WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
116964
ASSERTION FAILED: !m_nestedIsolateCount in WebCore::BidiResolver<Iterator, Run>::~BidiResolver()
https://bugs.webkit.org/show_bug.cgi?id=116964
Summary
ASSERTION FAILED: !m_nestedIsolateCount in WebCore::BidiResolver<Iterator, Ru...
Renata Hodovan
Reported
2013-05-29 07:50:14 PDT
You get an assertion failure on the attached test. Note: The test looks like the following: <html> <body> <pre> <a dir="auto"><b dir="auto"></b></a> </pre> </body> </html> If you give a line break before <b> then no assertion happens. Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff575275d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339 339 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff575275d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339 #1 0x00007ffff48ea0e9 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::~BidiResolver (this=0x7fffffff99f0, __in_chrg=<optimized out>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:274 #2 0x00007ffff48db75f in WebCore::constructBidiRunsForSegment (topResolver=..., bidiRuns=..., endOfRuns=..., override=WebCore::NoVisualOverride, previousLineBrokeCleanly=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1356 #3 0x00007ffff48db834 in WebCore::constructBidiRunsForLine (block=0x8a59c8, topResolver=..., bidiRuns=..., endOfLine=..., override=WebCore::NoVisualOverride, previousLineBrokeCleanly=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1367 #4 0x00007ffff48dd626 in WebCore::RenderBlock::layoutRunsAndFloatsInRange (this=0x8a59c8, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1810 #5 0x00007ffff48dc50b in WebCore::RenderBlock::layoutRunsAndFloats (this=0x8a59c8, layoutState=..., hasInlineChild=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1603 #6 0x00007ffff48df53a in WebCore::RenderBlock::layoutInlineChildren (this=0x8a59c8, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2122 #7 0x00007ffff489460c in WebCore::RenderBlock::layoutBlock (this=0x8a59c8, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1643 #8 0x00007ffff4893a6d in WebCore::RenderBlock::layout (this=0x8a59c8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1432 #9 0x00007ffff4898f16 in WebCore::RenderBlock::layoutBlockChild (this=0x8ae378, child=0x8a59c8, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2628 #10 0x00007ffff4898b09 in WebCore::RenderBlock::layoutBlockChildren (this=0x8ae378, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2563
Attachments
Another testcase with <bdi>
(170 bytes, application/xhtml+xml)
2013-07-22 09:26 PDT
,
Frédéric Wang (:fredw)
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2013-07-18 06:02:56 PDT
Here is an other test what produces the same result (assertion failure): <html><embed><var dir="auto"><sub dir="auto"></sub><sub></sub></var></html> And a full backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff577f390 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339 339 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff577f390 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339 #1 0x00007ffff493988d in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::~BidiResolver (this=0x7fffffffa3b0, __in_chrg=<optimized out>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:274 #2 0x00007ffff492a8d6 in WebCore::constructBidiRunsForSegment (topResolver=..., bidiRuns=..., endOfRuns=..., override=WebCore::NoVisualOverride, previousLineBrokeCleanly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1357 #3 0x00007ffff492a9a9 in WebCore::constructBidiRunsForLine (block=0x875be8, topResolver=..., bidiRuns=..., endOfLine=..., override=WebCore::NoVisualOverride, previousLineBrokeCleanly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1370 #4 0x00007ffff492cf04 in WebCore::RenderBlock::layoutRunsAndFloatsInRange (this=0x875be8, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1870 #5 0x00007ffff492b669 in WebCore::RenderBlock::layoutRunsAndFloats (this=0x875be8, layoutState=..., hasInlineChild=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1612 #6 0x00007ffff492ecf7 in WebCore::RenderBlock::layoutInlineChildren (this=0x875be8, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2182 #7 0x00007ffff48e47d0 in WebCore::RenderBlock::layoutBlock (this=0x875be8, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1653 #8 0x00007ffff48e3c35 in WebCore::RenderBlock::layout (this=0x875be8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1428 #9 0x00007ffff48e8e32 in WebCore::RenderBlock::layoutBlockChild (this=0x7411b8, child=0x875be8, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2666 #10 0x00007ffff48e8a54 in WebCore::RenderBlock::layoutBlockChildren (this=0x7411b8, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2601 #11 0x00007ffff48e47f1 in WebCore::RenderBlock::layoutBlock (this=0x7411b8, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1655 #12 0x00007ffff48e3c35 in WebCore::RenderBlock::layout (this=0x7411b8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1428 #13 0x00007ffff48e8e32 in WebCore::RenderBlock::layoutBlockChild (this=0x7efa58, child=0x7411b8, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2666 #14 0x00007ffff48e8a54 in WebCore::RenderBlock::layoutBlockChildren (this=0x7efa58, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2601 #15 0x00007ffff48e47f1 in WebCore::RenderBlock::layoutBlock (this=0x7efa58, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1655 #16 0x00007ffff48e3c35 in WebCore::RenderBlock::layout (this=0x7efa58) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1428 #17 0x00007ffff4a8ccad in WebCore::RenderView::layoutContent (this=0x7efa58, state=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:142 #18 0x00007ffff4a8d9c3 in WebCore::RenderView::layout (this=0x7efa58) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:305 #19 0x00007ffff474d4f3 in WebCore::FrameView::layout (this=0x7717a0, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1318 #20 0x00007ffff429518e in WebCore::Document::implicitClose (this=0x873c90) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2454 #21 0x00007ffff4689ec3 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7ad258) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:843 #22 0x00007ffff4689c2e in WebCore::FrameLoader::checkCompleted (this=0x7ad258) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:786 #23 0x00007ffff468996c in WebCore::FrameLoader::finishedParsing (this=0x7ad258) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:719 ---Type <return> to continue, or q <return> to quit--- #24 0x00007ffff429c03b in WebCore::Document::finishedParsing (this=0x873c90) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4417 #25 0x00007ffff44e8dd3 in WebCore::HTMLConstructionSite::finishedParsing (this=0x770b58) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348 #26 0x00007ffff451a4bf in WebCore::HTMLTreeBuilder::finished (this=0x770b40) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926 #27 0x00007ffff44f0386 in WebCore::HTMLDocumentParser::end (this=0x7676e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:756 #28 0x00007ffff44f0473 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7676e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:767 #29 0x00007ffff44ef0a6 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7676e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #30 0x00007ffff44f04b6 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7676e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:779 #31 0x00007ffff44f056d in WebCore::HTMLDocumentParser::finish (this=0x7676e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:828 #32 0x00007ffff46819b5 in WebCore::DocumentWriter::end (this=0x694320) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #33 0x00007ffff467459e in WebCore::DocumentLoader::finishedLoading (this=0x694280, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402 #34 0x00007ffff467430c in WebCore::DocumentLoader::notifyFinished (this=0x694280, resource=0x7532d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #35 0x00007ffff465b9d8 in WebCore::CachedResource::checkNotify (this=0x7532d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #36 0x00007ffff465baae in WebCore::CachedResource::finishLoading (this=0x7532d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #37 0x00007ffff46581be in WebCore::CachedRawResource::finishLoading (this=0x7532d0, data=0x7a4320) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #38 0x00007ffff46bda4a in WebCore::SubresourceLoader::didFinishLoading (this=0x752ed0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #39 0x00007ffff46b43d7 in WebCore::ResourceLoader::didFinishLoading (this=0x752ed0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #40 0x00007ffff4b4179c in WebCore::QNetworkReplyHandler::finish (this=0x7724c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #41 0x00007ffff4b40462 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7724f8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #42 0x00007ffff4b4018a in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7724f8, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4b415de <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #43 0x00007ffff4b410e8 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x750420) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #44 0x00007ffff4b43aaa in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x750420, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 ---Type <return> to continue, or q <return> to quit--- #45 0x00007ffff231e5cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #46 0x00007ffff231f84e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #47 0x00007ffff3165dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #48 0x00007ffff3169075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #49 0x00007ffff22f9dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #50 0x00007ffff22fba76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #51 0x00007ffff2341333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #52 0x00007fffee4840a6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3058 #53 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3634 #54 0x00007fffee4843f8 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3705 #55 0x00007fffee48449c in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3766 #56 0x00007ffff23414bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #57 0x00007ffff22f8d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #58 0x00007ffff22fc120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #59 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #60 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Frédéric Wang (:fredw)
Comment 2
2013-07-22 09:26:27 PDT
Created
attachment 207252
[details]
Another testcase with <bdi>
Renata Hodovan
Comment 3
2013-08-13 09:07:06 PDT
This bug is probably related to:
https://bugs.webkit.org/show_bug.cgi?id=119753
Renata Hodovan
Comment 4
2014-09-08 02:41:51 PDT
I cannot reproduce this issue anymore.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug