127775 – ASSERTION FAILED: from.y() <= to.y() in WebCore::RenderMathMLOperator::fillWithExtensionGlyph

Bug 127775 - ASSERTION FAILED: from.y() <= to.y() in WebCore::RenderMathMLOperator::fillWithExtensionGlyph

Summary: ASSERTION FAILED: from.y() <= to.y() in WebCore::RenderMathMLOperator::fillWi...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	MathML (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:	153991
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-01-28 06:45 PST by Martin Hodovan
Modified:	2016-08-03 14:03 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Test case (164 bytes, application/xhtml+xml) 2014-01-28 06:48 PST, Martin Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Hodovan 2014-01-28 06:45:18 PST

The failing test case:

<math xmlns="http://www.w3.org/1998/Math/MathML">                                                  
	<mn style="font-size: 45px">1</mn>
	<msup>
	<mo>)</mo> 
</math>

Note: the assert fails only in case of 45px or larger font-size.



The error message:

ASSERTION FAILED: from.y() <= to.y()
/home/martin/Data/WebKit/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp(320) : void WebCore::RenderMathMLOperator::fillWithExtensionGlyph(WebCore::PaintInfo&, const WebCore::LayoutPoint&, const WebCore::LayoutPoint&)

Program received signal SIGSEGV, Segmentation fault.



The backtrace:

#1  0x00007ffff1381cfe in WebCore::RenderMathMLOperator::fillWithExtensionGlyph (this=0x6b7540, info=..., from=..., to=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp:320
#2  0x00007ffff138296a in WebCore::RenderMathMLOperator::paint (this=0x6b7540, info=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp:392
#3  0x00007ffff1185cc9 in WebCore::RenderBlock::paintChild (this=0x968c60, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2424
#4  0x00007ffff12356cd in WebCore::RenderFlexibleBox::paintChildren (this=0x968c60, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderFlexibleBox.cpp:343
#5  0x00007ffff118586c in WebCore::RenderBlock::paintContents (this=0x968c60, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2387
#6  0x00007ffff118649f in WebCore::RenderBlock::paintObject (this=0x968c60, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2510
#7  0x00007ffff1183f21 in WebCore::RenderBlock::paint (this=0x968c60, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2187
#8  0x00007ffff1185cc9 in WebCore::RenderBlock::paintChild (this=0xa548a0, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2424
#9  0x00007ffff12356cd in WebCore::RenderFlexibleBox::paintChildren (this=0xa548a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderFlexibleBox.cpp:343
#10 0x00007ffff118586c in WebCore::RenderBlock::paintContents (this=0xa548a0, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2387
#11 0x00007ffff118649f in WebCore::RenderBlock::paintObject (this=0xa548a0, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2510
#12 0x00007ffff1183f21 in WebCore::RenderBlock::paint (this=0xa548a0, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2187
#13 0x00007ffff1185cc9 in WebCore::RenderBlock::paintChild (this=0xa54600, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2424
#14 0x00007ffff12356cd in WebCore::RenderFlexibleBox::paintChildren (this=0xa54600, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderFlexibleBox.cpp:343
#15 0x00007ffff118586c in WebCore::RenderBlock::paintContents (this=0xa54600, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2387
#16 0x00007ffff118649f in WebCore::RenderBlock::paintObject (this=0xa54600, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2510
#17 0x00007ffff1183f21 in WebCore::RenderBlock::paint (this=0xa54600, paintInfo=..., paintOffset=...)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderBlock.cpp:2187
#18 0x00007ffff128a625 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=0xa524a0, phase=WebCore::PaintPhaseForeground, layerFragments=..., 
    context=0x715370, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4477
#19 0x00007ffff128a236 in WebCore::RenderLayer::paintForegroundForFragments (this=0xa524a0, layerFragments=..., context=0x715370, transparencyLayerContext=0x715370, 
    transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0, selectionOnly=false, 
    forceBlackText=false) at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4441
#20 0x00007ffff1288b32 in WebCore::RenderLayer::paintLayerContents (this=0xa524a0, context=0x715370, paintingInfo=..., paintFlags=224)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4162
#21 0x00007ffff1287bca in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0xa524a0, context=0x715370, paintingInfo=..., paintFlags=224)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3858
#22 0x00007ffff1287a92 in WebCore::RenderLayer::paintLayer (this=0xa524a0, context=0x715370, paintingInfo=..., paintFlags=224)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3839
#23 0x00007ffff12891bb in WebCore::RenderLayer::paintList (this=0x92b4c0, list=0x7452a0, context=0x715370, paintingInfo=..., paintFlags=224)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4255
#24 0x00007ffff1288bf5 in WebCore::RenderLayer::paintLayerContents (this=0x92b4c0, context=0x715370, paintingInfo=..., paintFlags=224)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:4173
#25 0x00007ffff1287bca in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x92b4c0, context=0x715370, paintingInfo=..., paintFlags=0)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3858
#26 0x00007ffff1287a92 in WebCore::RenderLayer::paintLayer (this=0x92b4c0, context=0x715370, paintingInfo=..., paintFlags=0)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3839
#27 0x00007ffff1286c4c in WebCore::RenderLayer::paint (this=0x92b4c0, context=0x715370, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0)
    at /home/martin/Data/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3623
#28 0x00007ffff0ee30e4 in WebCore::FrameView::paintContents (this=0x8b67e0, p=0x715370, rect=...) at /home/martin/Data/WebKit/Source/WebCore/page/FrameView.cpp:3497
#29 0x00007ffff0f8b403 in WebCore::ScrollView::paint (this=0x8b67e0, context=0x715370, rect=...) at /home/martin/Data/WebKit/Source/WebCore/platform/ScrollView.cpp:1162
#30 0x00007ffff7b4ca05 in ewk_paint_context_paint (context=0x87f530, view=0x8b67e0, area=0x6b8748)
    at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_paint_context.cpp:179
#31 0x00007ffff7b6e0a5 in ewk_view_paint (priv=0x886c90, context=0x87f530, area=0x6b8748) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:3019
#32 0x00007ffff7b5629f in _ewk_view_smart_repaints_process (smartData=0x8868a0) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:1210
#33 0x00007ffff7b56643 in _ewk_view_smart_calculate (ewkView=0x772710) at /home/martin/Data/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:1281
#34 0x00007ffff6969124 in evas_call_smarts_calculate (e=0x914e00) at evas_object_smart.c:838
#35 0x00007ffff69926a7 in evas_render_updates_internal (e=0x914e00, make_updates=make_updates@entry=1 '\001', do_draw=do_draw@entry=1 '\001') at evas_render.c:1255
#36 0x00007ffff6994fd9 in evas_render_updates (e=<optimized out>) at evas_render.c:1708
#37 0x00007ffff734adb4 in _ecore_evas_x_render (ee=0x8844c0) at ecore_evas_x.c:288
#38 0x00007ffff7347c31 in _ecore_evas_idle_enter (data=<optimized out>) at ecore_evas.c:59
#39 0x00007ffff756fef9 in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at ecore_private.h:267
#40 _ecore_idle_enterer_call () at ecore_idle_enterer.c:168
#41 0x00007ffff75716ab in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1848
#42 0x00007ffff7571d57 in ecore_main_loop_begin () at ecore_main.c:956
#43 0x00000000004068e7 in main (argc=2, argv=0x7fffffffde48) at /home/martin/Data/WebKit/Tools/EWebLauncher/main.c:1008

Comment 1 Martin Hodovan 2014-01-28 06:48:11 PST

Created attachment 222440 [details]
Test case

Comment 2 Frédéric Wang (:fredw) 2016-06-28 00:24:27 PDT

@Martin: This code has changed a lot recently. Do you still see this ASSERTION?

Comment 3 Brent Fulgham 2016-08-03 14:03:26 PDT

This issue no longer occurs under GuardMalloc or ASAN as of r204037. If you believe there is still a bug, please reopen this issue with a revised test case.