Bug 117977 - ASSERTION FAILED: !m_normalFlowListDirty in WebCore::RenderLayer::normalFlowList
Summary: ASSERTION FAILED: !m_normalFlowListDirty in WebCore::RenderLayer::normalFlowList
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
: 110441 (view as bug list)
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2013-06-25 02:46 PDT by Renata Hodovan
Modified: 2014-09-08 05:38 PDT (History)
3 users (show)

See Also:

Attachments
Test case (225 bytes, text/html)
2013-06-25 02:47 PDT, Renata Hodovan 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2013-06-25 02:46:02 PDT 
If you save the following svg as html (or just download the attachment) you will get the above assertion failure:


<svg xmlns="http://www.w3.org/1999/xhtml">
    <div style="-webkit-flow-into: foo">
         <input lang="foo">
    </div>
    <progress style="-webkit-backface-visibility: hidden;"></progress>
    <marquee></marquee>
</svg>


Backtrace:


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5760ba5 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
339	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5760ba5 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff3ce7b48 in WebCore::RenderLayer::normalFlowList (this=0x8a3a38) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.h:532
#2  0x00007ffff49c05b8 in WebCore::RenderLayerCompositor::updateLayerTreeGeometry (this=0x74a760, layer=0x8a3a38, depth=2)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayerCompositor.cpp:1457
#3  0x00007ffff49c0610 in WebCore::RenderLayerCompositor::updateLayerTreeGeometry (this=0x74a760, layer=0x89e288, depth=1)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayerCompositor.cpp:1460
#4  0x00007ffff49c069e in WebCore::RenderLayerCompositor::updateLayerTreeGeometry (this=0x74a760, layer=0x752ce8, depth=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayerCompositor.cpp:1467
#5  0x00007ffff49bd474 in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x74a760, updateType=WebCore::CompositingUpdateOnScroll, 
    updateRoot=0x752ce8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayerCompositor.cpp:580
#6  0x00007ffff4992d22 in WebCore::RenderLayer::updateCompositingLayersAfterScroll (this=0x8c3c38)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:2388
#7  0x00007ffff4991d26 in WebCore::RenderLayer::scrollTo (this=0x8c3c38, x=-762, y=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:2232
#8  0x00007ffff49943e1 in WebCore::RenderLayer::setScrollOffset (this=0x8c3c38, offset=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:2563
#9  0x00007ffff48131dc in WebCore::ScrollableArea::scrollPositionChanged (this=0x8c3c38, position=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollableArea.cpp:145
#10 0x00007ffff48134c9 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x8c3c38, offset=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollableArea.cpp:190
#11 0x00007ffff4814ef1 in WebCore::ScrollAnimator::notifyPositionChanged (this=0x8c5b40, delta=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollAnimator.cpp:142
#12 0x00007ffff48148d3 in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0x8c5b40, offset=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollAnimator.cpp:81
#13 0x00007ffff481304a in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x8c3c38, offset=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollableArea.cpp:124
#14 0x00007ffff4991b39 in WebCore::RenderLayer::scrollToOffset (this=0x8c3c38, scrollOffset=..., clamp=WebCore::RenderLayer::ScrollOffsetUnclamped)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:2180
#15 0x00007ffff48fddb3 in WebCore::RenderLayer::scrollToXOffset (this=0x8c3c38, x=-762, clamp=WebCore::RenderLayer::ScrollOffsetUnclamped)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.h:397
#16 0x00007ffff49dcf7e in WebCore::RenderMarquee::timerFired (this=0x8c3e60)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderMarquee.cpp:306
#17 0x00007ffff49dd0c7 in WebCore::Timer<WebCore::RenderMarquee>::fired (this=0x8c3e78)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/Timer.h:113
#18 0x00007ffff4838a04 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x6d68f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:129
#19 0x00007ffff48388f1 in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:105
#20 0x00007ffff4b2ab22 in WebCore::SharedTimerQt::timerEvent (this=0x6d6920, ev=0x7fffffffd790)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/qt/SharedTimerQt.cpp:113
#21 0x00007ffff229b66c in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#22 0x00007ffff30e1dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#23 0x00007ffff30e5075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#24 0x00007ffff2275dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#25 0x00007ffff22bc75c in QTimerInfoList::activateTimers() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#26 0x00007ffff22bd094 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#27 0x00007ffff22bd0b1 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#28 0x00007fffee40bf05 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#29 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#30 0x00007fffee40c248 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#31 0x00007fffee40c304 in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#32 0x00007ffff22bd4bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
---Type <return> to continue, or q <return> to quit---
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#33 0x00007ffff2274d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#34 0x00007ffff2278120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#35 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#36 0x0000000000423680 in main (argc=2, argv=0x7fffffffdce8) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Comment 1 Renata Hodovan 2013-06-25 02:47:22 PDT 
Created attachment 205373 [details]
Test case
Comment 2 Renata Hodovan 2014-09-08 05:34:44 PDT 
The issue is not reproducible anymore.
Comment 3 Renata Hodovan 2014-09-08 05:38:54 PDT 
*** Bug 110441 has been marked as a duplicate of this bug. ***