WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
126987
ASSERTION FAILED: v.isFixed() in WebCore::RenderStyle::setWordSpacing
https://bugs.webkit.org/show_bug.cgi?id=126987
Summary
ASSERTION FAILED: v.isFixed() in WebCore::RenderStyle::setWordSpacing
Renata Hodovan
Reported
2014-01-14 09:49:13 PST
Created
attachment 221173
[details]
Test case Setting the word-spacing attribute to "inherit" of the root <svg> causes the assertion: <svg xmlns="
http://www.w3.org/2000/svg
" word-spacing="inherit"></svg> Backtrace: ASSERTION FAILED: v.isFixed() /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/style/RenderStyle.cpp(1460) : void WebCore::RenderStyle::setWordSpacing(WebCore::Length) 1 0x7ffff5c35e44 WTFCrash 2 0x7ffff1994673 WebCore::RenderStyle::setWordSpacing(WebCore::Length) 3 0x7ffff0e5361e WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::setValue(WebCore::RenderStyle*, WebCore::Length) 4 0x7ffff0e38b1c WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::applyInheritValue(WebCore::CSSPropertyID, WebCore::StyleResolver*) 5 0x7ffff0e1ee36 WebCore::PropertyHandler::applyInheritValue(WebCore::CSSPropertyID, WebCore::StyleResolver*) const 6 0x7ffff0eaa8ea WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*) 7 0x7ffff0eb08a7 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&) 8 0x7ffff0eb0a1e WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int) 9 0x7ffff0ea9a19 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) 10 0x7ffff0ea560b WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) 11 0x7ffff1a76144 WebCore::SVGElement::customStyleForRenderer() 12 0x7ffff0f69f67 WebCore::Element::styleForRenderer() 13 0x7ffff1a1c1ea 14 0x7ffff1a1d48b 15 0x7ffff1a1dc7d 16 0x7ffff1a1e241 17 0x7ffff1a1e6c9 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) 18 0x7ffff0f12551 WebCore::Document::recalcStyle(WebCore::Style::Change) 19 0x7ffff0f12814 WebCore::Document::updateStyleIfNeeded() 20 0x7ffff0f1239c WebCore::Document::styleRecalcTimerFired(WebCore::Timer<WebCore::Document>&) 21 0x7ffff0f44f24 std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)>::operator()(WebCore::Document*, WebCore::Timer<WebCore::Document>&) const 22 0x7ffff0f426a9 void std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::__call<void, , 0, 1>(std::tuple<>&&, std::_Index_tuple<0, 1>) 23 0x7ffff0f3e244 void std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::operator()<, void>() 24 0x7ffff0f38252 std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)> >::_M_invoke(std::_Any_data const&) 25 0x7ffff5c3c66a std::function<void ()>::operator()() const 26 0x7ffff0f49666 WebCore::Timer<WebCore::Document>::fired() 27 0x7ffff158c277 WebCore::ThreadTimers::sharedTimerFiredInternal() 28 0x7ffff158c149 WebCore::ThreadTimers::sharedTimerFired() 29 0x7ffff21154a1 30 0x7ffff75883de _ecore_timer_expired_call 31 0x7ffff75885ab _ecore_timer_expired_timers_call Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff1994673 in WebCore::RenderStyle::setWordSpacing (this=0x1353110, v=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/style/RenderStyle.cpp:1460 #2 0x00007ffff0e5361e in WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::setValue (style=0x1353110, value=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:135 #3 0x00007ffff0e38b1c in WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::applyInheritValue (styleResolver=0x10beae0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:138 #4 0x00007ffff0e1ee36 in WebCore::PropertyHandler::applyInheritValue (this=0x6f41a8, propertyID=WebCore::CSSPropertyWordSpacing, styleResolver=0x10beae0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:46 #5 0x00007ffff0eaa8ea in WebCore::StyleResolver::applyProperty (this=0x10beae0, id=WebCore::CSSPropertyWordSpacing, value=0x6b22d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2127 #6 0x00007ffff0eb08a7 in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffff9dc0, resolver=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:4263 #7 0x00007ffff0eb0a1e in WebCore::StyleResolver::applyCascadedProperties (this=0x10beae0, cascade=..., firstProperty=20, lastProperty=409) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:4293 #8 0x00007ffff0ea9a19 in WebCore::StyleResolver::applyMatchedProperties (this=0x10beae0, matchResult=..., element=0x1327050, shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1821 #9 0x00007ffff0ea560b in WebCore::StyleResolver::styleForElement (this=0x10beae0, element=0x1327050, defaultParent=0x0, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:880 #10 0x00007ffff1a76144 in WebCore::SVGElement::customStyleForRenderer (this=0x1327050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGElement.cpp:768 #11 0x00007ffff0f69f67 in WebCore::Element::styleForRenderer (this=0x1327050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1453 #12 0x00007ffff1a1c1ea in WebCore::Style::createRendererIfNeeded (element=..., resolvedStyle=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:221 #13 0x00007ffff1a1d48b in WebCore::Style::attachRenderTree (current=..., resolvedStyle=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:544 #14 0x00007ffff1a1dc7d in WebCore::Style::resolveLocal (current=..., inheritedChange=WebCore::Style::NoChange) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:684 #15 0x00007ffff1a1e241 in WebCore::Style::resolveTree (current=..., change=WebCore::Style::NoChange) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:838 #16 0x00007ffff1a1e6c9 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:912 #17 0x00007ffff0f12551 in WebCore::Document::recalcStyle (this=0x1314800, change=WebCore::Style::NoChange) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1750 #18 0x00007ffff0f12814 in WebCore::Document::updateStyleIfNeeded (this=0x1314800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1802 #19 0x00007ffff0f1239c in WebCore::Document::styleRecalcTimerFired (this=0x1314800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1703 #20 0x00007ffff0f44f24 in std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)>::operator() (this=0x1315d90, __object=0x1314800, __args#0=...) at /usr/include/c++/4.6/functional:551 #21 0x00007ffff0f426a9 in std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::__call<void, , 0, 1>(std::tuple<>&&, std::_Index_tuple<0, 1>) (this=0x1315d90, __args=...) at /usr/include/c++/4.6/functional:1146 #22 0x00007ffff0f3e244 in std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::operator()<, void>() (this=0x1315d90) at /usr/include/c++/4.6/functional:1205 #23 0x00007ffff0f38252 in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.6/functional:1778 #24 0x00007ffff5c3c66a in std::function<void ()>::operator()() const (this=0x1314e68) at /usr/include/c++/4.6/functional:2161 #25 0x00007ffff0f49666 in WebCore::Timer<WebCore::Document>::fired (this=0x1314e30) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/Timer.h:130 #26 0x00007ffff158c277 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x8a2d90) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:132 ---Type <return> to continue, or q <return> to quit--- #27 0x00007ffff158c149 in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:107 #28 0x00007ffff21154a1 in WebCore::timerEvent () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/efl/SharedTimerEfl.cpp:52 #29 0x00007ffff75883de in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at ecore_private.h:267 #30 _ecore_timer_expired_call (when=<optimized out>) at ecore_timer.c:792 #31 0x00007ffff75885ab in _ecore_timer_expired_timers_call (when=2140.3151054479999) at ecore_timer.c:746 #32 0x00007ffff75854b1 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1813 #33 0x00007ffff7585b47 in ecore_main_loop_begin () at ecore_main.c:956 #34 0x0000000000406d21 in main (argc=2, argv=0x7fffffffdd58) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1032
Attachments
Test case
(69 bytes, image/svg+xml)
2014-01-14 09:49 PST
,
Renata Hodovan
no flags
Details
Patch
(3.91 KB, patch)
2014-01-22 19:28 PST
,
Myles C. Maxfield
simon.fraser
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Myles C. Maxfield
Comment 1
2014-01-22 19:28:23 PST
Created
attachment 221937
[details]
Patch
Myles C. Maxfield
Comment 2
2014-01-22 20:21:10 PST
http://trac.webkit.org/changeset/162588
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug