WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
125781
ASSERT_NOT_REACHED() is fired in WebCore::minimumValueForLength
https://bugs.webkit.org/show_bug.cgi?id=125781
Summary
ASSERT_NOT_REACHED() is fired in WebCore::minimumValueForLength
Renata Hodovan
Reported
2013-12-16 07:38:33 PST
Created
attachment 219318
[details]
Test case Minimalized test case: <table style="-webkit-writing-mode: vertical-rl;"> <tr style="width: -webkit-min-content;"></tr> </table> Backtrace: SHOULD NEVER BE REACHED /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/LengthFunctions.cpp(85) : WebCore::LayoutUnit WebCore::minimumValueForLength(const WebCore::Length&, WebCore::LayoutUnit, WebCore::RenderView*, bool) 1 0x7ffff5c61178 WTFCrash 2 0x7ffff0fe313f WebCore::minimumValueForLength(WebCore::Length const&, WebCore::LayoutUnit, WebCore::RenderView*, bool) 3 0x7ffff18b43dd WebCore::RenderElement::minimumValueForLength(WebCore::Length const&, WebCore::LayoutUnit, bool) const 4 0x7ffff1a3f3d8 WebCore::RenderTableSection::calcRowLogicalHeight() 5 0x7ffff1a2b862 WebCore::RenderTable::layout() 6 0x7ffff18ceba9 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 7 0x7ffff18ce6a0 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 8 0x7ffff18cdaf7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 9 0x7ffff189cb05 WebCore::RenderBlock::layout() 10 0x7ffff18ceba9 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 11 0x7ffff18ce6a0 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 12 0x7ffff18cdaf7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 13 0x7ffff189cb05 WebCore::RenderBlock::layout() 14 0x7ffff18ceba9 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 15 0x7ffff18ce6a0 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 16 0x7ffff18cdaf7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 17 0x7ffff189cb05 WebCore::RenderBlock::layout() 18 0x7ffff1a6ed75 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 19 0x7ffff1a6f9f1 WebCore::RenderView::layout() 20 0x7ffff1618686 WebCore::FrameView::layout(bool) 21 0x7ffff108ca23 WebCore::Document::implicitClose() 22 0x7ffff1502357 WebCore::FrameLoader::checkCallImplicitClose() 23 0x7ffff15020eb WebCore::FrameLoader::checkCompleted() 24 0x7ffff1501e46 WebCore::FrameLoader::finishedParsing() 25 0x7ffff109410d WebCore::Document::finishedParsing() 26 0x7ffff137ad91 WebCore::HTMLConstructionSite::finishedParsing() 27 0x7ffff13b365a WebCore::HTMLTreeBuilder::finished() 28 0x7ffff13820a6 WebCore::HTMLDocumentParser::end() 29 0x7ffff1382191 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 30 0x7ffff1380dd9 WebCore::HTMLDocumentParser::prepareToStopParsing() 31 0x7ffff13821d6 WebCore::HTMLDocumentParser::attemptToEnd() Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c6117d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:341 341 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5c6117d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:341 #1 0x00007ffff0fe313f in WebCore::minimumValueForLength (length=..., maximumValue=..., renderView=0x959fc0, roundPercentages=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/LengthFunctions.cpp:85 #2 0x00007ffff18b43dd in WebCore::RenderElement::minimumValueForLength (this=0x1244250, length=..., maximumValue=..., roundPercentages=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderElement.h:246 #3 0x00007ffff1a3f3d8 in WebCore::RenderTableSection::calcRowLogicalHeight (this=0x1244250) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTableSection.cpp:296 #4 0x00007ffff1a2b862 in WebCore::RenderTable::layout (this=0x11f57f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:457 #5 0x00007ffff18ceba9 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11eeab0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:597 #6 0x00007ffff18ce6a0 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11eeab0, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:516 #7 0x00007ffff18cdaf7 in WebCore::RenderBlockFlow::layoutBlock (this=0x11eeab0, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:363 #8 0x00007ffff189cb05 in WebCore::RenderBlock::layout (this=0x11eeab0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1323 #9 0x00007ffff18ceba9 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11ecdf0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:597 #10 0x00007ffff18ce6a0 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11ecdf0, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:516 #11 0x00007ffff18cdaf7 in WebCore::RenderBlockFlow::layoutBlock (this=0x11ecdf0, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:363 #12 0x00007ffff189cb05 in WebCore::RenderBlock::layout (this=0x11ecdf0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1323 #13 0x00007ffff18ceba9 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x959fc0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:597 #14 0x00007ffff18ce6a0 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x959fc0, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:516 #15 0x00007ffff18cdaf7 in WebCore::RenderBlockFlow::layoutBlock (this=0x959fc0, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:363 #16 0x00007ffff189cb05 in WebCore::RenderBlock::layout (this=0x959fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1323 #17 0x00007ffff1a6ed75 in WebCore::RenderView::layoutContent (this=0x959fc0, state=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:158 #18 0x00007ffff1a6f9f1 in WebCore::RenderView::layout (this=0x959fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:342 #19 0x00007ffff1618686 in WebCore::FrameView::layout (this=0x90fbb0, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1261 #20 0x00007ffff108ca23 in WebCore::Document::implicitClose (this=0x12088b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2389 #21 0x00007ffff1502357 in WebCore::FrameLoader::checkCallImplicitClose (this=0x9538b8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:849 #22 0x00007ffff15020eb in WebCore::FrameLoader::checkCompleted (this=0x9538b8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:792 #23 0x00007ffff1501e46 in WebCore::FrameLoader::finishedParsing (this=0x9538b8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:725 #24 0x00007ffff109410d in WebCore::Document::finishedParsing (this=0x12088b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4375 #25 0x00007ffff137ad91 in WebCore::HTMLConstructionSite::finishedParsing (this=0x953278) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:347 #26 0x00007ffff13b365a in WebCore::HTMLTreeBuilder::finished (this=0x953260) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2933 #27 0x00007ffff13820a6 in WebCore::HTMLDocumentParser::end (this=0x10db0c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:749 #28 0x00007ffff1382191 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x10db0c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:760 #29 0x00007ffff1380dd9 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x10db0c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:203 #30 0x00007ffff13821d6 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x10db0c0) ---Type <return> to continue, or q <return> to quit--- at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:772 #31 0x00007ffff138228f in WebCore::HTMLDocumentParser::finish (this=0x10db0c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:821 #32 0x00007ffff14f4c74 in WebCore::DocumentWriter::end (this=0x117b6d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245 #33 0x00007ffff14e1d42 in WebCore::DocumentLoader::finishedLoading (this=0x117b630, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:408 #34 0x00007ffff14e1ab0 in WebCore::DocumentLoader::notifyFinished (this=0x117b630, resource=0x11918c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:345 #35 0x00007ffff157b92a in WebCore::CachedResource::checkNotify (this=0x11918c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #36 0x00007ffff157ba04 in WebCore::CachedResource::finishLoading (this=0x11918c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #37 0x00007ffff1578506 in WebCore::CachedRawResource::finishLoading (this=0x11918c0, data=0x924690) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #38 0x00007ffff1535cb5 in WebCore::SubresourceLoader::didFinishLoading (this=0x1191e30, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:279 #39 0x00007ffff1531f89 in WebCore::ResourceLoader::didFinishLoading (this=0x1191e30, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:487 #40 0x00007ffff226a582 in WebCore::readCallback (asyncResult=0x11971b0, data=0x118a200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1345 #41 0x00007fffe846bbc9 in async_ready_callback_wrapper (source_object=0x69f180, res=0x11971b0, user_data=0x118a200) at ginputstream.c:530 #42 0x00007fffe848dccb in g_task_return_now (task=0x11971b0) at gtask.c:1105 #43 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114 #44 0x00007fffedb7b473 in g_main_dispatch (context=0x1196980) at gmain.c:3054 #45 g_main_context_dispatch (context=0x1196980) at gmain.c:3630 #46 0x00007ffff7575aee in _ecore_glib_select__locked (ecore_timeout=0x7fffffffcc30, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=11, ctx=<optimized out>) at ecore_glib.c:171 #47 _ecore_glib_select (ecore_fds=11, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x7fffffffcc30) at ecore_glib.c:205 #48 0x00007ffff756fcb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466 #49 0x00007ffff7570789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860 #50 0x00007ffff7570b47 in ecore_main_loop_begin () at ecore_main.c:956 #51 0x0000000000406dfa in main (argc=2, argv=0x7fffffffde48) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1044
Attachments
Test case
(108 bytes, text/html)
2013-12-16 07:38 PST
,
Renata Hodovan
no flags
Details
Patch
(3.70 KB, patch)
2016-08-26 14:41 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Patch
(4.30 KB, patch)
2016-08-26 15:48 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Brent Fulgham
Comment 1
2016-08-03 13:24:41 PDT
This still occurs in
r204037
.
Radar WebKit Bug Importer
Comment 2
2016-08-03 13:25:34 PDT
<
rdar://problem/27684457
>
zalan
Comment 3
2016-08-26 14:41:14 PDT
Created
attachment 287150
[details]
Patch
Simon Fraser (smfr)
Comment 4
2016-08-26 14:46:17 PDT
Comment on
attachment 287150
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=287150&action=review
> Source/WebCore/rendering/RenderTableSection.cpp:282 > + LayoutUnit rowLogicalHeight = m_grid[r].logicalHeight.isFixed() ? m_grid[r].logicalHeight.value() : 0;
I think this breaks calc(). Please test and add a testcase if so.
zalan
Comment 5
2016-08-26 15:48:08 PDT
Created
attachment 287163
[details]
Patch
WebKit Commit Bot
Comment 6
2016-08-26 16:27:29 PDT
Comment on
attachment 287163
[details]
Patch Clearing flags on attachment: 287163 Committed
r205056
: <
http://trac.webkit.org/changeset/205056
>
WebKit Commit Bot
Comment 7
2016-08-26 16:27:34 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug