134970 – ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers

Bug 134970 - ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers

Summary: ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Duplicates (1):	118846 (view as bug list)
Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-07-16 04:15 PDT by Nagy Renátó
Modified:	2014-08-04 05:50 PDT (History)
CC List:	9 users (show)

See Also:

Attachments
Proposed patch (4.39 KB, patch) 2014-07-17 01:44 PDT, Nagy Renátó	no flags	Details \| Formatted Diff \| Diff
Proposed patch (4.40 KB, patch) 2014-07-17 04:24 PDT, Nagy Renátó	darin: review- darin: commit-queue-	Details \| Formatted Diff \| Diff
Proposed patch (1.69 KB, patch) 2014-08-01 05:16 PDT, Nagy Renátó	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nagy Renátó 2014-07-16 04:15:38 PDT

Test:
<style>
    html{
        display:list-item;
    }
</style>


Output:
ASSERTION FAILED: listNode
/home/rnagy/WebKit/Source/WebCore/rendering/RenderListItem.cpp(500) : void WebCore::RenderListItem::updateListMarkerNumbers()


Backtrace:
#0  0x00007ffff583f3d6 in WTFCrash () at /home/rnagy/WebKit/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff15513e5 in WebCore::RenderListItem::updateListMarkerNumbers (this=0x782cc0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderListItem.cpp:500
#2  0x00007ffff154f982 in WebCore::RenderListItem::insertedIntoTree (this=0x782cc0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderListItem.cpp:83
#3  0x00007ffff14a791d in WebCore::RenderElement::insertChildInternal (this=0x77f060, newChild=0x782cc0, beforeChild=0x0, notifyChildren=WebCore::RenderElement::NotifyChildren)
    at /home/rnagy/WebKit/Source/WebCore/rendering/RenderElement.cpp:569
#4  0x00007ffff14a7475 in WebCore::RenderElement::addChild (this=0x77f060, newChild=0x782cc0, beforeChild=0x0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderElement.cpp:493
#5  0x00007ffff14087df in WebCore::RenderBlock::addChildIgnoringContinuation (this=0x77f060, newChild=0x782cc0, beforeChild=0x0)
    at /home/rnagy/WebKit/Source/WebCore/rendering/RenderBlock.cpp:576
#6  0x00007ffff14082c2 in WebCore::RenderBlock::addChild (this=0x77f060, newChild=0x782cc0, beforeChild=0x0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderBlock.cpp:491
#7  0x00007ffff14424b4 in WebCore::RenderBlockFlow::addChild (this=0x77f060, newChild=0x782cc0, beforeChild=0x0)
    at /home/rnagy/WebKit/Source/WebCore/rendering/RenderBlockFlow.cpp:3653
#8  0x00007ffff16cec0c in WebCore::Style::RenderTreePosition::insert (this=0x7fffffffd0c0, renderer=...) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:216
#9  0x00007ffff16cf350 in WebCore::Style::createRendererIfNeeded (element=..., renderingParentNode=..., renderTreePosition=..., resolvedStyle=...)
at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:332
#10 0x00007ffff16d02e4 in WebCore::Style::attachRenderTree (current=..., renderingParentNode=..., renderTreePosition=..., resolvedStyle=...)
    at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:586
#11 0x00007ffff16d0adc in WebCore::Style::resolveLocal (current=..., renderingParentNode=..., renderTreePosition=..., inheritedChange=WebCore::Style::Force)
    at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:729
#12 0x00007ffff16d1131 in WebCore::Style::resolveTree (current=..., renderingParentNode=..., renderTreePosition=..., change=WebCore::Style::Force)
    at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:887
#13 0x00007ffff16d162d in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:96
#14 0x00007ffff0be8d84 in WebCore::Document::recalcStyle (this=0x73a8e0, change=WebCore::Style::Force) at /home/rnagy/WebKit/Source/WebCore/dom/Document.cpp:1749
#15 0x00007ffff0be9035 in WebCore::Document::updateStyleIfNeeded (this=0x73a8e0) at /home/rnagy/WebKit/Source/WebCore/dom/Document.cpp:1794
#16 0x00007ffff0bf2a09 in WebCore::Document::finishedParsing (this=0x73a8e0) at /home/rnagy/WebKit/Source/WebCore/dom/Document.cpp:4512
#17 0x00007ffff0ef377b in WebCore::HTMLConstructionSite::finishedParsing (this=0x6de048) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:395
#18 0x00007ffff0f2da9d in WebCore::HTMLTreeBuilder::finished (this=0x6de030) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997
#19 0x00007ffff0efb218 in WebCore::HTMLDocumentParser::end (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#20 0x00007ffff0efb303 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#21 0x00007ffff0ef9f4d in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#22 0x00007ffff0efb346 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#23 0x00007ffff0efb3fd in WebCore::HTMLDocumentParser::finish (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#24 0x00007ffff1047ea5 in WebCore::DocumentWriter::end (this=0x75f640) at /home/rnagy/WebKit/Source/WebCore/loader/DocumentWriter.cpp:250
#25 0x00007ffff103265b in WebCore::DocumentLoader::finishedLoading (this=0x75f5a0, finishTime=0) at /home/rnagy/WebKit/Source/WebCore/loader/DocumentLoader.cpp:441
#26 0x00007ffff10323c4 in WebCore::DocumentLoader::notifyFinished (this=0x75f5a0, resource=0x77a650) at /home/rnagy/WebKit/Source/WebCore/loader/DocumentLoader.cpp:375
#27 0x00007ffff10df040 in WebCore::CachedResource::checkNotify (this=0x77a650) at /home/rnagy/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:334
#28 0x00007ffff10df126 in WebCore::CachedResource::finishLoading (this=0x77a650) at /home/rnagy/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:350
#29 0x00007ffff10dc124 in WebCore::CachedRawResource::finishLoading (this=0x77a650, data=0x747d30) at /home/rnagy/WebKit/Source/WebCore/loader/cache/CachedRawResource.cpp:98
#30 0x00007ffff1092630 in WebCore::SubresourceLoader::didFinishLoading (this=0x77abb0, finishTime=0) at /home/rnagy/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:310
#31 0x00007ffff108e907 in WebCore::ResourceLoader::didFinishLoading (this=0x77abb0, finishTime=0) at /home/rnagy/WebKit/Source/WebCore/loader/ResourceLoader.cpp:517
#32 0x00007ffff1996785 in WebCore::readCallback (asyncResult=0x77ea00, data=0x77b230) at /home/rnagy/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302
#33 0x00007fffebf5f24a in async_ready_callback_wrapper (source_object=0x68c9b0, res=0x77ea00, user_data=0x77b230) at ginputstream.c:519
#34 0x00007fffebf7ec1b in g_task_return_now (task=0x77ea00) at gtask.c:1108
#35 0x00007fffebf7ec39 in complete_in_idle_cb (task=0x77ea00) at gtask.c:1117
#36 0x00007fffeb9d3236 in g_main_dispatch (context=0x686d00) at gmain.c:3065
#37 g_main_context_dispatch (context=context@entry=0x686d00) at gmain.c:3641
#38 0x00007fffecd425c0 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffd9c0, rfds=0x7fffffffd940, ecore_fds=4, 
    ctx=<optimized out>) at lib/ecore/ecore_glib.c:172
#39 _ecore_glib_select (ecore_fds=4, rfds=0x7fffffffd940, wfds=0x7fffffffd9c0, efds=<optimized out>, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:204
#40 0x00007fffecd44fe4 in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1579
#41 0x00007fffecd45b75 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2007
#42 0x00007fffecd45c37 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1042
#43 0x00007ffff767cdcf in WTF::RunLoop::run () at /home/rnagy/WebKit/Source/WTF/wtf/efl/RunLoopEfl.cpp:51
#44 0x00007ffff7601bf6 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffde68)
    at /home/rnagy/WebKit/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#45 0x00007ffff76019da in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffde68) at /home/rnagy/WebKit/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:128
#46 0x000000000040082d in main (argc=2, argv=0x7fffffffde68) at /home/rnagy/WebKit/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32

Comment 1 Nagy Renátó 2014-07-17 01:44:10 PDT

Created attachment 235059 [details]
Proposed patch

Comment 2 Nagy Renátó 2014-07-17 04:24:14 PDT

Created attachment 235064 [details]
Proposed patch

Comment 3 zalan 2014-07-17 09:10:07 PDT

Comment on attachment 235064 [details]
Proposed patch

Not sure if the assertion is actually correct. Only updateListMarkerNumbers() asserts on nullptr (there are a few more calls on enclosingList()) and the changeset where the assert was introduced doesn't really explain why it is enforced. (http://trac.webkit.org/changeset/57986) I'd figure out if it is needed at all and whether other callers should assert on nullptr too.

Comment 4 Darin Adler 2014-07-17 09:30:40 PDT

Comment on attachment 235064 [details]
Proposed patch

View in context: https://bugs.webkit.org/attachment.cgi?id=235064&action=review

> Source/WebCore/rendering/RenderListItem.cpp:113
> +    if (!firstNode)
> +        firstNode = &listItem->element();

This fix is not right. I don’t think the element itself should be returned as the list. The enclosingList function should not return something that would return false from isList.

This function is allowed to return null if there is no enclosing list. The fix should be at the call sites, not here in this function.

Comment 5 Darin Adler 2014-07-17 09:31:26 PDT

Comment on attachment 235064 [details]
Proposed patch

I suspect Zalan is right and the only problem is that updateListMarkerNumbers should not be asserting.

Comment 6 Nagy Renátó 2014-08-01 05:16:55 PDT

Created attachment 235887 [details]
Proposed patch

ASSERTION removed.

Comment 7 WebKit Commit Bot 2014-08-01 09:15:44 PDT

Comment on attachment 235887 [details]
Proposed patch

Clearing flags on attachment: 235887

Committed r171917: <http://trac.webkit.org/changeset/171917>

Comment 8 WebKit Commit Bot 2014-08-01 09:15:50 PDT

All reviewed patches have been landed.  Closing bug.

Comment 9 Renata Hodovan 2014-08-04 05:50:31 PDT

*** Bug 118846 has been marked as a duplicate of this bug. ***