12085 – Assertion failure in WebCore::RenderFlow::rightmostPosition

Bug 12085 - Assertion failure in WebCore::RenderFlow::rightmostPosition

Summary: Assertion failure in WebCore::RenderFlow::rightmostPosition

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P2 Major
Assignee:	Julien Chaffraix

URL:
Keywords:	HasReduction

Depends on:
Blocks:

Reported:	2007-01-02 15:57 PST by Mark Rowe (bdash)
Modified:	2011-08-29 10:32 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
test case (264 bytes, text/html) 2009-01-02 06:10 PST, Robert Blaut	no flags	Details
Proposed "fix": land the test as the bug got solved. (2.01 KB, patch) 2011-08-26 18:26 PDT, Julien Chaffraix	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Rowe (bdash) 2007-01-02 15:57:55 PST

<html>
<head>
    <title>Test HTML Page</title>
    <style type="text/css">
    marquee { display: run-in; }
    </style>
</head>
<body>
    <marquee>marquee</marquee>

    <p>This will assert if the marquee is not the last element in the body.</p>
</body>
</html>


ASSERTION FAILED: !isInlineFlow()
(/Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderFlow.cpp:527 virtual int WebCore::RenderFlow::rightmostPosition(bool, bool) const)

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x0116e67e in WebCore::RenderFlow::rightmostPosition (this=0x1cb81e5c, includeOverflowInterior=true, includeSelf=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderFlow.cpp:527
527         ASSERT(!isInlineFlow());
(gdb) bt
#0  0x0116e67e in WebCore::RenderFlow::rightmostPosition (this=0x1cb81e5c, includeOverflowInterior=true, includeSelf=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderFlow.cpp:527
#1  0x01155bfa in WebCore::RenderBlock::rightmostPosition (this=0x1cb81e5c, includeOverflowInterior=true, includeSelf=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:2176
#2  0x011778a8 in WebCore::Marquee::computePosition (this=0x1cb81fb0, dir=WebCore::MLEFT, stopAtContentEdge=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderLayer.cpp:2106
#3  0x01177e9d in WebCore::Marquee::updateMarqueePosition (this=0x1cb81fb0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderLayer.cpp:2202
#4  0x01178213 in WebCore::RenderLayer::updateLayerPositions (this=0x1cb81f0c, doFullRepaint=false, checkForRepaint=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderLayer.cpp:230
#5  0x011781e1 in WebCore::RenderLayer::updateLayerPositions (this=0x1cb2d60c, doFullRepaint=false, checkForRepaint=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderLayer.cpp:226
#6  0x011781e1 in WebCore::RenderLayer::updateLayerPositions (this=0x1bfe953c, doFullRepaint=false, checkForRepaint=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderLayer.cpp:226
#7  0x010e7b36 in WebCore::FrameView::layout (this=0x18ca3380, allowSubtree=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/FrameView.cpp:435
#8  0x010e90c2 in WebCore::Document::updateLayout (this=0x25ad800) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1020
#9  0x010f5a1a in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x25ad800) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1046
#10 0x0123e245 in WebCore::Element::offsetHeight (this=0x1bf42f70) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:214
#11 0x0123118c in WebCore::JSElement::getValueProperty (this=0x16f80380, exec=0xbfffe4c0, token=5) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitBuild/Debug/DerivedSources/WebCore/JSElement.cpp:205
#12 0x0152e2a6 in KJS::staticValueGetter<WebCore::JSElement> (exec=0xbfffe4c0, slot=@0xbfffe204) at lookup.h:149
#13 0x00546821 in KJS::PropertySlot::getValue (this=0xbfffe204, exec=0xbfffe4c0, originalObject=0x16f80380, propertyName=@0x18ed9e8c) at property_slot.h:47
#14 0x004e5710 in KJS::JSObject::get (this=0x16f80380, exec=0xbfffe4c0, propertyName=@0x18ed9e8c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/object.cpp:151
#15 0x004dcef9 in KJS::DotAccessorNode::evaluate (this=0x18ed9e80, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:548
#16 0x004d577d in KJS::AssignExprNode::evaluate (this=0x18c6dbb0, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1527
#17 0x004d979c in KJS::VarDeclNode::evaluate (this=0x1cb69210, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1545
#18 0x004d96ba in KJS::VarDeclListNode::evaluate (this=0x18c566c0, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1592
#19 0x004d9592 in KJS::VarStatementNode::execute (this=0x1cb7b190, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1616
#20 0x004d7000 in KJS::SourceElementsNode::execute (this=0x1cb7b1b0, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:2449
#21 0x004d5938 in KJS::BlockNode::execute (this=0x1cb89140, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1648
#22 0x004c780a in KJS::DeclaredFunctionImp::execute (this=0x16f81f10, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/function.cpp:359
#23 0x004c9aed in KJS::FunctionImp::callAsFunction (this=0x16f81f10, exec=0x18a9bedc, thisObj=0x17045b20, args=@0xbfffe57c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/function.cpp:108
#24 0x004e6364 in KJS::JSObject::call (this=0x16f81f10, exec=0x18a9bedc, thisObj=0x17045b20, args=@0xbfffe57c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/object.cpp:96
#25 0x01254d92 in KJS::JSAbstractEventListener::handleEvent (this=0x1cb01060, ele=0x1cb72c70, isWindowEvent=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_events.cpp:121
#26 0x010ecb18 in WebCore::Document::handleWindowEvent (this=0x25ad800, evt=0x1cb72c70, useCapture=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:2238
#27 0x01222779 in WebCore::EventTargetNode::dispatchWindowEvent (this=0x25ad800, eventType=@0x16421b0, canBubbleArg=false, cancelableArg=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/EventTargetNode.cpp:325
#28 0x010eeda3 in WebCore::Document::implicitClose (this=0x25ad800) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1326
#29 0x01391275 in WebCore::FrameLoader::checkEmitLoadEvent (this=0x2043400) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1074
#30 0x01394bc5 in WebCore::FrameLoader::checkCompleted (this=0x2043400) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1042
#31 0x01394cc7 in WebCore::FrameLoader::loadDone (this=0x2043400) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1016
#32 0x011076ce in WebCore::DocLoader::setLoadInProgress (this=0x1bfff040, load=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/DocLoader.cpp:176
#33 0x01108f5d in WebCore::Loader::receivedAllData (this=0x1640b78, loader=Internal: static symbol `WebCore::SubresourceLoader' found in /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/SubresourceLoaderMac.mm psymtab but not in symtab.
WebCore::SubresourceLoader may be an inlined function, or may be a template function
(if a template, try specifying an instantiation: WebCore::SubresourceLoader<type>).
) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/loader.cpp:110
#34 0x01379268 in WebCore::SubresourceLoader::didFinishLoading (this=0x1cb382d0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/SubresourceLoaderMac.mm:195
#35 0x013751a8 in WebCore::ResourceLoader::didFinishLoading (this=0x1cb382d0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/ResourceLoaderMac.mm:446
#36 0x013844ef in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x1bfafe50, _cmd=0x90a9d160, con=0x18c35a30) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceHandleMac.mm:295
#37 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] ()
#38 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()
#39 0x92659b41 in _sendCallbacks ()
#40 0x90829379 in CFRunLoopRunSpecific ()
#41 0x90828eb5 in CFRunLoopRunInMode ()
#42 0x92dcdb90 in RunCurrentEventLoopInMode ()
#43 0x92dcd297 in ReceiveNextEventCommon ()
#44 0x92dcd0ee in BlockUntilNextEventMatchingListInMode ()
#45 0x9326f465 in _DPSNextEvent ()
#46 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#47 0x00006f96 in ?? ()
#48 0x93268ddb in -[NSApplication run] ()
#49 0x9325cd2f in NSApplicationMain ()
#50 0x0005f7de in ?? ()
#51 0x0005f6f9 in ?? ()
(gdb)

Comment 1 Robert Blaut 2009-01-02 06:10:46 PST

Created attachment 26368 [details]
test case

Comment 2 Julien Chaffraix 2011-08-26 18:26:17 PDT

Created attachment 105430 [details]
Proposed "fix": land the test as the bug got solved.

Comment 3 WebKit Review Bot 2011-08-29 10:32:06 PDT

Comment on attachment 105430 [details]
Proposed "fix": land the test as the bug got solved.

Clearing flags on attachment: 105430

Committed r93984: <http://trac.webkit.org/changeset/93984>

Comment 4 WebKit Review Bot 2011-08-29 10:32:10 PDT

All reviewed patches have been landed.  Closing bug.