointEPKNS_22RenderLayerModelObjectE+0x224) [0x7ffff4b4b538] 2 0x7ffff4b5fa0a /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(_ZNK7WebCore17RenderGeometryMap13absolutePointERKNS_10FloatPointE+0x28) [0x7ffff4b5fa0a] 3 0x7ffff4b617a2 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(_ZN7WebCore11RenderLayer20updateLayerPositionsEPNS_17RenderGeometryMapEj+0xc0) [0x7ffff4b617a2] 4 0x7ffff4b61c3d /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(_ZN7WebCore11RenderLayer20updateLayerPositionsEPNS_17RenderGeometryMapEj+0x55b) [0x7ffff4b61c3d] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4b4b542 in WebCore::RenderGeometryMap::mapToContainer (this=0x7fffffffabd0, p=..., container=0x0) at /home/oszi/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp:116 116 ASSERT(roundedIntPoint(rendererMappedResult) == roundedIntPoint(result)); (gdb) bt #0 0x00007ffff4b4b542 in WebCore::RenderGeometryMap::mapToContainer (this=0x7fffffffabd0, p=..., container=0x0) at /home/oszi/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp:116 #1 0x00007ffff4b5fa0a in WebCore::RenderGeometryMap::absolutePoint (this=0x7fffffffabd0, p=...) at /home/oszi/WebKit/Source/WebCore/rendering/RenderGeometryMap.h:84 #2 0x00007ffff4b617a2 in WebCore::RenderLayer::updateLayerPositions (this=0x7619a8, geometryMap=0x7fffffffabd0, flags=6) at /home/oszi/WebKit/Source/WebCore/rendering/RenderLayer.cpp:359 #3 0x00007ffff4b61c3d in WebCore::RenderLayer::updateLayerPositions (this=0x75e6e8, geometryMap=0x7fffffffabd0, flags=6) at /home/oszi/WebKit/Source/WebCore/rendering/RenderLayer.cpp:420 #4 0x00007ffff4b61c3d in WebCore::RenderLayer::updateLayerPositions (this=0x7539f8, geometryMap=0x7fffffffabd0, flags=6) at /home/oszi/WebKit/Source/WebCore/rendering/RenderLayer.cpp:420 #5 0x00007ffff4b616d1 in WebCore::RenderLayer::updateLayerPositionsAfterLayout (this=0x7539f8, rootLayer=0x7539f8, flags=6) at /home/oszi/WebKit/Source/WebCore/rendering/RenderLayer.cpp:345 #6 0x00007ffff48a5677 in WebCore::FrameView::layout (this=0x6bf7b0, allowSubtree=true) at /home/oszi/WebKit/Source/WebCore/page/FrameView.cpp:1220 #7 0x00007ffff431e2bd in WebCore::Document::updateLayout (this=0x75a6e0) at /home/oszi/WebKit/Source/WebCore/dom/Document.cpp:1933 #8 0x00007ffff431e38f in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x75a6e0) at /home/oszi/WebKit/Source/WebCore/dom/Document.cpp:1965 #9 0x00007ffff438971f in WebCore::Element::offsetTop (this=0x75fb30) at /home/oszi/WebKit/Source/WebCore/dom/Element.cpp:428 #10 0x00007ffff514e9b1 in WebCore::jsElementOffsetTop (exec=0x7fffa1488058, slotBase=...) at generated/JSElement.cpp:308 #11 0x00007ffff73e4a61 in JSC::PropertySlot::getValue (this=0x7fffffffb3a0, exec=0x7fffa1488058, propertyName=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/PropertySlot.h:76 #12 0x00007ffff40777f8 in JSC::JSValue::get (this=0x7fffffffb3f0, exec=0x7fffa1488058, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1465 #13 0x00007ffff0a76228 in llint_slow_path_get_by_id (exec=0x7fffa1488058, pc=0x78c978) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:917 #14 0x00007ffff0a7fb62 in llint_op_get_by_id () from /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1 #15 0x0000000000e18870 in ?? () #16 0x0000000000000000 in ?? ()
If it is a dup of bug67434, please add 79668 to the block list of 67434, and close this bug as duplicate of 67434. Thanks in advance.
I skipped it on Qt by r135153. Please unskip it with the proper fix.
You're hitting an assertion. It's not the same as bug 67434.
=== Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.