WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED DUPLICATE of
bug 138439
119626
ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result) in WebCore::RenderGeometryMap::mapToContainer
https://bugs.webkit.org/show_bug.cgi?id=119626
Summary
ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(re...
Renata Hodovan
Reported
2013-08-09 05:58:53 PDT
The crash happens on the following test: <html> <tr> <div contenteditable="plaintext-only"></div> <h2></h2> </tr> <br><br> <textarea cols="150,*" rows="100000000"></textarea> <textarea></textarea> </html> Note: if you decrease the value of "rows" property of textarea then the crash disappears. The backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56f53e4 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56f53e4 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff48e8b16 in WebCore::RenderGeometryMap::mapToContainer (this=0x7fffffffc010, p=..., container=0x0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderGeometryMap.cpp:117 #2 0x00007ffff4905b62 in WebCore::RenderGeometryMap::absolutePoint (this=0x7fffffffc010, p=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderGeometryMap.h:84 #3 0x00007ffff4907144 in WebCore::RenderLayer::updateLayerPositions (this=0x8aaef8, geometryMap=0x7fffffffc010, flags=14) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:431 #4 0x00007ffff4907563 in WebCore::RenderLayer::updateLayerPositions (this=0x7b13a8, geometryMap=0x7fffffffc010, flags=14) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:499 #5 0x00007ffff4907563 in WebCore::RenderLayer::updateLayerPositions (this=0x76fe58, geometryMap=0x7fffffffc010, flags=14) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:499 #6 0x00007ffff490708b in WebCore::RenderLayer::updateLayerPositionsAfterLayout (this=0x76fe58, rootLayer=0x76fe58, flags=14) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:414 #7 0x00007ffff467a7a9 in WebCore::FrameView::layout (this=0x774890, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1354 #8 0x00007ffff467dd40 in WebCore::FrameView::visibleContentsResized (this=0x774890) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:2218 #9 0x00007ffff4795ef8 in WebCore::ScrollView::updateScrollbars (this=0x774890, desiredOffset=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollView.cpp:556 #10 0x00007ffff479497d in WebCore::ScrollView::setContentsSize (this=0x774890, newSize=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollView.cpp:305 #11 0x00007ffff4678219 in WebCore::FrameView::setContentsSize (this=0x774890, size=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:595 #12 0x00007ffff4678456 in WebCore::FrameView::adjustViewSize (this=0x774890) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:624 #13 0x00007ffff467a70a in WebCore::FrameView::layout (this=0x774890, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1345 #14 0x00007ffff41b2e8f in WebCore::Document::implicitClose (this=0x87c150) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2452 #15 0x00007ffff45b349f in WebCore::FrameLoader::checkCallImplicitClose (this=0x7b0bd8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:844 #16 0x00007ffff45b3210 in WebCore::FrameLoader::checkCompleted (this=0x7b0bd8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:787 #17 0x00007ffff45b2f45 in WebCore::FrameLoader::finishedParsing (this=0x7b0bd8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:720 #18 0x00007ffff41b9e35 in WebCore::Document::finishedParsing (this=0x87c150) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4427 #19 0x00007ffff440ce97 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f3338) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348 #20 0x00007ffff44415b9 in WebCore::HTMLTreeBuilder::finished (this=0x7f3320) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926 #21 0x00007ffff4414596 in WebCore::HTMLDocumentParser::end (this=0x775160) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763 #22 0x00007ffff4414681 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x775160) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774 #23 0x00007ffff44131f0 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x775160) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #24 0x00007ffff44146c6 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x775160) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786 #25 0x00007ffff441477f in WebCore::HTMLDocumentParser::finish (this=0x775160) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835 #26 0x00007ffff45aada5 in WebCore::DocumentWriter::end (this=0x6942f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #27 0x00007ffff459d8e4 in WebCore::DocumentLoader::finishedLoading (this=0x694250, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402 #28 0x00007ffff459d652 in WebCore::DocumentLoader::notifyFinished (this=0x694250, resource=0x7a9840) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #29 0x00007ffff4584948 in WebCore::CachedResource::checkNotify (this=0x7a9840) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 ---Type <return> to continue, or q <return> to quit--- #30 0x00007ffff4584a1e in WebCore::CachedResource::finishLoading (this=0x7a9840) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #31 0x00007ffff4581170 in WebCore::CachedRawResource::finishLoading (this=0x7a9840, data=0x8668e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #32 0x00007ffff45e7765 in WebCore::SubresourceLoader::didFinishLoading (this=0x78d780, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #33 0x00007ffff45de04f in WebCore::ResourceLoader::didFinishLoading (this=0x78d780, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #34 0x00007ffff4a878e3 in WebCore::QNetworkReplyHandler::finish (this=0x7a9690) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #35 0x00007ffff4a86602 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7a96c8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #36 0x00007ffff4a862ff in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7a96c8, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a87728 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #37 0x00007ffff4a8724c in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7aa3f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #38 0x00007ffff4a89bde in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7aa3f0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 #39 0x00007ffff22115cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #40 0x00007ffff221284e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #41 0x00007ffff3058dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #42 0x00007ffff305c075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #43 0x00007ffff21ecdbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #44 0x00007ffff21eea76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #45 0x00007ffff2234333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #46 0x00007fffee3790a6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3058 #47 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3634 #48 0x00007fffee3793f8 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3705 #49 0x00007fffee37949c in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3766 #50 0x00007ffff22344bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #51 0x00007ffff21ebd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #52 0x00007ffff21ef120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #53 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #54 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Attachments
Test case
(191 bytes, text/html)
2013-08-09 06:00 PDT
,
Renata Hodovan
no flags
Details
New test case
(188 bytes, text/html)
2014-01-16 05:13 PST
,
Renata Hodovan
no flags
Details
Proposed patch
(5.69 KB, patch)
2014-02-27 06:36 PST
,
Martin Hodovan
buildbot
: commit-queue-
Details
Formatted Diff
Diff
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2
(2.77 MB, application/zip)
2014-02-27 07:36 PST
,
Build Bot
no flags
Details
Archive of layout-test-results from webkit-ews-08 for mac-mountainlion
(2.82 MB, application/zip)
2014-02-27 07:59 PST
,
Build Bot
no flags
Details
Archive of layout-test-results from webkit-ews-05 for mac-mountainlion
(2.82 MB, application/zip)
2014-02-27 08:58 PST
,
Build Bot
no flags
Details
Proposed patch
(7.77 KB, patch)
2014-02-27 09:39 PST
,
Martin Hodovan
no flags
Details
Formatted Diff
Diff
Proposed patch
(16.23 KB, patch)
2014-02-27 10:15 PST
,
Martin Hodovan
simon.fraser
: review+
simon.fraser
: commit-queue-
Details
Formatted Diff
Diff
Proposed patch
(4.81 KB, patch)
2014-02-28 07:16 PST
,
Martin Hodovan
ossy
: review-
ossy
: commit-queue-
Details
Formatted Diff
Diff
Proposed patch
(4.80 KB, patch)
2014-02-28 07:56 PST
,
Martin Hodovan
no flags
Details
Formatted Diff
Diff
Patch
(4.33 KB, patch)
2014-11-06 18:12 PST
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Show Obsolete
(6)
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2013-08-09 06:00:35 PDT
Created
attachment 208424
[details]
Test case
Renata Hodovan
Comment 2
2014-01-16 05:13:26 PST
Created
attachment 221367
[details]
New test case The previous test doesn't produce the assertion above anymore, but we can achieve it with this new one.
Renata Hodovan
Comment 3
2014-01-16 06:37:07 PST
As a side note, I have also tested it with the newest EFL debug build in EWebLauncher and MiniBrowser on
r161958
(and not in QtTestBrowser as the backtrace suggest).
Martin Hodovan
Comment 4
2014-02-27 06:36:49 PST
Created
attachment 225363
[details]
Proposed patch Backported from Blink:
https://codereview.chromium.org/143363004
Build Bot
Comment 5
2014-02-27 07:36:23 PST
Comment on
attachment 225363
[details]
Proposed patch
Attachment 225363
[details]
did not pass mac-wk2-ews (mac-wk2): Output:
http://webkit-queues.appspot.com/results/6233206076473344
New failing tests: svg/transforms/svg-geometry-crash.html
Build Bot
Comment 6
2014-02-27 07:36:27 PST
Created
attachment 225368
[details]
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-12 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.5
Build Bot
Comment 7
2014-02-27 07:59:45 PST
Comment on
attachment 225363
[details]
Proposed patch
Attachment 225363
[details]
did not pass mac-ews (mac): Output:
http://webkit-queues.appspot.com/results/4864332353503232
New failing tests: svg/transforms/svg-geometry-crash.html
Build Bot
Comment 8
2014-02-27 07:59:49 PST
Created
attachment 225371
[details]
Archive of layout-test-results from webkit-ews-08 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-08 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Build Bot
Comment 9
2014-02-27 08:58:28 PST
Comment on
attachment 225363
[details]
Proposed patch
Attachment 225363
[details]
did not pass mac-ews (mac): Output:
http://webkit-queues.appspot.com/results/4896495216099328
New failing tests: svg/transforms/svg-geometry-crash.html
Build Bot
Comment 10
2014-02-27 08:58:32 PST
Created
attachment 225373
[details]
Archive of layout-test-results from webkit-ews-05 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-05 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Martin Hodovan
Comment 11
2014-02-27 09:39:15 PST
Created
attachment 225382
[details]
Proposed patch
Martin Hodovan
Comment 12
2014-02-27 10:15:46 PST
Created
attachment 225389
[details]
Proposed patch
Simon Fraser (smfr)
Comment 13
2014-02-27 10:18:45 PST
Comment on
attachment 225389
[details]
Proposed patch View in context:
https://bugs.webkit.org/attachment.cgi?id=225389&action=review
r=me but the tests should not need to dump pixel results.
> LayoutTests/ChangeLog:14 > + * platform/efl/svg/transforms/svg-geometry-crash-expected.png: Added. > + * platform/efl/svg/transforms/svg-geometry-crash-expected.txt: Added. > + * platform/mac/svg/transforms/svg-geometry-crash-expected.png: Added. > + * platform/mac/svg/transforms/svg-geometry-crash-expected.txt: Added. > + * svg/transforms/svg-geometry-crash.html: Added.
Why can't these be dumpAsText() tests?
Martin Hodovan
Comment 14
2014-02-28 07:16:05 PST
Created
attachment 225460
[details]
Proposed patch
Csaba Osztrogonác
Comment 15
2014-02-28 07:20:04 PST
Comment on
attachment 225460
[details]
Proposed patch You shouldn't set r+ yourself, but add "Reviewed by Simon Fraser." to the changelog and set only cq?
Martin Hodovan
Comment 16
2014-02-28 07:56:10 PST
Created
attachment 225464
[details]
Proposed patch
WebKit Commit Bot
Comment 17
2014-02-28 08:29:54 PST
Comment on
attachment 225464
[details]
Proposed patch Clearing flags on attachment: 225464 Committed
r164861
: <
http://trac.webkit.org/changeset/164861
>
WebKit Commit Bot
Comment 18
2014-02-28 08:29:59 PST
All reviewed patches have been landed. Closing bug.
Said Abou-Hallawa
Comment 19
2014-11-05 21:30:35 PST
The fix committed for this bug was wrong. It was reverted by Blink because it broke their SVG display. It also broke the WebKit SVG search. Bug
https://bugs.webkit.org/show_bug.cgi?id=138439
was logged to track reverting this change. The same assertion is still firing with or without this change and it is tracked by bug
https://bugs.webkit.org/show_bug.cgi?id=122027
.
Said Abou-Hallawa
Comment 20
2014-11-06 11:34:58 PST
(In reply to
comment #19
)
> The same assertion is still firing with or without this change > and it is tracked by bug
https://bugs.webkit.org/show_bug.cgi?id=122027
.
I was wrong about the relationship between the assertion here and the assertion filed in the
https://bugs.webkit.org/show_bug.cgi?id=122027
. The assertion are different and actually they are in different overloaded functions.
Said Abou-Hallawa
Comment 21
2014-11-06 18:12:15 PST
Reopening to attach new patch.
Said Abou-Hallawa
Comment 22
2014-11-06 18:12:20 PST
Created
attachment 241152
[details]
Patch
Said Abou-Hallawa
Comment 23
2014-11-06 18:22:05 PST
Comment on
attachment 241152
[details]
Patch By mistake the patch of
https://bugs.webkit.org/show_bug.cgi?id=138439
got into this one and reopened it. I am obsoleting it and closing the bug again.
Said Abou-Hallawa
Comment 24
2014-11-06 18:23:03 PST
*** This bug has been marked as a duplicate of
bug 138439
***
Radar WebKit Bug Importer
Comment 25
2015-02-13 22:01:05 PST
<
rdar://problem/19837156
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug