WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
120592
ASSERTION FAILED: m_nestedIsolateCount >= 1 in WebCore::BidiResolver<Iterator, Run>::exitIsolate()
https://bugs.webkit.org/show_bug.cgi?id=120592
Summary
ASSERTION FAILED: m_nestedIsolateCount >= 1 in WebCore::BidiResolver<Iterato...
Renata Hodovan
Reported
2013-09-02 00:12:53 PDT
Created
attachment 210265
[details]
Test case The problematic test: <html> <h2 style="-webkit-column-count:2"> <s dir="auto"> <font size="45"> <form> <object align="LEFT"></object> </form> <select multiple="1"></select> </font> Its backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56dafad in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56dafad in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff483bc52 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::exitIsolate (this=0x7fffffffabc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:213 #2 0x00007ffff4834e34 in WebCore::notifyObserverWillExitObject<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (observer=0x7fffffffabc0, object=0x8d0a78) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:157 #3 0x00007ffff483032a in WebCore::bidiNextShared<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (root=0x8f2f38, current=0x8d0a78, observer=0x7fffffffabc0, emptyInlineBehavior=WebCore::SkipEmptyInlines, endOfInlinePtr=0x0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:223 #4 0x00007ffff483021a in WebCore::bidiNextSkippingEmptyInlines<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (root=0x8f2f38, current=0x8cdae8, observer=0x7fffffffabc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:260 #5 0x00007ffff4805026 in WebCore::InlineIterator::increment (this=0x7fffffffabc0, resolver=0x7fffffffabc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:364 #6 0x00007ffff484eb2f in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::increment (this=0x7fffffffabc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:411 #7 0x00007ffff4863302 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine (this=0x7fffffffabc0, end=..., override=WebCore::NoVisualOverride, hardLineBreak=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:888 #8 0x00007ffff4854443 in WebCore::constructBidiRunsForSegment (topResolver=..., bidiRuns=..., endOfRuns=..., override=WebCore::NoVisualOverride, previousLineBrokeCleanly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1307 #9 0x00007ffff4854819 in WebCore::constructBidiRunsForLine (block=0x8f2f38, topResolver=..., bidiRuns=..., endOfLine=..., override=WebCore::NoVisualOverride, previousLineBrokeCleanly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1372 #10 0x00007ffff4856dbe in WebCore::RenderBlock::layoutRunsAndFloatsInRange (this=0x8f2f38, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1876 #11 0x00007ffff485550f in WebCore::RenderBlock::layoutRunsAndFloats (this=0x8f2f38, layoutState=..., hasInlineChild=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1613 #12 0x00007ffff4858c92 in WebCore::RenderBlock::layoutInlineChildren (this=0x8f2f38, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2189 #13 0x00007ffff480c423 in WebCore::RenderBlock::layoutBlock (this=0x8f2f38, relayoutChildren=false, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1661 #14 0x00007ffff480b773 in WebCore::RenderBlock::layout (this=0x8f2f38) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1426 #15 0x00007ffff4810d0d in WebCore::RenderBlock::layoutBlockChild (this=0x8cdcd8, child=0x8f2f38, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2677 #16 0x00007ffff48108ed in WebCore::RenderBlock::layoutBlockChildren (this=0x8cdcd8, relayoutChildren=false, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2611 #17 0x00007ffff480c444 in WebCore::RenderBlock::layoutBlock (this=0x8cdcd8, relayoutChildren=false, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1663 #18 0x00007ffff4822e16 in WebCore::RenderBlock::relayoutForPagination (this=0x8cdcd8, hasSpecifiedPageLogicalHeight=false, pageLogicalHeight=..., statePusher=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:5799 #19 0x00007ffff480c595 in WebCore::RenderBlock::layoutBlock (this=0x8cdcd8, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1670 #20 0x00007ffff480b773 in WebCore::RenderBlock::layout (this=0x8cdcd8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1426 #21 0x00007ffff4810d0d in WebCore::RenderBlock::layoutBlockChild (this=0x825a78, child=0x8cdcd8, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2677 #22 0x00007ffff48108ed in WebCore::RenderBlock::layoutBlockChildren (this=0x825a78, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2611 #23 0x00007ffff480c444 in WebCore::RenderBlock::layoutBlock (this=0x825a78, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1663 #24 0x00007ffff480b773 in WebCore::RenderBlock::layout (this=0x825a78) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1426 #25 0x00007ffff4810d0d in WebCore::RenderBlock::layoutBlockChild (this=0x7d6938, child=0x825a78, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2677 #26 0x00007ffff48108ed in WebCore::RenderBlock::layoutBlockChildren (this=0x7d6938, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2611 #27 0x00007ffff480c444 in WebCore::RenderBlock::layoutBlock (this=0x7d6938, relayoutChildren=true, pageLogicalHeight=...) ---Type <return> to continue, or q <return> to quit--- at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1663 #28 0x00007ffff480b773 in WebCore::RenderBlock::layout (this=0x7d6938) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1426 #29 0x00007ffff4810d0d in WebCore::RenderBlock::layoutBlockChild (this=0x7315e8, child=0x7d6938, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2677 #30 0x00007ffff48108ed in WebCore::RenderBlock::layoutBlockChildren (this=0x7315e8, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2611 #31 0x00007ffff480c444 in WebCore::RenderBlock::layoutBlock (this=0x7315e8, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1663 #32 0x00007ffff480b773 in WebCore::RenderBlock::layout (this=0x7315e8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1426 #33 0x00007ffff49c6feb in WebCore::RenderView::layoutContent (this=0x7315e8, state=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:145 #34 0x00007ffff49c7d83 in WebCore::RenderView::layout (this=0x7315e8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:328 #35 0x00007ffff4669b5c in WebCore::FrameView::layout (this=0x7a02b0, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1293 #36 0x00007ffff419bc9d in WebCore::Document::implicitClose (this=0x8b0ce0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2459 #37 0x00007ffff45a08af in WebCore::FrameLoader::checkCallImplicitClose (this=0x7e0310) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:848 #38 0x00007ffff45a0620 in WebCore::FrameLoader::checkCompleted (this=0x7e0310) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:791 #39 0x00007ffff45a0355 in WebCore::FrameLoader::finishedParsing (this=0x7e0310) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:724 #40 0x00007ffff41a2c9b in WebCore::Document::finishedParsing (this=0x8b0ce0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4437 #41 0x00007ffff43f6273 in WebCore::HTMLConstructionSite::finishedParsing (this=0x781b68) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:352 #42 0x00007ffff442a989 in WebCore::HTMLTreeBuilder::finished (this=0x781b50) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2912 #43 0x00007ffff43fd99e in WebCore::HTMLDocumentParser::end (this=0x7a46f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763 #44 0x00007ffff43fda89 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7a46f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774 #45 0x00007ffff43fc5f8 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7a46f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #46 0x00007ffff43fdace in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7a46f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786 #47 0x00007ffff43fdb87 in WebCore::HTMLDocumentParser::finish (this=0x7a46f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835 #48 0x00007ffff45980ab in WebCore::DocumentWriter::end (this=0x694220) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:244 #49 0x00007ffff458ab61 in WebCore::DocumentLoader::finishedLoading (this=0x694180, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:407 #50 0x00007ffff458a8ca in WebCore::DocumentLoader::notifyFinished (this=0x694180, resource=0x7d75c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #51 0x00007ffff4571afe in WebCore::CachedResource::checkNotify (this=0x7d75c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #52 0x00007ffff4571bd4 in WebCore::CachedResource::finishLoading (this=0x7d75c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #53 0x00007ffff456e326 in WebCore::CachedRawResource::finishLoading (this=0x7d75c0, data=0x767110) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #54 0x00007ffff45d4a15 in WebCore::SubresourceLoader::didFinishLoading (this=0x7d8900, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #55 0x00007ffff45cb33b in WebCore::ResourceLoader::didFinishLoading (this=0x7d8900, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #56 0x00007ffff4a86713 in WebCore::QNetworkReplyHandler::finish (this=0x786440) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #57 0x00007ffff4a85432 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x786478) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 ---Type <return> to continue, or q <return> to quit--- #58 0x00007ffff4a8512f in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x786478, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a86558 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #59 0x00007ffff4a8607c in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7c52c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #60 0x00007ffff4a88a0e in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7c52c0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffce30) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 #61 0x00007ffff21e65cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #62 0x00007ffff21e784e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #63 0x00007ffff302ddbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #64 0x00007ffff3031075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #65 0x00007ffff21c1dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #66 0x00007ffff21c3a76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #67 0x00007ffff2209333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #68 0x00007fffee34a2d6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3065 #69 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3641 #70 0x00007fffee34a628 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3712 #71 0x00007fffee34a6cc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3773 #72 0x00007ffff22094bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #73 0x00007ffff21c0d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #74 0x00007ffff21c4120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #75 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #76 0x0000000000423680 in main (argc=2, argv=0x7fffffffdb08) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Attachments
Test case
(180 bytes, text/html)
2013-09-02 00:12 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2014-09-08 05:58:30 PDT
The issue is not reproducible anymore.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug