RESOLVED FIXED 120469
ASSERT_NOT_REACHED is touched in WebCore::CSSPrimitiveValue::computeLengthDouble 
https://bugs.webkit.org/show_bug.cgi?id=120469
Summary ASSERT_NOT_REACHED is touched in WebCore::CSSPrimitiveValue::computeLengthDouble
Renata Hodovan
Reported 2013-08-29 07:07:15 PDT
Created attachment 209974 [details] Test case The failing test: <a style="outline-offset: 1%"></a> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56ece51 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56ece51 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff40b458d in WebCore::CSSPrimitiveValue::computeLengthDouble (this=0x8af0b0, style=0x8a1120, rootStyle=0x7d9ed0, multiplier=1, computingFontSize=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/CSSPrimitiveValue.cpp:604 #2 0x00007ffff40b408c in WebCore::CSSPrimitiveValue::computeLength<int> (this=0x8af0b0, style=0x8a1120, rootStyle=0x7d9ed0, multiplier=1, computingFontSize=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/CSSPrimitiveValue.cpp:513 #3 0x00007ffff40fed43 in WebCore::ApplyPropertyComputeLength<int, &(WebCore::RenderStyle::outlineOffset() const), &WebCore::RenderStyle::setOutlineOffset, &WebCore::RenderStyle::initialOutlineOffset, (WebCore::ComputeLengthNormal)0, (WebCore::ComputeLengthThickness)0, (WebCore::ComputeLengthSVGZoom)0>::applyValue ( styleResolver=0x7d3720, value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:610 #4 0x00007ffff4158261 in WebCore::PropertyHandler::applyValue (this=0x72fbd8, propertyID=WebCore::CSSPropertyOutlineOffset, styleResolver=0x7d3720, value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:48 #5 0x00007ffff4160c17 in WebCore::StyleResolver::applyProperty (this=0x7d3720, id=WebCore::CSSPropertyOutlineOffset, value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2112 #6 0x00007ffff416f7a1 in WebCore::StyleResolver::applyProperties<(WebCore::StyleResolver::StyleApplicationPass)1> (this=0x7d3720, properties=0x8aeb80, rule=0x0, isImportant=false, inheritedOnly=false, propertyWhitelistType=WebCore::PropertyWhitelistNone) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1574 #7 0x00007ffff416ac10 in WebCore::StyleResolver::applyMatchedProperties<(WebCore::StyleResolver::StyleApplicationPass)1> (this=0x7d3720, matchResult=..., isImportant=false, startIndex=0, endIndex=0, inheritedOnly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1603 #8 0x00007ffff415fd5d in WebCore::StyleResolver::applyMatchedProperties (this=0x7d3720, matchResult=..., element=0x795f20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1769 #9 0x00007ffff415c158 in WebCore::StyleResolver::styleForElement (this=0x7d3720, element=0x795f20, defaultParent=0x0, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:851 #10 0x00007ffff421001d in WebCore::Element::styleForRenderer (this=0x795f20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1430 #11 0x00007ffff42643b6 in WebCore::NodeRenderingContext::createRendererForElementIfNeeded (this=0x7fffffffc650) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/NodeRenderingContext.cpp:250 #12 0x00007ffff4a42437 in WebCore::Style::createRendererIfNeeded (element=0x795f20, context=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:109 #13 0x00007ffff4a4322c in WebCore::Style::attachRenderTree (current=0x795f20, context=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:344 #14 0x00007ffff44124c9 in WebCore::executeTask (task=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:104 #15 0x00007ffff4412855 in WebCore::HTMLConstructionSite::executeQueuedTasks (this=0x71f8d8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:150 #16 0x00007ffff443bcdc in WebCore::HTMLTreeBuilder::constructTree (this=0x71f8c0, token=0x7fffffffc7e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:368 #17 0x00007ffff441a92e in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7d1ea0, rawToken=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:597 #18 0x00007ffff441a563 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7d1ea0, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:551 #19 0x00007ffff4419d2b in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7d1ea0, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235 #20 0x00007ffff441aeca in WebCore::HTMLDocumentParser::append (this=0x7d1ea0, inputSource=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:747 #21 0x00007ffff41aa5e3 in WebCore::DecodedDataDocumentParser::flush (this=0x7d1ea0, writer=0x694230) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #22 0x00007ffff45b548f in WebCore::DocumentWriter::end (this=0x694230) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:241 #23 0x00007ffff45a7f7f in WebCore::DocumentLoader::finishedLoading (this=0x694190, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:407 #24 0x00007ffff45a7ce8 in WebCore::DocumentLoader::notifyFinished (this=0x694190, resource=0x7cc3d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #25 0x00007ffff458ef1c in WebCore::CachedResource::checkNotify (this=0x7cc3d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #26 0x00007ffff458eff2 in WebCore::CachedResource::finishLoading (this=0x7cc3d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 ---Type <return> to continue, or q <return> to quit--- #27 0x00007ffff458b744 in WebCore::CachedRawResource::finishLoading (this=0x7cc3d0, data=0x7b9af0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #28 0x00007ffff45f1e11 in WebCore::SubresourceLoader::didFinishLoading (this=0x7aff30, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #29 0x00007ffff45e8737 in WebCore::ResourceLoader::didFinishLoading (this=0x7aff30, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #30 0x00007ffff4aa1a1d in WebCore::QNetworkReplyHandler::finish (this=0x76d1c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #31 0x00007ffff4aa073c in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x76d1f8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #32 0x00007ffff4aa0439 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x76d1f8, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4aa1862 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #33 0x00007ffff4aa1386 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x76d2b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #34 0x00007ffff4aa3d18 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x76d2b0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffce30) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 #35 0x00007ffff22055cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #36 0x00007ffff220684e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #37 0x00007ffff304cdbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #38 0x00007ffff3050075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #39 0x00007ffff21e0dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #40 0x00007ffff21e2a76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #41 0x00007ffff2228333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #42 0x00007fffee3692d6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3065 #43 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3641 #44 0x00007fffee369628 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3712 #45 0x00007fffee3696cc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3773 #46 0x00007ffff22284bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #47 0x00007ffff21dfd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #48 0x00007ffff21e3120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #49 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #50 0x0000000000423680 in main (argc=2, argv=0x7fffffffdb08) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Attachments
Test case (35 bytes, text/html)
2013-08-29 07:07 PDT, Renata Hodovan 		no flags
Details
Patch (4.79 KB, patch)
2013-09-17 14:32 PDT, Csaba Osztrogonác 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 (461.76 KB, application/zip)
2013-09-17 15:19 PDT, Build Bot 		no flags
Details
Patch (5.55 KB, patch)
2013-09-17 23:25 PDT, Csaba Osztrogonác 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Andreas Kling
Comment 1 2013-08-29 10:18:20 PDT
Curse you, "default:" switch label! Without you, we would have known.
Csaba Osztrogonác
Comment 2 2013-09-17 10:04:16 PDT
I got it, it is a bug in the CSS parser, fix is coming soon.
Csaba Osztrogonác
Comment 3 2013-09-17 14:14:23 PDT
(In reply to comment #2) > I got it, it is a bug in the CSS parser, fix is coming soon. It is a 3 years old typo by https://trac.webkit.org/changeset/66615 See https://bugs.webkit.org/show_bug.cgi?id=38354#c13 for details.
Csaba Osztrogonác
Comment 4 2013-09-17 14:32:20 PDT
Created attachment 211943 [details] Patch
Csaba Osztrogonác
Comment 5 2013-09-17 14:36:02 PDT
(In reply to comment #4) > Created an attachment (id=211943) [details] > Patch I added the following 2 tests: - fast/css/outline-offset-parsing-assert.html to catch the assertion - fast/css/outline-offset-parsing.html to validate the parsing (This one doesn't assert, simple fail with "1%" instead of "null")
Build Bot
Comment 6 2013-09-17 15:19:47 PDT
Comment on attachment 211943 [details] Patch Attachment 211943 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/1877850 New failing tests: fast/css/outline-offset-parsing.html
Build Bot
Comment 7 2013-09-17 15:19:49 PDT
Created attachment 211949 [details] Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-12 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.5
Csaba Osztrogonác
Comment 8 2013-09-17 23:25:32 PDT
Created attachment 211973 [details] Patch Add the new fast/css/outline-offset-parsing-expected.txt too.
Csaba Osztrogonác
Comment 9 2013-09-17 23:37:31 PDT
(In reply to comment #8) > Created an attachment (id=211973) [details] > Patch > > Add the new fast/css/outline-offset-parsing-expected.txt too. Otherwise it is strange that only Mac-WK2 EWS complained about the missing expected file. How is it possible if Mac-WK1 EWS didn't notice it?
Dirk Schulze
Comment 10 2013-09-18 06:19:23 PDT
Comment on attachment 211973 [details] Patch r=me
Csaba Osztrogonác
Comment 11 2013-09-18 06:47:18 PDT
Comment on attachment 211973 [details] Patch Clearing flags on attachment: 211973 Committed r156037: <http://trac.webkit.org/changeset/156037>
Csaba Osztrogonác
Comment 12 2013-09-18 06:47:25 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.