Bug 126987 - ASSERTION FAILED: v.isFixed() in WebCore::RenderStyle::setWordSpacing
Summary: ASSERTION FAILED: v.isFixed() in WebCore::RenderStyle::setWordSpacing
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Myles C. Maxfield
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2014-01-14 09:49 PST by Renata Hodovan
Modified: 2014-01-22 20:21 PST (History)
6 users (show)

See Also:


Attachments
Test case (69 bytes, image/svg+xml)
2014-01-14 09:49 PST, Renata Hodovan
no flags Details
Patch (3.91 KB, patch)
2014-01-22 19:28 PST, Myles C. Maxfield
simon.fraser: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2014-01-14 09:49:13 PST
Created attachment 221173 [details]
Test case

Setting the word-spacing attribute to "inherit" of the root <svg> causes the assertion:

<svg xmlns="http://www.w3.org/2000/svg" word-spacing="inherit"></svg>


Backtrace:

ASSERTION FAILED: v.isFixed()
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/style/RenderStyle.cpp(1460) : void WebCore::RenderStyle::setWordSpacing(WebCore::Length)
1   0x7ffff5c35e44 WTFCrash
2   0x7ffff1994673 WebCore::RenderStyle::setWordSpacing(WebCore::Length)
3   0x7ffff0e5361e WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::setValue(WebCore::RenderStyle*, WebCore::Length)
4   0x7ffff0e38b1c WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::applyInheritValue(WebCore::CSSPropertyID, WebCore::StyleResolver*)
5   0x7ffff0e1ee36 WebCore::PropertyHandler::applyInheritValue(WebCore::CSSPropertyID, WebCore::StyleResolver*) const
6   0x7ffff0eaa8ea WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*)
7   0x7ffff0eb08a7 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&)
8   0x7ffff0eb0a1e WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int)
9   0x7ffff0ea9a19 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache)
10  0x7ffff0ea560b WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*)
11  0x7ffff1a76144 WebCore::SVGElement::customStyleForRenderer()
12  0x7ffff0f69f67 WebCore::Element::styleForRenderer()
13  0x7ffff1a1c1ea
14  0x7ffff1a1d48b
15  0x7ffff1a1dc7d
16  0x7ffff1a1e241
17  0x7ffff1a1e6c9 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change)
18  0x7ffff0f12551 WebCore::Document::recalcStyle(WebCore::Style::Change)
19  0x7ffff0f12814 WebCore::Document::updateStyleIfNeeded()
20  0x7ffff0f1239c WebCore::Document::styleRecalcTimerFired(WebCore::Timer<WebCore::Document>&)
21  0x7ffff0f44f24 std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)>::operator()(WebCore::Document*, WebCore::Timer<WebCore::Document>&) const
22  0x7ffff0f426a9 void std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::__call<void, , 0, 1>(std::tuple<>&&, std::_Index_tuple<0, 1>)
23  0x7ffff0f3e244 void std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::operator()<, void>()
24  0x7ffff0f38252 std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)> >::_M_invoke(std::_Any_data const&)
25  0x7ffff5c3c66a std::function<void ()>::operator()() const
26  0x7ffff0f49666 WebCore::Timer<WebCore::Document>::fired()
27  0x7ffff158c277 WebCore::ThreadTimers::sharedTimerFiredInternal()
28  0x7ffff158c149 WebCore::ThreadTimers::sharedTimerFired()
29  0x7ffff21154a1
30  0x7ffff75883de _ecore_timer_expired_call
31  0x7ffff75885ab _ecore_timer_expired_timers_call

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff1994673 in WebCore::RenderStyle::setWordSpacing (this=0x1353110, v=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/style/RenderStyle.cpp:1460
#2  0x00007ffff0e5361e in WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::setValue (style=0x1353110, value=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:135
#3  0x00007ffff0e38b1c in WebCore::ApplyPropertyDefaultBase<WebCore::Length const&, &(WebCore::RenderStyle::wordSpacing() const), WebCore::Length, &WebCore::RenderStyle::setWordSpacing, WebCore::Length, &WebCore::RenderStyle::initialWordSpacing>::applyInheritValue (styleResolver=0x10beae0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:138
#4  0x00007ffff0e1ee36 in WebCore::PropertyHandler::applyInheritValue (this=0x6f41a8, propertyID=WebCore::CSSPropertyWordSpacing, styleResolver=0x10beae0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:46
#5  0x00007ffff0eaa8ea in WebCore::StyleResolver::applyProperty (this=0x10beae0, id=WebCore::CSSPropertyWordSpacing, value=0x6b22d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2127
#6  0x00007ffff0eb08a7 in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffff9dc0, resolver=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:4263
#7  0x00007ffff0eb0a1e in WebCore::StyleResolver::applyCascadedProperties (this=0x10beae0, cascade=..., firstProperty=20, lastProperty=409)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:4293
#8  0x00007ffff0ea9a19 in WebCore::StyleResolver::applyMatchedProperties (this=0x10beae0, matchResult=..., element=0x1327050, 
    shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1821
#9  0x00007ffff0ea560b in WebCore::StyleResolver::styleForElement (this=0x10beae0, element=0x1327050, defaultParent=0x0, 
    sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:880
#10 0x00007ffff1a76144 in WebCore::SVGElement::customStyleForRenderer (this=0x1327050)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGElement.cpp:768
#11 0x00007ffff0f69f67 in WebCore::Element::styleForRenderer (this=0x1327050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1453
#12 0x00007ffff1a1c1ea in WebCore::Style::createRendererIfNeeded (element=..., resolvedStyle=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:221
#13 0x00007ffff1a1d48b in WebCore::Style::attachRenderTree (current=..., resolvedStyle=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:544
#14 0x00007ffff1a1dc7d in WebCore::Style::resolveLocal (current=..., inheritedChange=WebCore::Style::NoChange)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:684
#15 0x00007ffff1a1e241 in WebCore::Style::resolveTree (current=..., change=WebCore::Style::NoChange)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:838
#16 0x00007ffff1a1e6c9 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:912
#17 0x00007ffff0f12551 in WebCore::Document::recalcStyle (this=0x1314800, change=WebCore::Style::NoChange)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1750
#18 0x00007ffff0f12814 in WebCore::Document::updateStyleIfNeeded (this=0x1314800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1802
#19 0x00007ffff0f1239c in WebCore::Document::styleRecalcTimerFired (this=0x1314800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1703
#20 0x00007ffff0f44f24 in std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)>::operator() (this=0x1315d90, __object=0x1314800, 
    __args#0=...) at /usr/include/c++/4.6/functional:551
#21 0x00007ffff0f426a9 in std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::__call<void, , 0, 1>(std::tuple<>&&, std::_Index_tuple<0, 1>) (this=0x1315d90, __args=...)
    at /usr/include/c++/4.6/functional:1146
#22 0x00007ffff0f3e244 in std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)>::operator()<, void>() (this=0x1315d90) at /usr/include/c++/4.6/functional:1205
#23 0x00007ffff0f38252 in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::Document::*)(WebCore::Timer<WebCore::Document>&)> (WebCore::Document*, std::reference_wrapper<WebCore::Timer<WebCore::Document> >)> >::_M_invoke(std::_Any_data const&) (__functor=...)
    at /usr/include/c++/4.6/functional:1778
#24 0x00007ffff5c3c66a in std::function<void ()>::operator()() const (this=0x1314e68) at /usr/include/c++/4.6/functional:2161
#25 0x00007ffff0f49666 in WebCore::Timer<WebCore::Document>::fired (this=0x1314e30) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/Timer.h:130
#26 0x00007ffff158c277 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x8a2d90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:132
---Type <return> to continue, or q <return> to quit---
#27 0x00007ffff158c149 in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:107
#28 0x00007ffff21154a1 in WebCore::timerEvent () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/efl/SharedTimerEfl.cpp:52
#29 0x00007ffff75883de in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at ecore_private.h:267
#30 _ecore_timer_expired_call (when=<optimized out>) at ecore_timer.c:792
#31 0x00007ffff75885ab in _ecore_timer_expired_timers_call (when=2140.3151054479999) at ecore_timer.c:746
#32 0x00007ffff75854b1 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1813
#33 0x00007ffff7585b47 in ecore_main_loop_begin () at ecore_main.c:956
#34 0x0000000000406d21 in main (argc=2, argv=0x7fffffffdd58) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1032
Comment 1 Myles C. Maxfield 2014-01-22 19:28:23 PST
Created attachment 221937 [details]
Patch
Comment 2 Myles C. Maxfield 2014-01-22 20:21:10 PST
http://trac.webkit.org/changeset/162588