134970 – ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers

RESOLVED FIXED 134970

ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers

https://bugs.webkit.org/show_bug.cgi?id=134970

Summary ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers

Nagy Renátó

Reported 2014-07-16 04:15:38 PDT

Test: <style> html{ display:list-item; } </style> Output: ASSERTION FAILED: listNode /home/rnagy/WebKit/Source/WebCore/rendering/RenderListItem.cpp(500) : void WebCore::RenderListItem::updateListMarkerNumbers() Backtrace: #0 0x00007ffff583f3d6 in WTFCrash () at /home/rnagy/WebKit/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff15513e5 in WebCore::RenderListItem::updateListMarkerNumbers (this=0x782cc0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderListItem.cpp:500 #2 0x00007ffff154f982 in WebCore::RenderListItem::insertedIntoTree (this=0x782cc0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderListItem.cpp:83 #3 0x00007ffff14a791d in WebCore::RenderElement::insertChildInternal (this=0x77f060, newChild=0x782cc0, beforeChild=0x0, notifyChildren=WebCore::RenderElement::NotifyChildren) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderElement.cpp:569 #4 0x00007ffff14a7475 in WebCore::RenderElement::addChild (this=0x77f060, newChild=0x782cc0, beforeChild=0x0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderElement.cpp:493 #5 0x00007ffff14087df in WebCore::RenderBlock::addChildIgnoringContinuation (this=0x77f060, newChild=0x782cc0, beforeChild=0x0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderBlock.cpp:576 #6 0x00007ffff14082c2 in WebCore::RenderBlock::addChild (this=0x77f060, newChild=0x782cc0, beforeChild=0x0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderBlock.cpp:491 #7 0x00007ffff14424b4 in WebCore::RenderBlockFlow::addChild (this=0x77f060, newChild=0x782cc0, beforeChild=0x0) at /home/rnagy/WebKit/Source/WebCore/rendering/RenderBlockFlow.cpp:3653 #8 0x00007ffff16cec0c in WebCore::Style::RenderTreePosition::insert (this=0x7fffffffd0c0, renderer=...) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:216 #9 0x00007ffff16cf350 in WebCore::Style::createRendererIfNeeded (element=..., renderingParentNode=..., renderTreePosition=..., resolvedStyle=...) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:332 #10 0x00007ffff16d02e4 in WebCore::Style::attachRenderTree (current=..., renderingParentNode=..., renderTreePosition=..., resolvedStyle=...) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:586 #11 0x00007ffff16d0adc in WebCore::Style::resolveLocal (current=..., renderingParentNode=..., renderTreePosition=..., inheritedChange=WebCore::Style::Force) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:729 #12 0x00007ffff16d1131 in WebCore::Style::resolveTree (current=..., renderingParentNode=..., renderTreePosition=..., change=WebCore::Style::Force) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:887 #13 0x00007ffff16d162d in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force) at /home/rnagy/WebKit/Source/WebCore/style/StyleResolveTree.cpp:96 #14 0x00007ffff0be8d84 in WebCore::Document::recalcStyle (this=0x73a8e0, change=WebCore::Style::Force) at /home/rnagy/WebKit/Source/WebCore/dom/Document.cpp:1749 #15 0x00007ffff0be9035 in WebCore::Document::updateStyleIfNeeded (this=0x73a8e0) at /home/rnagy/WebKit/Source/WebCore/dom/Document.cpp:1794 #16 0x00007ffff0bf2a09 in WebCore::Document::finishedParsing (this=0x73a8e0) at /home/rnagy/WebKit/Source/WebCore/dom/Document.cpp:4512 #17 0x00007ffff0ef377b in WebCore::HTMLConstructionSite::finishedParsing (this=0x6de048) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #18 0x00007ffff0f2da9d in WebCore::HTMLTreeBuilder::finished (this=0x6de030) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997 #19 0x00007ffff0efb218 in WebCore::HTMLDocumentParser::end (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #20 0x00007ffff0efb303 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #21 0x00007ffff0ef9f4d in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #22 0x00007ffff0efb346 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #23 0x00007ffff0efb3fd in WebCore::HTMLDocumentParser::finish (this=0x6ea260) at /home/rnagy/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #24 0x00007ffff1047ea5 in WebCore::DocumentWriter::end (this=0x75f640) at /home/rnagy/WebKit/Source/WebCore/loader/DocumentWriter.cpp:250 #25 0x00007ffff103265b in WebCore::DocumentLoader::finishedLoading (this=0x75f5a0, finishTime=0) at /home/rnagy/WebKit/Source/WebCore/loader/DocumentLoader.cpp:441 #26 0x00007ffff10323c4 in WebCore::DocumentLoader::notifyFinished (this=0x75f5a0, resource=0x77a650) at /home/rnagy/WebKit/Source/WebCore/loader/DocumentLoader.cpp:375 #27 0x00007ffff10df040 in WebCore::CachedResource::checkNotify (this=0x77a650) at /home/rnagy/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:334 #28 0x00007ffff10df126 in WebCore::CachedResource::finishLoading (this=0x77a650) at /home/rnagy/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:350 #29 0x00007ffff10dc124 in WebCore::CachedRawResource::finishLoading (this=0x77a650, data=0x747d30) at /home/rnagy/WebKit/Source/WebCore/loader/cache/CachedRawResource.cpp:98 #30 0x00007ffff1092630 in WebCore::SubresourceLoader::didFinishLoading (this=0x77abb0, finishTime=0) at /home/rnagy/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:310 #31 0x00007ffff108e907 in WebCore::ResourceLoader::didFinishLoading (this=0x77abb0, finishTime=0) at /home/rnagy/WebKit/Source/WebCore/loader/ResourceLoader.cpp:517 #32 0x00007ffff1996785 in WebCore::readCallback (asyncResult=0x77ea00, data=0x77b230) at /home/rnagy/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302 #33 0x00007fffebf5f24a in async_ready_callback_wrapper (source_object=0x68c9b0, res=0x77ea00, user_data=0x77b230) at ginputstream.c:519 #34 0x00007fffebf7ec1b in g_task_return_now (task=0x77ea00) at gtask.c:1108 #35 0x00007fffebf7ec39 in complete_in_idle_cb (task=0x77ea00) at gtask.c:1117 #36 0x00007fffeb9d3236 in g_main_dispatch (context=0x686d00) at gmain.c:3065 #37 g_main_context_dispatch (context=context@entry=0x686d00) at gmain.c:3641 #38 0x00007fffecd425c0 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffd9c0, rfds=0x7fffffffd940, ecore_fds=4, ctx=<optimized out>) at lib/ecore/ecore_glib.c:172 #39 _ecore_glib_select (ecore_fds=4, rfds=0x7fffffffd940, wfds=0x7fffffffd9c0, efds=<optimized out>, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:204 #40 0x00007fffecd44fe4 in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1579 #41 0x00007fffecd45b75 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2007 #42 0x00007fffecd45c37 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1042 #43 0x00007ffff767cdcf in WTF::RunLoop::run () at /home/rnagy/WebKit/Source/WTF/wtf/efl/RunLoopEfl.cpp:51 #44 0x00007ffff7601bf6 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffde68) at /home/rnagy/WebKit/Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #45 0x00007ffff76019da in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffde68) at /home/rnagy/WebKit/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:128 #46 0x000000000040082d in main (argc=2, argv=0x7fffffffde68) at /home/rnagy/WebKit/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32

Attachments
Proposed patch (4.39 KB, patch) 2014-07-17 01:44 PDT, Nagy Renátó	no flags	Details Formatted Diff Diff
Proposed patch (4.40 KB, patch) 2014-07-17 04:24 PDT, Nagy Renátó	darin: review- darin: commit-queue-	Details Formatted Diff Diff
Proposed patch (1.69 KB, patch) 2014-08-01 05:16 PDT, Nagy Renátó	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Nagy Renátó

Comment 1 2014-07-17 01:44:10 PDT

Created attachment 235059 [details] Proposed patch

Nagy Renátó

Comment 2 2014-07-17 04:24:14 PDT

Created attachment 235064 [details] Proposed patch

zalan

Comment 3 2014-07-17 09:10:07 PDT

Comment on attachment 235064 [details] Proposed patch Not sure if the assertion is actually correct. Only updateListMarkerNumbers() asserts on nullptr (there are a few more calls on enclosingList()) and the changeset where the assert was introduced doesn't really explain why it is enforced. (http://trac.webkit.org/changeset/57986) I'd figure out if it is needed at all and whether other callers should assert on nullptr too.

Darin Adler

Comment 4 2014-07-17 09:30:40 PDT

Comment on attachment 235064 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=235064&action=review > Source/WebCore/rendering/RenderListItem.cpp:113 > + if (!firstNode) > + firstNode = &listItem->element(); This fix is not right. I don’t think the element itself should be returned as the list. The enclosingList function should not return something that would return false from isList. This function is allowed to return null if there is no enclosing list. The fix should be at the call sites, not here in this function.

Darin Adler

Comment 5 2014-07-17 09:31:26 PDT

Comment on attachment 235064 [details] Proposed patch I suspect Zalan is right and the only problem is that updateListMarkerNumbers should not be asserting.

Nagy Renátó

Comment 6 2014-08-01 05:16:55 PDT

Created attachment 235887 [details] Proposed patch ASSERTION removed.

WebKit Commit Bot

Comment 7 2014-08-01 09:15:44 PDT

Comment on attachment 235887 [details] Proposed patch Clearing flags on attachment: 235887 Committed r171917: <http://trac.webkit.org/changeset/171917>

WebKit Commit Bot

Comment 8 2014-08-01 09:15:50 PDT

All reviewed patches have been landed. Closing bug.

Renata Hodovan

Comment 9 2014-08-04 05:50:31 PDT

*** Bug 118846 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Nobody

Reported

2014-07-16 04:15 PDT

Modified

2014-08-04 05:50 PDT History

CC List

9 users Show

URL

Keywords

Duplicates (1)

118846 View as bug list

Depends on

Blocks

116980

Dependencies

tree graph