Bug 120469 - ASSERT_NOT_REACHED is touched in WebCore::CSSPrimitiveValue::computeLengthDouble
Summary: ASSERT_NOT_REACHED is touched in WebCore::CSSPrimitiveValue::computeLengthDouble
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Csaba Osztrogonác
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2013-08-29 07:07 PDT by Renata Hodovan
Modified: 2013-09-18 06:47 PDT (History)
14 users (show)

See Also:

Attachments
Test case (35 bytes, text/html)
2013-08-29 07:07 PDT, Renata Hodovan 		no flags Details
Patch (4.79 KB, patch)
2013-09-17 14:32 PDT, Csaba Osztrogonác 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 (461.76 KB, application/zip)
2013-09-17 15:19 PDT, Build Bot 		no flags Details
Patch (5.55 KB, patch)
2013-09-17 23:25 PDT, Csaba Osztrogonác 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2013-08-29 07:07:15 PDT 
Created attachment 209974 [details]
Test case

The failing test:

<a style="outline-offset: 1%"></a>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56ece51 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
342	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff56ece51 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ffff40b458d in WebCore::CSSPrimitiveValue::computeLengthDouble (this=0x8af0b0, style=0x8a1120, rootStyle=0x7d9ed0, multiplier=1, 
    computingFontSize=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/CSSPrimitiveValue.cpp:604
#2  0x00007ffff40b408c in WebCore::CSSPrimitiveValue::computeLength<int> (this=0x8af0b0, style=0x8a1120, rootStyle=0x7d9ed0, multiplier=1, 
    computingFontSize=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/CSSPrimitiveValue.cpp:513
#3  0x00007ffff40fed43 in WebCore::ApplyPropertyComputeLength<int, &(WebCore::RenderStyle::outlineOffset() const), &WebCore::RenderStyle::setOutlineOffset, &WebCore::RenderStyle::initialOutlineOffset, (WebCore::ComputeLengthNormal)0, (WebCore::ComputeLengthThickness)0, (WebCore::ComputeLengthSVGZoom)0>::applyValue (
    styleResolver=0x7d3720, value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:610
#4  0x00007ffff4158261 in WebCore::PropertyHandler::applyValue (this=0x72fbd8, propertyID=WebCore::CSSPropertyOutlineOffset, styleResolver=0x7d3720, 
    value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:48
#5  0x00007ffff4160c17 in WebCore::StyleResolver::applyProperty (this=0x7d3720, id=WebCore::CSSPropertyOutlineOffset, value=0x8af0b0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2112
#6  0x00007ffff416f7a1 in WebCore::StyleResolver::applyProperties<(WebCore::StyleResolver::StyleApplicationPass)1> (this=0x7d3720, properties=0x8aeb80, 
    rule=0x0, isImportant=false, inheritedOnly=false, propertyWhitelistType=WebCore::PropertyWhitelistNone)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1574
#7  0x00007ffff416ac10 in WebCore::StyleResolver::applyMatchedProperties<(WebCore::StyleResolver::StyleApplicationPass)1> (this=0x7d3720, matchResult=..., 
    isImportant=false, startIndex=0, endIndex=0, inheritedOnly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1603
#8  0x00007ffff415fd5d in WebCore::StyleResolver::applyMatchedProperties (this=0x7d3720, matchResult=..., element=0x795f20)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1769
#9  0x00007ffff415c158 in WebCore::StyleResolver::styleForElement (this=0x7d3720, element=0x795f20, defaultParent=0x0, 
    sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:851
#10 0x00007ffff421001d in WebCore::Element::styleForRenderer (this=0x795f20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1430
#11 0x00007ffff42643b6 in WebCore::NodeRenderingContext::createRendererForElementIfNeeded (this=0x7fffffffc650)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/NodeRenderingContext.cpp:250
#12 0x00007ffff4a42437 in WebCore::Style::createRendererIfNeeded (element=0x795f20, context=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:109
#13 0x00007ffff4a4322c in WebCore::Style::attachRenderTree (current=0x795f20, context=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:344
#14 0x00007ffff44124c9 in WebCore::executeTask (task=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:104
#15 0x00007ffff4412855 in WebCore::HTMLConstructionSite::executeQueuedTasks (this=0x71f8d8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:150
#16 0x00007ffff443bcdc in WebCore::HTMLTreeBuilder::constructTree (this=0x71f8c0, token=0x7fffffffc7e0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:368
#17 0x00007ffff441a92e in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7d1ea0, rawToken=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:597
#18 0x00007ffff441a563 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7d1ea0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:551
#19 0x00007ffff4419d2b in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7d1ea0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235
#20 0x00007ffff441aeca in WebCore::HTMLDocumentParser::append (this=0x7d1ea0, inputSource=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:747
#21 0x00007ffff41aa5e3 in WebCore::DecodedDataDocumentParser::flush (this=0x7d1ea0, writer=0x694230)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#22 0x00007ffff45b548f in WebCore::DocumentWriter::end (this=0x694230) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:241
#23 0x00007ffff45a7f7f in WebCore::DocumentLoader::finishedLoading (this=0x694190, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:407
#24 0x00007ffff45a7ce8 in WebCore::DocumentLoader::notifyFinished (this=0x694190, resource=0x7cc3d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#25 0x00007ffff458ef1c in WebCore::CachedResource::checkNotify (this=0x7cc3d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369
#26 0x00007ffff458eff2 in WebCore::CachedResource::finishLoading (this=0x7cc3d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385
---Type <return> to continue, or q <return> to quit---
#27 0x00007ffff458b744 in WebCore::CachedRawResource::finishLoading (this=0x7cc3d0, data=0x7b9af0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#28 0x00007ffff45f1e11 in WebCore::SubresourceLoader::didFinishLoading (this=0x7aff30, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282
#29 0x00007ffff45e8737 in WebCore::ResourceLoader::didFinishLoading (this=0x7aff30, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488
#30 0x00007ffff4aa1a1d in WebCore::QNetworkReplyHandler::finish (this=0x76d1c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#31 0x00007ffff4aa073c in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x76d1f8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#32 0x00007ffff4aa0439 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x76d1f8, 
    method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4aa1862 <WebCore::QNetworkReplyHandler::finish()>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#33 0x00007ffff4aa1386 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x76d2b0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#34 0x00007ffff4aa3d18 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x76d2b0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffce30)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176
#35 0x00007ffff22055cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#36 0x00007ffff220684e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#37 0x00007ffff304cdbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#38 0x00007ffff3050075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#39 0x00007ffff21e0dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#40 0x00007ffff21e2a76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#41 0x00007ffff2228333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#42 0x00007fffee3692d6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3065
#43 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3641
#44 0x00007fffee369628 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3712
#45 0x00007fffee3696cc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3773
#46 0x00007ffff22284bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#47 0x00007ffff21dfd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#48 0x00007ffff21e3120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#49 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#50 0x0000000000423680 in main (argc=2, argv=0x7fffffffdb08) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Comment 1 Andreas Kling 2013-08-29 10:18:20 PDT 
Curse you, "default:" switch label! Without you, we would have known.
Comment 2 Csaba Osztrogonác 2013-09-17 10:04:16 PDT 
I got it, it is a bug in the CSS parser, fix is coming soon.
Comment 3 Csaba Osztrogonác 2013-09-17 14:14:23 PDT 
(In reply to comment #2)
> I got it, it is a bug in the CSS parser, fix is coming soon.

It is a 3 years old typo by https://trac.webkit.org/changeset/66615
See https://bugs.webkit.org/show_bug.cgi?id=38354#c13 for details.
Comment 4 Csaba Osztrogonác 2013-09-17 14:32:20 PDT 
Created attachment 211943 [details]
Patch
Comment 5 Csaba Osztrogonác 2013-09-17 14:36:02 PDT 
(In reply to comment #4)
> Created an attachment (id=211943) [details]
> Patch

I added the following 2 tests:
- fast/css/outline-offset-parsing-assert.html to catch the assertion
- fast/css/outline-offset-parsing.html to validate the parsing
  (This one doesn't assert, simple fail with "1%" instead of "null")
Comment 6 Build Bot 2013-09-17 15:19:47 PDT 
Comment on attachment 211943 [details]
Patch

Attachment 211943 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/1877850

New failing tests:
fast/css/outline-offset-parsing.html
Comment 7 Build Bot 2013-09-17 15:19:49 PDT 
Created attachment 211949 [details]
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: webkit-ews-12  Port: mac-mountainlion-wk2  Platform: Mac OS X 10.8.5
Comment 8 Csaba Osztrogonác 2013-09-17 23:25:32 PDT 
Created attachment 211973 [details]
Patch

Add the new fast/css/outline-offset-parsing-expected.txt too.
Comment 9 Csaba Osztrogonác 2013-09-17 23:37:31 PDT 
(In reply to comment #8)
> Created an attachment (id=211973) [details]
> Patch
> 
> Add the new fast/css/outline-offset-parsing-expected.txt too.

Otherwise it is strange that only Mac-WK2 EWS complained about the 
missing expected file. How is it possible if Mac-WK1 EWS didn't notice it?
Comment 10 Dirk Schulze 2013-09-18 06:19:23 PDT 
Comment on attachment 211973 [details]
Patch

r=me
Comment 11 Csaba Osztrogonác 2013-09-18 06:47:18 PDT 
Comment on attachment 211973 [details]
Patch

Clearing flags on attachment: 211973

Committed r156037: <http://trac.webkit.org/changeset/156037>
Comment 12 Csaba Osztrogonác 2013-09-18 06:47:25 PDT 
All reviewed patches have been landed.  Closing bug.