Bug 136149 - ASSERTION FAILED: !trackSizes.isEmpty() in WebCore::createGridTrackList
Summary: ASSERTION FAILED: !trackSizes.isEmpty() in WebCore::createGridTrackList
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sergio Villar Senin
URL:
Keywords:
Depends on:
Blocks: 60731 116980
  Show dependency treegraph
 
Reported: 2014-08-22 00:42 PDT by Renata Hodovan
Modified: 2014-10-15 04:44 PDT (History)
6 users (show)

See Also:


Attachments
Test case (104 bytes, text/html)
2014-08-22 00:42 PDT, Renata Hodovan
no flags Details
Patch (5.75 KB, patch)
2014-08-22 06:23 PDT, Sergio Villar Senin
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2014-08-22 00:42:06 PDT
Created attachment 236972 [details]
Test case

The failing test case:

<!DOCTYPE html>
<style>     
li {
    -webkit-grid-template-rows: repeat(1, (foo));
}
</style>
<li></li>


Backtrace:

ASSERTION FAILED: !trackSizes.isEmpty()
/home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp(1975) : bool WebCore::createGridTrackList(WebCore::CSSValue*, WTF::Vector<WebCore::GridTrackSize>&, WebCore::NamedGridLinesMap&, WebCore::OrderedNamedGridLinesMap&, const WebCore::StyleResolver::State&)


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff92f3e700 (LWP 25421)]
0x00007ffff560f3f2 in WTFCrash () at /home/reni/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:329
329	    *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007ffff560f3f2 in WTFCrash () at /home/reni/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:329
#1  0x00007ffff01ea02b in WebCore::createGridTrackList (value=0x7043b0, trackSizes=..., namedGridLines=..., orderedNamedGridLines=..., state=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1975
#2  0x00007ffff01edd26 in WebCore::StyleResolver::applyProperty (this=0x70bc60, id=WebCore::CSSPropertyWebkitGridTemplateRows, value=0x7043b0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2718
#3  0x00007ffff01f27df in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffffaba0, resolver=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3935
#4  0x00007ffff01f2954 in WebCore::StyleResolver::applyCascadedProperties (this=0x70bc60, cascade=..., firstProperty=20, lastProperty=422) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3965
#5  0x00007ffff01e90ae in WebCore::StyleResolver::applyMatchedProperties (this=0x70bc60, matchResult=..., element=0x6dd1e0, shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1734
#6  0x00007ffff01e46ac in WebCore::StyleResolver::styleForElement (this=0x70bc60, element=0x6dd1e0, defaultParent=0x70efb0, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:801
#7  0x00007ffff0e625eb in WebCore::Style::styleForElement (element=..., inheritedStyle=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:259
#8  0x00007ffff0e627a3 in WebCore::Style::createRendererIfNeeded (element=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:285
#9  0x00007ffff0e63e2e in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:605
#10 0x00007ffff0e634d0 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:481
#11 0x00007ffff0e63f05 in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:619
#12 0x00007ffff0e634d0 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:481
#13 0x00007ffff0e63f05 in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:619
#14 0x00007ffff0e6471f in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::Force) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:745
#15 0x00007ffff0e64ed5 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::Force) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:910
#16 0x00007ffff0e65479 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:991
#17 0x00007ffff0287eef in WebCore::Document::recalcStyle (this=0x70cb80, change=WebCore::Style::Force) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1750
#18 0x00007ffff02881fa in WebCore::Document::updateStyleIfNeeded (this=0x70cb80) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1795
#19 0x00007ffff0292f41 in WebCore::Document::finishedParsing (this=0x70cb80) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4514
#20 0x00007ffff05eaf4b in WebCore::HTMLConstructionSite::finishedParsing (this=0x6ed7c8) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:395
#21 0x00007ffff0628b8d in WebCore::HTMLTreeBuilder::finished (this=0x6ed7b0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997
#22 0x00007ffff05f3a8e in WebCore::HTMLDocumentParser::end (this=0x70c410) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#23 0x00007ffff05f3b79 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x70c410) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#24 0x00007ffff05f252f in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x70c410) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#25 0x00007ffff05f3bbc in WebCore::HTMLDocumentParser::attemptToEnd (this=0x70c410) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:474
#26 0x00007ffff05f3c73 in WebCore::HTMLDocumentParser::finish (this=0x70c410) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:502
#27 0x00007ffff0763e8f in WebCore::DocumentWriter::end (this=0x7817a0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:250
#28 0x00007ffff074c709 in WebCore::DocumentLoader::finishedLoading (this=0x781700, finishTime=0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:441
#29 0x00007ffff074c472 in WebCore::DocumentLoader::notifyFinished (this=0x781700, resource=0x79c460) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:375
#30 0x00007ffff080a850 in WebCore::CachedResource::checkNotify (this=0x79c460) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:333
#31 0x00007ffff080a95a in WebCore::CachedResource::finishLoading (this=0x79c460) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:349
#32 0x00007ffff08072a8 in WebCore::CachedRawResource::finishLoading (this=0x79c460, data=0x73e0c0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:101
#33 0x00007ffff07b6090 in WebCore::SubresourceLoader::didFinishLoading (this=0x79c9c0, finishTime=0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:306
#34 0x00007ffff07b1bdd in WebCore::ResourceLoader::didFinishLoading (this=0x79c9c0, finishTime=0) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:518
#35 0x00007ffff1187bc5 in WebCore::readCallback (asyncResult=0x7a09d0, data=0x79d040) at /home/reni/data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302
#36 0x00007fffeb395816 in async_ready_callback_wrapper (source_object=0x6c49b0, res=0x7a09d0, user_data=user_data@entry=0x79d040) at ginputstream.c:523
#37 0x00007fffeb3bb115 in g_task_return_now (task=0x7a09d0) at gtask.c:1077
#38 0x00007fffeb3bb139 in complete_in_idle_cb (task=0x7a09d0) at gtask.c:1086
#39 0x00007fffeadf7a7d in g_main_dispatch (context=0x6bbe80) at gmain.c:3064
#40 g_main_context_dispatch (context=context@entry=0x6bbe80) at gmain.c:3663
#41 0x00007fffec1905e0 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffd5e0, rfds=0x7fffffffd560, ecore_fds=10, ctx=<optimized out>) at lib/ecore/ecore_glib.c:172
#42 _ecore_glib_select (ecore_fds=10, rfds=0x7fffffffd560, wfds=0x7fffffffd5e0, efds=<optimized out>, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:204
#43 0x00007fffec192ff4 in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1579
#44 0x00007fffec193995 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:2005
#45 0x00007fffec193a57 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:1042
#46 0x00007ffff7609c87 in WTF::RunLoop::run () at /home/reni/data/REPOS/webkit_sec/Source/WTF/wtf/efl/RunLoopEfl.cpp:51
#47 0x00007ffff7587940 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffda88) at /home/reni/data/REPOS/webkit_sec/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#48 0x00007ffff758771e in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffda88) at /home/reni/data/REPOS/webkit_sec/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:124
#49 0x000000000040084d in main (argc=2, argv=0x7fffffffda88) at /home/reni/data/REPOS/webkit_sec/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32
Comment 1 Sergio Villar Senin 2014-08-22 06:23:53 PDT
Created attachment 236982 [details]
Patch
Comment 2 Darin Adler 2014-08-22 09:08:17 PDT
Comment on attachment 236982 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=236982&action=review

> Source/WebCore/css/CSSParser.cpp:5278
> +    bool seenTrackSize = false;

“seen track size” is not good grammar. It would be better to name this “saw track size” or “track size was seen” or something else that’s a grammatically correct predicate.
Comment 3 Sergio Villar Senin 2014-08-25 00:56:55 PDT
Committed r172904: <http://trac.webkit.org/changeset/172904>