WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED CONFIGURATION CHANGED
130793
ASSERTION FAILED: m_status.eor != U_OTHER_NEUTRAL || m_eor.atEnd() in WebCore::BidiResolver::checkDirectionInLowerRaiseEmbeddingLevel
https://bugs.webkit.org/show_bug.cgi?id=130793
Summary
ASSERTION FAILED: m_status.eor != U_OTHER_NEUTRAL || m_eor.atEnd() in WebCore...
Renata Hodovan
Reported
2014-03-26 13:09:35 PDT
Created
attachment 227878
[details]
Test case The failing test case: <meta charset="iso-8859-8-e"> <bdo> <embed></embed> </bdo> <kbd dir="auto"> The backtrace: ASSERTION FAILED: m_status.eor != U_OTHER_NEUTRAL || m_eor.atEnd() /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h(354) : void WebCore::BidiResolver<Iterator, Run>::checkDirectionInLowerRaiseEmbeddingLevel() [with Iterator = WebCore::InlineIterator; Run = WebCore::BidiRun] 1 0x7ffff5ed9db5 WTFCrash 2 0x7ffff17c8591 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::checkDirectionInLowerRaiseEmbeddingLevel() 3 0x7ffff17c364c WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::lowerExplicitEmbeddingLevel(UCharDirection) 4 0x7ffff17c0674 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::commitExplicitEmbedding() 5 0x7ffff17bacf3 6 0x7ffff17bab77 7 0x7ffff17baa41 8 0x7ffff17be457 WebCore::InlineIterator::increment(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>*) 9 0x7ffff17f8a29 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::increment() 10 0x7ffff17fb3d3 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine(WebCore::InlineIterator const&, WebCore::VisualDirectionOverride, bool) 11 0x7ffff17efc6a 12 0x7ffff17f0045 13 0x7ffff17f22e7 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) 14 0x7ffff17f0978 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) 15 0x7ffff17f40f8 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 16 0x7ffff17d71be WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x7ffff17d6531 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 18 0x7ffff17a67ff WebCore::RenderBlock::layout() 19 0x7ffff17d7588 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 20 0x7ffff17d70ca WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 21 0x7ffff17d6555 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 22 0x7ffff17a67ff WebCore::RenderBlock::layout() 23 0x7ffff17d7588 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 24 0x7ffff17d70ca WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 25 0x7ffff17d6555 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 26 0x7ffff17a67ff WebCore::RenderBlock::layout() 27 0x7ffff1971b21 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 28 0x7ffff197225a WebCore::RenderView::layout() 29 0x7ffff14ff5c5 WebCore::FrameView::layout(bool) 30 0x7ffff0f526d5 WebCore::Document::implicitClose() 31 0x7ffff13d383b WebCore::FrameLoader::checkCallImplicitClose() Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5ed9dba in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5ed9dba in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff17c8591 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::checkDirectionInLowerRaiseEmbeddingLevel (this=0x7fffffffafb0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:354 #2 0x00007ffff17c364c in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::lowerExplicitEmbeddingLevel (this=0x7fffffffafb0, from=U_LEFT_TO_RIGHT) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:370 #3 0x00007ffff17c0674 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::commitExplicitEmbedding (this=0x7fffffffafb0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:473 #4 0x00007ffff17bacf3 in WebCore::notifyObserverEnteredObject<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (observer=0x7fffffffafb0, object=0x8cf0b0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:139 #5 0x00007ffff17bab77 in WebCore::bidiNextShared<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (root=..., current=0x933ae0, observer=0x7fffffffafb0, emptyInlineBehavior=WebCore::SkipEmptyInlines, endOfInlinePtr=0x0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:229 #6 0x00007ffff17baa41 in WebCore::bidiNextSkippingEmptyInlines<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (root=..., current=0x933ae0, observer=0x7fffffffafb0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:261 #7 0x00007ffff17be457 in WebCore::InlineIterator::increment (this=0x7fffffffafb0, resolver=0x7fffffffafb0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:365 #8 0x00007ffff17f8a29 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::increment (this=0x7fffffffafb0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:408 #9 0x00007ffff17fb3d3 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine (this=0x7fffffffafb0, end=..., override=WebCore::VisualLeftToRightOverride, hardLineBreak=false) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:571 #10 0x00007ffff17efc6a in WebCore::constructBidiRunsForSegment (topResolver=..., bidiRuns=..., endOfRuns=..., override=WebCore::VisualLeftToRightOverride, previousLineBrokeCleanly=false) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:895 #11 0x00007ffff17f0045 in WebCore::constructBidiRunsForLine (block=0x884b20, topResolver=..., bidiRuns=..., endOfLine=..., override=WebCore::VisualLeftToRightOverride, previousLineBrokeCleanly=false) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:958 #12 0x00007ffff17f22e7 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x884b20, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1375 #13 0x00007ffff17f0978 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x884b20, layoutState=..., hasInlineChild=true) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1100 #14 0x00007ffff17f40f8 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x884b20, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1696 #15 0x00007ffff17d71be in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x884b20, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:568 #16 0x00007ffff17d6531 in WebCore::RenderBlockFlow::layoutBlock (this=0x884b20, relayoutChildren=true, pageLogicalHeight=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:394 #17 0x00007ffff17a67ff in WebCore::RenderBlock::layout (this=0x884b20) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1286 #18 0x00007ffff17d7588 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x884a50, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:629 #19 0x00007ffff17d70ca in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x884a50, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:548 #20 0x00007ffff17d6555 in WebCore::RenderBlockFlow::layoutBlock (this=0x884a50, relayoutChildren=true, pageLogicalHeight=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:396 #21 0x00007ffff17a67ff in WebCore::RenderBlock::layout (this=0x884a50) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1286 #22 0x00007ffff17d7588 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7a3ac0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:629 #23 0x00007ffff17d70ca in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7a3ac0, relayoutChildren=true, maxFloatLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:548 #24 0x00007ffff17d6555 in WebCore::RenderBlockFlow::layoutBlock (this=0x7a3ac0, relayoutChildren=true, pageLogicalHeight=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:396 #25 0x00007ffff17a67ff in WebCore::RenderBlock::layout (this=0x7a3ac0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1286 #26 0x00007ffff1971b21 in WebCore::RenderView::layoutContent (this=0x7a3ac0, state=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:152 #27 0x00007ffff197225a in WebCore::RenderView::layout (this=0x7a3ac0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:281 ---Type <return> to continue, or q <return> to quit--- #28 0x00007ffff14ff5c5 in WebCore::FrameView::layout (this=0x949710, allowSubtree=true) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1261 #29 0x00007ffff0f526d5 in WebCore::Document::implicitClose (this=0x752fa0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2456 #30 0x00007ffff13d383b in WebCore::FrameLoader::checkCallImplicitClose (this=0x9e6208) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:884 #31 0x00007ffff13d35d6 in WebCore::FrameLoader::checkCompleted (this=0x9e6208) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:830 #32 0x00007ffff13d3344 in WebCore::FrameLoader::finishedParsing (this=0x9e6208) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:754 #33 0x00007ffff0f59d5f in WebCore::Document::finishedParsing (this=0x752fa0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4457 #34 0x00007ffff125b737 in WebCore::HTMLConstructionSite::finishedParsing (this=0x8801b8) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:393 #35 0x00007ffff1294271 in WebCore::HTMLTreeBuilder::finished (this=0x8801a0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2988 #36 0x00007ffff12631d4 in WebCore::HTMLDocumentParser::end (this=0x9a48d0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #37 0x00007ffff12632bf in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x9a48d0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #38 0x00007ffff1261f09 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x9a48d0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #39 0x00007ffff1263302 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x9a48d0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #40 0x00007ffff12633b9 in WebCore::HTMLDocumentParser::finish (this=0x9a48d0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #41 0x00007ffff13c55e5 in WebCore::DocumentWriter::end (this=0x903980) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #42 0x00007ffff13aff8b in WebCore::DocumentLoader::finishedLoading (this=0x9038e0, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440 #43 0x00007ffff13afcf4 in WebCore::DocumentLoader::notifyFinished (this=0x9038e0, resource=0x9d0a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374 #44 0x00007ffff1458bfc in WebCore::CachedResource::checkNotify (this=0x9d0a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:332 #45 0x00007ffff1458cda in WebCore::CachedResource::finishLoading (this=0x9d0a60) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:348 #46 0x00007ffff14556ae in WebCore::CachedRawResource::finishLoading (this=0x9d0a60, data=0x92e0f0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:96 #47 0x00007ffff141095e in WebCore::SubresourceLoader::didFinishLoading (this=0x9ce380, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:310 #48 0x00007ffff140cc19 in WebCore::ResourceLoader::didFinishLoading (this=0x9ce380, finishTime=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:508 #49 0x00007ffff1cf6715 in WebCore::readCallback (asyncResult=0x8a41e0, data=0x9ce7a0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1324 #50 0x00007fffe8ee102a in async_ready_callback_wrapper (source_object=0x971cc0, res=0x8a41e0, user_data=0x9ce7a0) at ginputstream.c:530 #51 0x00007fffe8f005bb in g_task_return_now (task=0x8a41e0) at gtask.c:1105 #52 0x00007fffe8f005d9 in complete_in_idle_cb (task=0x8a41e0) at gtask.c:1114 #53 0x00007fffed28af46 in g_main_dispatch (context=0x8a3970) at gmain.c:3054 #54 g_main_context_dispatch (context=context@entry=0x8a3970) at gmain.c:3630 #55 0x00007ffff78dc6e8 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffc6d0, rfds=0x7fffffffc650, ecore_fds=11, ctx=<optimized out>) at ecore_glib.c:171 #56 _ecore_glib_select (ecore_fds=11, rfds=0x7fffffffc650, wfds=0x7fffffffc6d0, efds=<optimized out>, ecore_timeout=<optimized out>) at ecore_glib.c:205 #57 0x00007ffff78d6b37 in _ecore_main_select (timeout=timeout@entry=0) at ecore_main.c:1466 #58 0x00007ffff78d762c in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1860 #59 0x00007ffff78d79c7 in ecore_main_loop_begin () at ecore_main.c:956 #60 0x0000000000406866 in main (argc=2, argv=0x7fffffffdb68) at /home/reni2/data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1002
Attachments
Test case
(76 bytes, text/html)
2014-03-26 13:09 PDT
,
Renata Hodovan
no flags
Details
Test case
(48 bytes, text/html)
2016-03-11 14:24 PST
,
Renata Hodovan
no flags
Details
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2016-03-11 14:24:53 PST
Created
attachment 273767
[details]
Test case New test case. Checked on: OS: Mac OS X 10.11.1 (x86_64), x86_64 Build: ASAN debug Version: ecad464
Brent Fulgham
Comment 2
2016-08-03 14:06:37 PDT
This reproduces under
r204037
.
Radar WebKit Bug Importer
Comment 3
2016-08-03 14:09:10 PDT
<
rdar://problem/27685375
>
Ahmad Saleem
Comment 4
2023-01-20 10:39:18 PST
I am unable to reproduce ASSERT FAILED using attached test case of MiniBrowser WK2 Debug build based of
259136@main
. Can someone else confirm or we can close it? Thanks!
Brent Fulgham
Comment 5
2024-01-22 15:16:02 PST
Closing based on Ahmad's testing.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug