WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED CONFIGURATION CHANGED
127345
ASSERTION FAILED: textRenderer->parent() in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline
https://bugs.webkit.org/show_bug.cgi?id=127345
Summary
ASSERTION FAILED: textRenderer->parent() in WebCore::SVGTextLayoutEngineBasel...
Renata Hodovan
Reported
2014-01-21 06:52:36 PST
Created
attachment 221740
[details]
Test case The failing test: <html> <style> *{ dominant-baseline:reset-size; } </style> <svg> <text>foo</text> </svg> </html> The backtrace: ASSERTION FAILED: textRenderer->parent() /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp(66) : WebCore::EAlignmentBaseline WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, const WebCore::RenderObject*) const 1 0x7ffff5c172a1 WTFCrash 2 0x7ffff1457b1f WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const 3 0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const 4 0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const 5 0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const 6 0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const 7 0x7ffff1457d31 WebCore::SVGTextLayoutEngineBaseline::calculateAlignmentBaselineShift(bool, WebCore::RenderObject const*) const 8 0x7ffff1455e41 WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath(WebCore::SVGInlineTextBox*, WebCore::RenderSVGInlineText*, WebCore::RenderStyle const*) 9 0x7ffff14554f8 WebCore::SVGTextLayoutEngine::layoutInlineTextBox(WebCore::SVGInlineTextBox*) 10 0x7ffff144bd4f WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes(WebCore::InlineFlowBox*, WebCore::SVGTextLayoutEngine&) 11 0x7ffff144bc0c WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation() 12 0x7ffff120be95 WebCore::RenderBlockFlow::createLineBoxesFromBidiRuns(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::LineInfo&, WebCore::VerticalPositionCache&, WebCore::BidiRun*, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) 13 0x7ffff120df27 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) 14 0x7ffff120c435 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) 15 0x7ffff120fc8c WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 16 0x7ffff11f3162 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x7ffff143002b WebCore::RenderSVGText::layout() 18 0x7ffff143c4ac WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement&, bool) 19 0x7ffff1428187 WebCore::RenderSVGRoot::layout() 20 0x7ffff118d863 WebCore::RenderElement::layoutIfNeeded() 21 0x7ffff120fc4a WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 22 0x7ffff11f3162 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 23 0x7ffff11f2461 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 24 0x7ffff11c15fb WebCore::RenderBlock::layout() 25 0x7ffff11f354e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 26 0x7ffff11f3067 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 27 0x7ffff11f2485 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 28 0x7ffff11c15fb WebCore::RenderBlock::layout() 29 0x7ffff11f354e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 30 0x7ffff11f3067 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 31 0x7ffff11f2485 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff1457b1f in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, textRenderer= 0x6f2900) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:66 #2 0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, textRenderer=0x11b6ef0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85 #3 0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, textRenderer=0x11ad350) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85 #4 0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, textRenderer=0x12025f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85 #5 0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, textRenderer=0x1210060) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85 #6 0x00007ffff1457d31 in WebCore::SVGTextLayoutEngineBaseline::calculateAlignmentBaselineShift (this=0x7fffffff94b0, isVerticalText=false, textRenderer=0x11f8f30) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:118 #7 0x00007ffff1455e41 in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath (this=0x7fffffff9820, textBox=0x11ecb00, text=0x11f8f30, style=0x11de440) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp:452 #8 0x00007ffff14554f8 in WebCore::SVGTextLayoutEngine::layoutInlineTextBox (this=0x7fffffff9820, textBox=0x11ecb00) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp:246 #9 0x00007ffff144bd4f in WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes (this=0x1206b60, start=0x1206b60, characterLayout=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:111 #10 0x00007ffff144bc0c in WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation (this=0x1206b60) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:92 #11 0x00007ffff120be95 in WebCore::RenderBlockFlow::createLineBoxesFromBidiRuns (this=0x1210060, bidiRuns=..., end=..., lineInfo=..., verticalPositionCache=..., trailingSpaceRun=0x0, wordMeasurements=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1015 #12 0x00007ffff120df27 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x1210060, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1392 #13 0x00007ffff120c435 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x1210060, layoutState=..., hasInlineChild=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1101 #14 0x00007ffff120fc8c in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x1210060, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1697 #15 0x00007ffff11f3162 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x1210060, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:547 #16 0x00007ffff143002b in WebCore::RenderSVGText::layout (this=0x1210060) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGText.cpp:426 #17 0x00007ffff143c4ac in WebCore::SVGRenderSupport::layoutChildren (start=..., selfNeedsLayout=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:272 #18 0x00007ffff1428187 in WebCore::RenderSVGRoot::layout (this=0x12025f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGRoot.cpp:211 #19 0x00007ffff118d863 in WebCore::RenderElement::layoutIfNeeded (this=0x12025f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderElement.h:99 #20 0x00007ffff120fc4a in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x11ad350, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1695 #21 0x00007ffff11f3162 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x11ad350, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:547 #22 0x00007ffff11f2461 in WebCore::RenderBlockFlow::layoutBlock (this=0x11ad350, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:373 #23 0x00007ffff11c15fb in WebCore::RenderBlock::layout (this=0x11ad350) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314 #24 0x00007ffff11f354e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11b6ef0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608 #25 0x00007ffff11f3067 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11b6ef0, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527 #26 0x00007ffff11f2485 in WebCore::RenderBlockFlow::layoutBlock (this=0x11b6ef0, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375 #27 0x00007ffff11c15fb in WebCore::RenderBlock::layout (this=0x11b6ef0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314 ---Type <return> to continue, or q <return> to quit--- #28 0x00007ffff11f354e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x6f2900, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608 #29 0x00007ffff11f3067 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x6f2900, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527 #30 0x00007ffff11f2485 in WebCore::RenderBlockFlow::layoutBlock (this=0x6f2900, relayoutChildren=true, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375 #31 0x00007ffff11c15fb in WebCore::RenderBlock::layout (this=0x6f2900) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314 #32 0x00007ffff138e927 in WebCore::RenderView::layoutContent (this=0x6f2900, state=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:158 #33 0x00007ffff138f5df in WebCore::RenderView::layout (this=0x6f2900) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:342 #34 0x00007ffff0f1db9b in WebCore::FrameView::layout (this=0x6f8450, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1322 #35 0x00007ffff097042a in WebCore::Document::implicitClose (this=0x11c8210) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2462 #36 0x00007ffff0df788d in WebCore::FrameLoader::checkCallImplicitClose (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:898 #37 0x00007ffff0df75fe in WebCore::FrameLoader::checkCompleted (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:841 #38 0x00007ffff0df7333 in WebCore::FrameLoader::finishedParsing (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:762 #39 0x00007ffff0977865 in WebCore::Document::finishedParsing (this=0x11c8210) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4454 #40 0x00007ffff0c6c485 in WebCore::HTMLConstructionSite::finishedParsing (this=0x725208) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:337 #41 0x00007ffff0ca5952 in WebCore::HTMLTreeBuilder::finished (this=0x7251f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3046 #42 0x00007ffff0c73750 in WebCore::HTMLDocumentParser::end (this=0x6f2200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #43 0x00007ffff0c73839 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x6f2200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #44 0x00007ffff0c72481 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x6f2200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #45 0x00007ffff0c7387e in WebCore::HTMLDocumentParser::attemptToEnd (this=0x6f2200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #46 0x00007ffff0c73937 in WebCore::HTMLDocumentParser::finish (this=0x6f2200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #47 0x00007ffff0de942d in WebCore::DocumentWriter::end (this=0x11363d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #48 0x00007ffff0dd4a7f in WebCore::DocumentLoader::finishedLoading (this=0x1136330, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440 #49 0x00007ffff0dd47e8 in WebCore::DocumentLoader::notifyFinished (this=0x1136330, resource=0x114d290) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374 #50 0x00007ffff0e79d94 in WebCore::CachedResource::checkNotify (this=0x114d290) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336 #51 0x00007ffff0e79e72 in WebCore::CachedResource::finishLoading (this=0x114d290) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:352 #52 0x00007ffff0e768fe in WebCore::CachedRawResource::finishLoading (this=0x114d290, data=0x10ba1c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #53 0x00007ffff0e33049 in WebCore::SubresourceLoader::didFinishLoading (this=0x114d7c0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:309 #54 0x00007ffff0e2f375 in WebCore::ResourceLoader::didFinishLoading (this=0x114d7c0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:517 #55 0x00007ffff1ba90fd in WebCore::readCallback (asyncResult=0x11511c0, data=0x10ad9c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1336 #56 0x00007fffe79f0bc9 in async_ready_callback_wrapper (source_object=0x877c00, res=0x11511c0, user_data=0x10ad9c0) at ginputstream.c:530 #57 0x00007fffe7a12ccb in g_task_return_now (task=0x11511c0) at gtask.c:1105 #58 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114 #59 0x00007fffed10d473 in g_main_dispatch (context=0x1150cb0) at gmain.c:3054 #60 g_main_context_dispatch (context=0x1150cb0) at gmain.c:3630 ---Type <return> to continue, or q <return> to quit--- #61 0x00007ffff7581aee in _ecore_glib_select__locked (ecore_timeout=0x1150cb0, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1, ctx=<optimized out>) at ecore_glib.c:171 #62 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x1150cb0) at ecore_glib.c:205 #63 0x00007ffff757bcb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466 #64 0x00007ffff757c789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860 #65 0x00007ffff757cb47 in ecore_main_loop_begin () at ecore_main.c:956 #66 0x0000000000406c88 in main (argc=2, argv=0x7fffffffde08) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1026
Attachments
Test case
(112 bytes, text/html)
2014-01-21 06:52 PST
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2015-11-10 06:20:10 PST
***
Bug 149458
has been marked as a duplicate of this bug. ***
Brent Fulgham
Comment 2
2016-08-03 13:56:59 PDT
This still reproduces under
r204037
.
Radar WebKit Bug Importer
Comment 3
2016-08-03 13:57:23 PDT
<
rdar://problem/27685169
>
Brent Fulgham
Comment 4
2022-02-12 18:56:26 PST
This no longer happens after
r239090
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug