136941 – ASSERTION FAILED: !visualMetricsValues.isEmpty() in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath

Bug 136941 - ASSERTION FAILED: !visualMetricsValues.isEmpty() in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath

Summary: ASSERTION FAILED: !visualMetricsValues.isEmpty() in WebCore::SVGTextLayoutEng...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Duplicates (1):	202915 (view as bug list)
Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-09-19 01:33 PDT by Renata Hodovan
Modified:	2023-02-22 22:11 PST (History)
CC List:	7 users (show)

See Also:

Attachments
Test case (124 bytes, text/html) 2014-09-19 01:33 PDT, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2014-09-19 01:33:40 PDT

Created attachment 238357 [details]
Test case

The failing test case:

<svg>
    <text>
        <tspan style="white-space:pre-wrap;">
            <font></font>
        </tspan>
    </text>
</svg>



The backtrace:

ASSERTION FAILED: !visualMetricsValues.isEmpty()
../../Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp(437) : void WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath(WebCore::SVGInlineTextBox*, WebCore::RenderSVGInlineText*, const WebCore::RenderStyle*)

0x00007fffedbf3127 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329
329	    *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fffedbf3127 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329
#1  0x00007ffff3bf9563 in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath (this=0x7fffffffa410, textBox=0x7c5870, text=0x890ef0, style=0x986990) at ../../Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp:437
#2  0x00007ffff3bf8cf2 in WebCore::SVGTextLayoutEngine::layoutInlineTextBox (this=0x7fffffffa410, textBox=0x7c5870) at ../../Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp:244
#3  0x00007ffff3beedd6 in WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes (this=0xb01540, start=0x995850, characterLayout=...) at ../../Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:110
#4  0x00007ffff3beef2c in WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes (this=0xb01540, start=0xb01540, characterLayout=...) at ../../Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:130
#5  0x00007ffff3beec68 in WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation (this=0xb01540) at ../../Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:91
#6  0x00007ffff396a756 in WebCore::RenderBlockFlow::createLineBoxesFromBidiRuns (this=0x946290, bidiLevel=0x0, bidiRuns=..., end=..., lineInfo=..., verticalPositionCache=..., trailingSpaceRun=0x8b0460, wordMeasurements=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:951
#7  0x00007ffff396b632 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x946290, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0x0) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1131
#8  0x00007ffff396aca3 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x946290, layoutState=..., hasInlineChild=0x1) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1031
#9  0x00007ffff396d520 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x946290, relayoutChildren=0x1, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1448
#10 0x00007ffff394e2d4 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x946290, relayoutChildren=0x1, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:653
#11 0x00007ffff3bcfa92 in WebCore::RenderSVGText::layout (this=0x946290) at ../../Source/WebCore/rendering/svg/RenderSVGText.cpp:415
#12 0x00007ffff3bdcd98 in WebCore::SVGRenderSupport::layoutChildren (start=..., selfNeedsLayout=0x1) at ../../Source/WebCore/rendering/svg/SVGRenderSupport.cpp:274
#13 0x00007ffff3bc752a in WebCore::RenderSVGRoot::layout (this=0xb028b0) at ../../Source/WebCore/rendering/svg/RenderSVGRoot.cpp:179
#14 0x00007ffff38ed18f in WebCore::RenderElement::layoutIfNeeded (this=0xb028b0) at ../../Source/WebCore/rendering/RenderElement.h:102
#15 0x00007ffff396d4de in WebCore::RenderBlockFlow::layoutLineBoxes (this=0xabc9e0, relayoutChildren=0x1, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1446
#16 0x00007ffff394e2d4 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0xabc9e0, relayoutChildren=0x1, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:653
#17 0x00007ffff394d5ca in WebCore::RenderBlockFlow::layoutBlock (this=0xabc9e0, relayoutChildren=0x1, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:484
#18 0x00007ffff392285f in WebCore::RenderBlock::layout (this=0xabc9e0) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019
#19 0x00007ffff394e6b0 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x8af240, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:712
#20 0x00007ffff394e1d1 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x8af240, relayoutChildren=0x1, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:633
#21 0x00007ffff394d5ee in WebCore::RenderBlockFlow::layoutBlock (this=0x8af240, relayoutChildren=0x1, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:486
#22 0x00007ffff392285f in WebCore::RenderBlock::layout (this=0x8af240) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019
#23 0x00007ffff394e6b0 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x8ab010, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:712
#24 0x00007ffff394e1d1 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x8ab010, relayoutChildren=0x1, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:633
#25 0x00007ffff394d5ee in WebCore::RenderBlockFlow::layoutBlock (this=0x8ab010, relayoutChildren=0x1, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:486
#26 0x00007ffff392285f in WebCore::RenderBlock::layout (this=0x8ab010) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019
#27 0x00007ffff3b1aaa9 in WebCore::RenderView::layoutContent (this=0x8ab010, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:230
#28 0x00007ffff3b1b179 in WebCore::RenderView::layout (this=0x8ab010) at ../../Source/WebCore/rendering/RenderView.cpp:355
#29 0x00007ffff369240f in WebCore::FrameView::layout (this=0x85a9d0, allowSubtree=0x1) at ../../Source/WebCore/page/FrameView.cpp:1301
#30 0x00007ffff30613d5 in WebCore::Document::implicitClose (this=0x80a080) at ../../Source/WebCore/dom/Document.cpp:2441
#31 0x00007ffff3540b63 in WebCore::FrameLoader::checkCallImplicitClose (this=0x88c668) at ../../Source/WebCore/loader/FrameLoader.cpp:898
#32 0x00007ffff35408cb in WebCore::FrameLoader::checkCompleted (this=0x88c668) at ../../Source/WebCore/loader/FrameLoader.cpp:844
#33 0x00007ffff3540634 in WebCore::FrameLoader::finishedParsing (this=0x88c668) at ../../Source/WebCore/loader/FrameLoader.cpp:764
#34 0x00007ffff3069e57 in WebCore::Document::finishedParsing (this=0x80a080) at ../../Source/WebCore/dom/Document.cpp:4524
#35 0x00007ffff33bd667 in WebCore::HTMLConstructionSite::finishedParsing (this=0x85bc08) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395
#36 0x00007ffff33fb1dd in WebCore::HTMLTreeBuilder::finished (this=0x85bbf0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997
#37 0x00007ffff33c60d0 in WebCore::HTMLDocumentParser::end (this=0xa44ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#38 0x00007ffff33c61bb in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0xa44ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#39 0x00007ffff33c4c69 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0xa44ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#40 0x00007ffff33c61fe in WebCore::HTMLDocumentParser::attemptToEnd (this=0xa44ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#41 0x00007ffff33c62b5 in WebCore::HTMLDocumentParser::finish (this=0xa44ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#42 0x00007ffff35322d1 in WebCore::DocumentWriter::end (this=0x949a10) at ../../Source/WebCore/loader/DocumentWriter.cpp:246
#43 0x00007ffff351d9ad in WebCore::DocumentLoader::finishedLoading (this=0x949970, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441
#44 0x00007ffff351d716 in WebCore::DocumentLoader::notifyFinished (this=0x949970, resource=0x8a7910) at ../../Source/WebCore/loader/DocumentLoader.cpp:375
#45 0x00007ffff35d47c4 in WebCore::CachedResource::checkNotify (this=0x8a7910) at ../../Source/WebCore/loader/cache/CachedResource.cpp:347
#46 0x00007ffff35d48ce in WebCore::CachedResource::finishLoading (this=0x8a7910) at ../../Source/WebCore/loader/cache/CachedResource.cpp:363
#47 0x00007ffff35d11f4 in WebCore::CachedRawResource::finishLoading (this=0x8a7910, data=0xac14f0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:101
#48 0x00007ffff3580a50 in WebCore::SubresourceLoader::didFinishLoading (this=0x8a7e80, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:309
#49 0x00007ffff357c73b in WebCore::ResourceLoader::didFinishLoading (this=0x8a7e80, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:512
#50 0x00007ffff3eecb0f in WebCore::readCallback (asyncResult=0x81d1a0, data=0x8a4e10) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302
#51 0x00007fffebac72ea in async_ready_callback_wrapper (source_object=0xa3bb30, res=0x81d1a0, user_data=0x8a4e10) at ginputstream.c:519
#52 0x00007fffebae6ceb in g_task_return_now (task=0x81d1a0) at gtask.c:1108
#53 0x00007fffebae6d09 in complete_in_idle_cb (task=0x81d1a0) at gtask.c:1117
#54 0x00007fffead3d2e6 in g_main_dispatch (context=0x677bb0) at gmain.c:3065
#55 g_main_context_dispatch (context=context@entry=0x677bb0) at gmain.c:3641
#56 0x00007fffead3d638 in g_main_context_iterate (context=0x677bb0, block=block@entry=0x1, dispatch=dispatch@entry=0x1, self=<optimized out>) at gmain.c:3712
#57 0x00007fffead3da3a in g_main_loop_run (loop=0xafe450) at gmain.c:3906
#58 0x00007ffff45e062e in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#59 0x00007ffff2b1c1e2 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=0x2, argv=0x7fffffffd938) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#60 0x00007ffff2b1c047 in WebKit::WebProcessMainUnix (argc=0x2, argv=0x7fffffffd938) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#61 0x000000000040080d in main (argc=0x2, argv=0x7fffffffd938) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32

Comment 1 Brent Fulgham 2016-08-03 17:03:24 PDT

Reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-03 17:03:49 PDT

<rdar://problem/27689544>

Comment 3 Ahmad Saleem 2022-11-09 15:58:15 PST

This was fixed in Blink commit - https://chromium.googlesource.com/chromium/blink/+/cfed17d1b14f9cff420321fca6eac89bca504492

and by doing changes here - https://github.com/WebKit/WebKit/blob/eece793cfe01232ecbbf6a69457b83fcbfac896a/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp#L422

Comment 4 Ahmad Saleem 2022-11-09 17:23:37 PST

*** Bug 202915 has been marked as a duplicate of this bug. ***

Comment 5 Ahmad Saleem 2022-11-09 17:24:04 PST

https://github.com/WebKit/WebKit/pull/6324

Comment 6 Ahmad Saleem 2022-11-26 01:53:22 PST

I tried to fix this in following pull request:

https://github.com/WebKit/WebKit/pull/6324

and Chrome / Blink patch 1-1 is not possible because isSVG() is not in RenderElement and I had to use isSVGRoot() or isSVGElement() to make it compile.

I think it has pre-requisite so I think it might be not possible to merge right now.

We are still hitting this assertion with this testcase in mac-AS-debug-wk2.

Just wanted to update. I might come back later in future once I think I have landed any pre-requisite. Thanks!

Comment 7 Darin Adler 2022-12-01 04:56:50 PST

Why did you close the change request?

Comment 8 Darin Adler 2022-12-01 04:57:22 PST

Sorry, I meant: Why did you close the pull request? There’s no comment there that explains why.

Comment 9 Ahmad Saleem 2022-12-01 07:57:29 PST

(In reply to Darin Adler from comment #8)
> Sorry, I meant: Why did you close the pull request? There’s no comment there
> that explains why.

Hi Darin, I added comment 06 and the problem is that:

isSVG() is giving build error and when I try to do isSVGRoot() and isSVGElement(), it compiles and builds but fails with same assertion / crash on mac-AS-debug-wk2. So it seems that there is a pre-requisite, which we need and we can't just add 1-1 this patch, which is trying to fix this.

Comment 10 Ahmad Saleem 2023-02-22 11:23:15 PST

(In reply to Ahmad Saleem from comment #9)
> (In reply to Darin Adler from comment #8)
> > Sorry, I meant: Why did you close the pull request? There’s no comment there
> > that explains why.
> 
> Hi Darin, I added comment 06 and the problem is that:
> 
> isSVG() is giving build error and when I try to do isSVGRoot() and
> isSVGElement(), it compiles and builds but fails with same assertion / crash
> on mac-AS-debug-wk2. So it seems that there is a pre-requisite, which we
> need and we can't just add 1-1 this patch, which is trying to fix this.

I just tested my PR change in Debug build based of 260676@main in WebKit 2 window and I don’t get assert using attached testcase and also on test case from Chromium / Blink patch, which I got in ‘mac-AS-debug-wk2’, should I do this PR again?

Comment 11 Darin Adler 2023-02-22 22:11:34 PST

Yes, why not? I didn’t study it well enough to be sure, but it seems like it’s likely valuable.