RESOLVED FIXED 130341
ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() in WebCore::ApplyPropertyTextIndent::applyValue
https://bugs.webkit.org/show_bug.cgi?id=130341
Summary ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() in WebCore::ApplyPro...
Renata Hodovan
Reported 2014-03-17 09:01:36 PDT
Created attachment 226923 [details] Test case Test case to reproduce: <title style="text-indent:9.4EX">A</title> Backtrace: ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp(2326) : static void WebCore::ApplyPropertyTextIndent::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) 1 0x7ffff5ed5075 WTFCrash 2 0x7ffff0e930fc WebCore::ApplyPropertyTextIndent::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) 3 0x7ffff0f1a45b WebCore::PropertyHandler::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) const 4 0x7ffff0f1122a WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*) 5 0x7ffff0f17091 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&) 6 0x7ffff0f17206 WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int) 7 0x7ffff0f10307 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) 8 0x7ffff0f0b7d3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) 9 0x7ffff0f7c4d2 WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) 10 0x7ffff0fd92b2 WebCore::Element::computedStyle(WebCore::PseudoId) 11 0x7ffff1203a3a WebCore::HTMLTitleElement::textWithDirection() 12 0x7ffff1203945 WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) 13 0x7ffff0f5bde9 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) 14 0x7ffff0f5d6e1 WebCore::ContainerNode::parserAppendChild(WTF::PassRefPtr<WebCore::Node>) 15 0x7ffff1282882 16 0x7ffff12828db 17 0x7ffff1282ae1 18 0x7ffff12851a2 WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) 19 0x7ffff12ba981 WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) 20 0x7ffff12ba1ff WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken*) 21 0x7ffff12b01c3 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken*) 22 0x7ffff12affa0 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken*) 23 0x7ffff128b294 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&) 24 0x7ffff128af1b WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 25 0x7ffff128a721 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 26 0x7ffff128b7db WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>) 27 0x7ffff0f73815 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) 28 0x7ffff13ed465 WebCore::DocumentWriter::end() 29 0x7ffff13d7e41 WebCore::DocumentLoader::finishedLoading(double) 30 0x7ffff13d7baa WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) 31 0x7ffff14805a4 WebCore::CachedResource::checkNotify() Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5ed507a in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5ed507a in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff0e930fc in WebCore::ApplyPropertyTextIndent::applyValue (styleResolver=0x987e50, value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:2326 #2 0x00007ffff0f1a45b in WebCore::PropertyHandler::applyValue (this=0x9dce60, propertyID=WebCore::CSSPropertyTextIndent, styleResolver=0x987e50, value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:48 #3 0x00007ffff0f1122a in WebCore::StyleResolver::applyProperty (this=0x987e50, id=WebCore::CSSPropertyTextIndent, value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2150 #4 0x00007ffff0f17091 in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffff8d30, resolver=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3909 #5 0x00007ffff0f17206 in WebCore::StyleResolver::applyCascadedProperties (this=0x987e50, cascade=..., firstProperty=20, lastProperty=415) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3939 #6 0x00007ffff0f10307 in WebCore::StyleResolver::applyMatchedProperties (this=0x987e50, matchResult=..., element=0x858a60, shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1844 #7 0x00007ffff0f0b7d3 in WebCore::StyleResolver::styleForElement (this=0x987e50, element=0x858a60, defaultParent=0x988830, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:803 #8 0x00007ffff0f7c4d2 in WebCore::Document::styleForElementIgnoringPendingStylesheets (this=0x9897c0, element=0x858a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1891 #9 0x00007ffff0fd92b2 in WebCore::Element::computedStyle (this=0x858a60, pseudoElementSpecifier=WebCore::NOPSEUDO) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:2050 #10 0x00007ffff1203a3a in WebCore::HTMLTitleElement::textWithDirection (this=0x858a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/HTMLTitleElement.cpp:87 #11 0x00007ffff1203945 in WebCore::HTMLTitleElement::childrenChanged (this=0x858a60, change=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/HTMLTitleElement.cpp:70 #12 0x00007ffff0f5bde9 in WebCore::ContainerNode::notifyChildInserted (this=0x858a60, child=..., source=WebCore::ContainerNode::ChildChangeSourceParser) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:353 #13 0x00007ffff0f5d6e1 in WebCore::ContainerNode::parserAppendChild (this=0x858a60, newChild=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:754 #14 0x00007ffff1282882 in WebCore::insert (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:96 #15 0x00007ffff12828db in WebCore::executeInsertTask (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:103 #16 0x00007ffff1282ae1 in WebCore::executeTask (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:141 #17 0x00007ffff12851a2 in WebCore::HTMLConstructionSite::insertTextNode (this=0x9e29d8, characters=..., whitespaceMode=WebCore::WhitespaceUnknown) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:567 #18 0x00007ffff12ba981 in WebCore::HTMLTreeBuilder::processCharacterBuffer (this=0x9e29c0, buffer=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2523 #19 0x00007ffff12ba1ff in WebCore::HTMLTreeBuilder::processCharacter (this=0x9e29c0, token=0x7fffffffbd90) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2304 #20 0x00007ffff12b01c3 in WebCore::HTMLTreeBuilder::processToken (this=0x9e29c0, token=0x7fffffffbd90) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:393 #21 0x00007ffff12affa0 in WebCore::HTMLTreeBuilder::constructTree (this=0x9e29c0, token=0x7fffffffbd90) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:354 #22 0x00007ffff128b294 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x80a290, rawToken=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:352 #23 0x00007ffff128af1b in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x80a290, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:309 #24 0x00007ffff128a721 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x80a290, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189 #25 0x00007ffff128b7db in WebCore::HTMLDocumentParser::append (this=0x80a290, inputSource=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:428 #26 0x00007ffff0f73815 in WebCore::DecodedDataDocumentParser::flush (this=0x80a290, writer=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #27 0x00007ffff13ed465 in WebCore::DocumentWriter::end (this=0x8ce940) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245 ---Type <return> to continue, or q <return> to quit--- #28 0x00007ffff13d7e41 in WebCore::DocumentLoader::finishedLoading (this=0x8ce8a0, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440 #29 0x00007ffff13d7baa in WebCore::DocumentLoader::notifyFinished (this=0x8ce8a0, resource=0x757530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374 #30 0x00007ffff14805a4 in WebCore::CachedResource::checkNotify (this=0x757530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:332 #31 0x00007ffff1480682 in WebCore::CachedResource::finishLoading (this=0x757530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:348 #32 0x00007ffff147d056 in WebCore::CachedRawResource::finishLoading (this=0x757530, data=0x80a1f0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:96 #33 0x00007ffff143873a in WebCore::SubresourceLoader::didFinishLoading (this=0x757a70, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:310 #34 0x00007ffff1434a11 in WebCore::ResourceLoader::didFinishLoading (this=0x757a70, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:508 #35 0x00007ffff1d16a55 in WebCore::readCallback (asyncResult=0x8069c0, data=0x8237b0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1322 #36 0x00007fffe8f3e02a in async_ready_callback_wrapper (source_object=0x91e9e0, res=0x8069c0, user_data=0x8237b0) at ginputstream.c:530 #37 0x00007fffe8f5d5bb in g_task_return_now (task=0x8069c0) at gtask.c:1105 #38 0x00007fffe8f5d5d9 in complete_in_idle_cb (task=0x8069c0) at gtask.c:1114 #39 0x00007fffed2e7f46 in g_main_dispatch (context=0x806730) at gmain.c:3054 #40 g_main_context_dispatch (context=context@entry=0x806730) at gmain.c:3630 #41 0x00007ffff78de6e8 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffc500, rfds=0x7fffffffc480, ecore_fds=10, ctx=<optimized out>) at ecore_glib.c:171 #42 _ecore_glib_select (ecore_fds=10, rfds=0x7fffffffc480, wfds=0x7fffffffc500, efds=<optimized out>, ecore_timeout=<optimized out>) at ecore_glib.c:205 #43 0x00007ffff78d8b37 in _ecore_main_select (timeout=timeout@entry=0) at ecore_main.c:1466 #44 0x00007ffff78d962c in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1860 #45 0x00007ffff78d99c7 in ecore_main_loop_begin () at ecore_main.c:956 #46 0x0000000000406866 in main (argc=2, argv=0x7fffffffd998) at /home/reni2/data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1002
Attachments
Test case (42 bytes, text/html)
2014-03-17 09:01 PDT, Renata Hodovan
no flags
Patch (3.59 KB, patch)
2014-12-22 22:07 PST, Jaehun Lim
no flags
Jaehun Lim
Comment 1 2014-12-22 22:07:33 PST
Chris Dumez
Comment 2 2015-01-07 11:38:59 PST
Comment on attachment 243664 [details] Patch r=me
WebKit Commit Bot
Comment 3 2015-01-07 16:30:07 PST
Comment on attachment 243664 [details] Patch Clearing flags on attachment: 243664 Committed r178067: <http://trac.webkit.org/changeset/178067>
WebKit Commit Bot
Comment 4 2015-01-07 16:30:14 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.