WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
130341
ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() in WebCore::ApplyPropertyTextIndent::applyValue
https://bugs.webkit.org/show_bug.cgi?id=130341
Summary
ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() in WebCore::ApplyPro...
Renata Hodovan
Reported
2014-03-17 09:01:36 PDT
Created
attachment 226923
[details]
Test case Test case to reproduce: <title style="text-indent:9.4EX">A</title> Backtrace: ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp(2326) : static void WebCore::ApplyPropertyTextIndent::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) 1 0x7ffff5ed5075 WTFCrash 2 0x7ffff0e930fc WebCore::ApplyPropertyTextIndent::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) 3 0x7ffff0f1a45b WebCore::PropertyHandler::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) const 4 0x7ffff0f1122a WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*) 5 0x7ffff0f17091 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&) 6 0x7ffff0f17206 WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int) 7 0x7ffff0f10307 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) 8 0x7ffff0f0b7d3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) 9 0x7ffff0f7c4d2 WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) 10 0x7ffff0fd92b2 WebCore::Element::computedStyle(WebCore::PseudoId) 11 0x7ffff1203a3a WebCore::HTMLTitleElement::textWithDirection() 12 0x7ffff1203945 WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) 13 0x7ffff0f5bde9 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) 14 0x7ffff0f5d6e1 WebCore::ContainerNode::parserAppendChild(WTF::PassRefPtr<WebCore::Node>) 15 0x7ffff1282882 16 0x7ffff12828db 17 0x7ffff1282ae1 18 0x7ffff12851a2 WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) 19 0x7ffff12ba981 WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) 20 0x7ffff12ba1ff WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken*) 21 0x7ffff12b01c3 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken*) 22 0x7ffff12affa0 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken*) 23 0x7ffff128b294 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&) 24 0x7ffff128af1b WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 25 0x7ffff128a721 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 26 0x7ffff128b7db WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>) 27 0x7ffff0f73815 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) 28 0x7ffff13ed465 WebCore::DocumentWriter::end() 29 0x7ffff13d7e41 WebCore::DocumentLoader::finishedLoading(double) 30 0x7ffff13d7baa WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) 31 0x7ffff14805a4 WebCore::CachedResource::checkNotify() Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5ed507a in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5ed507a in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff0e930fc in WebCore::ApplyPropertyTextIndent::applyValue (styleResolver=0x987e50, value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:2326 #2 0x00007ffff0f1a45b in WebCore::PropertyHandler::applyValue (this=0x9dce60, propertyID=WebCore::CSSPropertyTextIndent, styleResolver=0x987e50, value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:48 #3 0x00007ffff0f1122a in WebCore::StyleResolver::applyProperty (this=0x987e50, id=WebCore::CSSPropertyTextIndent, value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2150 #4 0x00007ffff0f17091 in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffff8d30, resolver=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3909 #5 0x00007ffff0f17206 in WebCore::StyleResolver::applyCascadedProperties (this=0x987e50, cascade=..., firstProperty=20, lastProperty=415) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3939 #6 0x00007ffff0f10307 in WebCore::StyleResolver::applyMatchedProperties (this=0x987e50, matchResult=..., element=0x858a60, shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1844 #7 0x00007ffff0f0b7d3 in WebCore::StyleResolver::styleForElement (this=0x987e50, element=0x858a60, defaultParent=0x988830, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:803 #8 0x00007ffff0f7c4d2 in WebCore::Document::styleForElementIgnoringPendingStylesheets (this=0x9897c0, element=0x858a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1891 #9 0x00007ffff0fd92b2 in WebCore::Element::computedStyle (this=0x858a60, pseudoElementSpecifier=WebCore::NOPSEUDO) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:2050 #10 0x00007ffff1203a3a in WebCore::HTMLTitleElement::textWithDirection (this=0x858a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/HTMLTitleElement.cpp:87 #11 0x00007ffff1203945 in WebCore::HTMLTitleElement::childrenChanged (this=0x858a60, change=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/HTMLTitleElement.cpp:70 #12 0x00007ffff0f5bde9 in WebCore::ContainerNode::notifyChildInserted (this=0x858a60, child=..., source=WebCore::ContainerNode::ChildChangeSourceParser) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:353 #13 0x00007ffff0f5d6e1 in WebCore::ContainerNode::parserAppendChild (this=0x858a60, newChild=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:754 #14 0x00007ffff1282882 in WebCore::insert (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:96 #15 0x00007ffff12828db in WebCore::executeInsertTask (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:103 #16 0x00007ffff1282ae1 in WebCore::executeTask (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:141 #17 0x00007ffff12851a2 in WebCore::HTMLConstructionSite::insertTextNode (this=0x9e29d8, characters=..., whitespaceMode=WebCore::WhitespaceUnknown) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:567 #18 0x00007ffff12ba981 in WebCore::HTMLTreeBuilder::processCharacterBuffer (this=0x9e29c0, buffer=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2523 #19 0x00007ffff12ba1ff in WebCore::HTMLTreeBuilder::processCharacter (this=0x9e29c0, token=0x7fffffffbd90) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2304 #20 0x00007ffff12b01c3 in WebCore::HTMLTreeBuilder::processToken (this=0x9e29c0, token=0x7fffffffbd90) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:393 #21 0x00007ffff12affa0 in WebCore::HTMLTreeBuilder::constructTree (this=0x9e29c0, token=0x7fffffffbd90) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:354 #22 0x00007ffff128b294 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x80a290, rawToken=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:352 #23 0x00007ffff128af1b in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x80a290, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:309 #24 0x00007ffff128a721 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x80a290, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189 #25 0x00007ffff128b7db in WebCore::HTMLDocumentParser::append (this=0x80a290, inputSource=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:428 #26 0x00007ffff0f73815 in WebCore::DecodedDataDocumentParser::flush (this=0x80a290, writer=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #27 0x00007ffff13ed465 in WebCore::DocumentWriter::end (this=0x8ce940) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245 ---Type <return> to continue, or q <return> to quit--- #28 0x00007ffff13d7e41 in WebCore::DocumentLoader::finishedLoading (this=0x8ce8a0, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440 #29 0x00007ffff13d7baa in WebCore::DocumentLoader::notifyFinished (this=0x8ce8a0, resource=0x757530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374 #30 0x00007ffff14805a4 in WebCore::CachedResource::checkNotify (this=0x757530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:332 #31 0x00007ffff1480682 in WebCore::CachedResource::finishLoading (this=0x757530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:348 #32 0x00007ffff147d056 in WebCore::CachedRawResource::finishLoading (this=0x757530, data=0x80a1f0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:96 #33 0x00007ffff143873a in WebCore::SubresourceLoader::didFinishLoading (this=0x757a70, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:310 #34 0x00007ffff1434a11 in WebCore::ResourceLoader::didFinishLoading (this=0x757a70, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:508 #35 0x00007ffff1d16a55 in WebCore::readCallback (asyncResult=0x8069c0, data=0x8237b0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1322 #36 0x00007fffe8f3e02a in async_ready_callback_wrapper (source_object=0x91e9e0, res=0x8069c0, user_data=0x8237b0) at ginputstream.c:530 #37 0x00007fffe8f5d5bb in g_task_return_now (task=0x8069c0) at gtask.c:1105 #38 0x00007fffe8f5d5d9 in complete_in_idle_cb (task=0x8069c0) at gtask.c:1114 #39 0x00007fffed2e7f46 in g_main_dispatch (context=0x806730) at gmain.c:3054 #40 g_main_context_dispatch (context=context@entry=0x806730) at gmain.c:3630 #41 0x00007ffff78de6e8 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffc500, rfds=0x7fffffffc480, ecore_fds=10, ctx=<optimized out>) at ecore_glib.c:171 #42 _ecore_glib_select (ecore_fds=10, rfds=0x7fffffffc480, wfds=0x7fffffffc500, efds=<optimized out>, ecore_timeout=<optimized out>) at ecore_glib.c:205 #43 0x00007ffff78d8b37 in _ecore_main_select (timeout=timeout@entry=0) at ecore_main.c:1466 #44 0x00007ffff78d962c in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1860 #45 0x00007ffff78d99c7 in ecore_main_loop_begin () at ecore_main.c:956 #46 0x0000000000406866 in main (argc=2, argv=0x7fffffffd998) at /home/reni2/data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1002
Attachments
Test case
(42 bytes, text/html)
2014-03-17 09:01 PDT
,
Renata Hodovan
no flags
Details
Patch
(3.59 KB, patch)
2014-12-22 22:07 PST
,
Jaehun Lim
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Jaehun Lim
Comment 1
2014-12-22 22:07:33 PST
Created
attachment 243664
[details]
Patch
Chris Dumez
Comment 2
2015-01-07 11:38:59 PST
Comment on
attachment 243664
[details]
Patch r=me
WebKit Commit Bot
Comment 3
2015-01-07 16:30:07 PST
Comment on
attachment 243664
[details]
Patch Clearing flags on attachment: 243664 Committed
r178067
: <
http://trac.webkit.org/changeset/178067
>
WebKit Commit Bot
Comment 4
2015-01-07 16:30:14 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug