135602 – ASSERTION FAILED: !paintInfo.overlapTestRequests->contains(this) in WebCore::RenderWidget::paintContents

Bug 135602 - ASSERTION FAILED: !paintInfo.overlapTestRequests->contains(this) in WebCore::RenderWidget::paintContents

Summary: ASSERTION FAILED: !paintInfo.overlapTestRequests->contains(this) in WebCore::...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	zalan

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-08-05 03:02 PDT by Renata Hodovan
Modified:	2016-09-06 14:55 PDT (History)
CC List:	9 users (show)

See Also:

Attachments
Test case (68 bytes, text/html) 2014-08-05 03:02 PDT, Renata Hodovan	no flags	Details
Patch (4.09 KB, patch) 2016-09-06 14:04 PDT, zalan	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2014-08-05 03:02:53 PDT

Created attachment 236023 [details]
Test case

The failing test case:

<style> 
* {
    -webkit-column-count:2
}
</style>
<frameset><frame>


Backtrace:

ASSERTION FAILED: !paintInfo.overlapTestRequests->contains(this)
../../Source/WebCore/rendering/RenderWidget.cpp(245) : virtual void WebCore::RenderWidget::paintContents(WebCore::PaintInfo&, const WebCore::LayoutPoint&)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff97334700 (LWP 25734)]
0x00007ffff30191c8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329
329	    *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007ffff30191c8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329
#1  0x00007ffff3f3de1b in WebCore::RenderWidget::paintContents (this=0x7d63e0, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderWidget.cpp:245
#2  0x00007ffff3f3e35b in WebCore::RenderWidget::paint (this=0x7d63e0, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderWidget.cpp:286
#3  0x00007ffff3e1f3b8 in WebCore::RenderFrameSet::paint (this=0x990920, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderFrameSet.cpp:144
#4  0x00007ffff3d53181 in WebCore::RenderBlock::paintChild (this=0x871610, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at ../../Source/WebCore/rendering/RenderBlock.cpp:1591
#5  0x00007ffff3d52d87 in WebCore::RenderBlock::paintChildren (this=0x871610, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at ../../Source/WebCore/rendering/RenderBlock.cpp:1561
#6  0x00007ffff3d52d2d in WebCore::RenderBlock::paintContents (this=0x871610, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:1554
#7  0x00007ffff3d538dc in WebCore::RenderBlock::paintObject (this=0x871610, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:1682
#8  0x00007ffff3d52ae7 in WebCore::RenderBlock::paint (this=0x871610, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:1521
#9  0x00007ffff3e5653b in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=0x794590, phase=WebCore::PaintPhaseForeground, layerFragments=..., context=0x7e1c80, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0) at ../../Source/WebCore/rendering/RenderLayer.cpp:4497
#10 0x00007ffff3e561e3 in WebCore::RenderLayer::paintForegroundForFragments (this=0x794590, layerFragments=..., context=0x7e1c80, transparencyLayerContext=0x7e1c80, transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false) at ../../Source/WebCore/rendering/RenderLayer.cpp:4461
#11 0x00007ffff3e54657 in WebCore::RenderLayer::paintLayerContents (this=0x794590, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:4090
#12 0x00007ffff3e532f8 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x794590, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:3773
#13 0x00007ffff3e531cb in WebCore::RenderLayer::paintLayer (this=0x794590, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:3755
#14 0x00007ffff3e54d9c in WebCore::RenderLayer::paintList (this=0x8f0f00, list=0x82d6e0, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:4186
#15 0x00007ffff3e546e2 in WebCore::RenderLayer::paintLayerContents (this=0x8f0f00, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:4098
#16 0x00007ffff3e532f8 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x8f0f00, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:3773
#17 0x00007ffff3e531cb in WebCore::RenderLayer::paintLayer (this=0x8f0f00, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:3755
#18 0x00007ffff3e54d9c in WebCore::RenderLayer::paintList (this=0x86a7e0, list=0x6f14a0, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:4186
#19 0x00007ffff3e546e2 in WebCore::RenderLayer::paintLayerContents (this=0x86a7e0, context=0x7e1c80, paintingInfo=..., paintFlags=224) at ../../Source/WebCore/rendering/RenderLayer.cpp:4098
#20 0x00007ffff3e532f8 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x86a7e0, context=0x7e1c80, paintingInfo=..., paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:3773
#21 0x00007ffff3e531cb in WebCore::RenderLayer::paintLayer (this=0x86a7e0, context=0x7e1c80, paintingInfo=..., paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:3755
#22 0x00007ffff3e522a8 in WebCore::RenderLayer::paint (this=0x86a7e0, context=0x7e1c80, damageRect=..., subpixelAccumulation=..., paintBehavior=0, subtreePaintRoot=0x0, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:3554
#23 0x00007ffff3ad7102 in WebCore::FrameView::paintContents (this=0x7a3db0, context=0x7e1c80, dirtyRect=...) at ../../Source/WebCore/page/FrameView.cpp:3693
#24 0x00007ffff3b848ea in WebCore::ScrollView::paint (this=0x7a3db0, context=0x7e1c80, rect=...) at ../../Source/WebCore/platform/ScrollView.cpp:1203
#25 0x00007ffff2ecaf60 in WebKit::WebPage::drawRect (this=0x91b5f0, graphicsContext=..., rect=...) at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1292
#26 0x00007ffff2f977da in WebKit::DrawingAreaImpl::display (this=0x814d00, updateInfo=...) at ../../Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:664
#27 0x00007ffff2f97096 in WebKit::DrawingAreaImpl::display (this=0x814d00) at ../../Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:580
#28 0x00007ffff2f96f54 in WebKit::DrawingAreaImpl::displayTimerFired (this=0x814d00) at ../../Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:559
#29 0x00007ffff2f991ad in WTF::RunLoop::Timer<WebKit::DrawingAreaImpl>::fired (this=0x814ef8) at ../../Source/WTF/wtf/RunLoop.h:120
#30 0x00007ffff306a5d1 in WTF::RunLoop::TimerBase::__lambda1::operator() (__closure=0xa1b490) at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:121
#31 0x00007ffff306a9b8 in std::_Function_handler<bool(), WTF::RunLoop::TimerBase::start(double, bool)::__lambda1>::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.8/functional:2057
#32 0x00007ffff3069594 in std::function<bool ()>::operator()() const (this=0x814f40) at /usr/include/c++/4.8/functional:2464
#33 0x00007ffff3068e28 in WTF::GMainLoopSource::boolCallback (this=0x814f08) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:210
#34 0x00007ffff30690c6 in WTF::GMainLoopSource::boolSourceCallback (source=0x814f08, source@entry=<error reading variable: value has been optimized out>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:261
#35 0x00007fffeb44ee43 in g_timeout_dispatch (source=source@entry=0x7e1d80, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4450
#36 0x00007fffeb44e2e6 in g_main_dispatch (context=0x677bb0) at gmain.c:3065
#37 g_main_context_dispatch (context=context@entry=0x677bb0) at gmain.c:3641
#38 0x00007fffeb44e638 in g_main_context_iterate (context=0x677bb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712
#39 0x00007fffeb44ea3a in g_main_loop_run (loop=0x913eb0) at gmain.c:3906
#40 0x00007ffff306a156 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#41 0x00007ffff2fa35e0 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffda58) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#42 0x00007ffff2fa3445 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffda58) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#43 0x000000000040085d in main (argc=2, argv=0x7fffffffda58) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32

Comment 1 Brent Fulgham 2016-08-03 14:44:26 PDT

This reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-04 10:01:49 PDT

<rdar://problem/27701733>

Comment 3 Radar WebKit Bug Importer 2016-08-04 10:01:56 PDT

<rdar://problem/27701737>

Comment 4 zalan 2016-09-06 14:04:18 PDT

Created attachment 288044 [details]
Patch

Comment 5 WebKit Commit Bot 2016-09-06 14:55:05 PDT

Comment on attachment 288044 [details]
Patch

Clearing flags on attachment: 288044

Committed r205510: <http://trac.webkit.org/changeset/205510>

Comment 6 WebKit Commit Bot 2016-09-06 14:55:12 PDT

All reviewed patches have been landed.  Closing bug.