Created attachment 238370 [details] Test case The test: <style> * { tab-size:-webkit-calc(2); } </style> The assertion failure is triggered only with a few CSS properties like tab-size, z-index, etc. The backtrace: SHOULD NEVER BE REACHED ../../Source/WebCore/css/CSSPrimitiveValueMappings.h(97) : WebCore::CSSPrimitiveValue::operator T() const [with T = int] 0x00007fffedbf3127 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 329 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffedbf3127 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 #1 0x00007ffff2f2b47f in WebCore::CSSPrimitiveValue::operator int<int>() const (this=0x7a5240) at ../../Source/WebCore/css/CSSPrimitiveValueMappings.h:97 #2 0x00007ffff2f649e1 in WebCore::ApplyPropertyAuto<int, &(WebCore::RenderStyle::zIndex() const), &WebCore::RenderStyle::setZIndex, &(WebCore::RenderStyle::hasAutoZIndex() const), &WebCore::RenderStyle::setHasAutoZIndex, (WebCore::AutoValueType)0, 268>::applyValue (styleResolver=0xa39620, value=0x7a5240) at ../../Source/WebCore/css/DeprecatedStyleBuilder.cpp:223 #3 0x00007ffff2fd31f1 in WebCore::PropertyHandler::applyValue (this=0x7ffff7dcbd98 <WebCore::DeprecatedStyleBuilder::sharedStyleBuilder()::styleBuilderInstance+4056>, propertyID=WebCore::CSSPropertyZIndex, styleResolver=0xa39620, value=0x7a5240) at ../../Source/WebCore/css/DeprecatedStyleBuilder.h:49 #4 0x00007ffff2fc6d9a in WebCore::StyleResolver::applyProperty (this=0xa39620, id=WebCore::CSSPropertyZIndex, value=0x7a5240) at ../../Source/WebCore/css/StyleResolver.cpp:2129 #5 0x00007ffff2fcf05f in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffffa540, resolver=...) at ../../Source/WebCore/css/StyleResolver.cpp:3951 #6 0x00007ffff2fcf1d4 in WebCore::StyleResolver::applyCascadedProperties (this=0xa39620, cascade=..., firstProperty=0x15, lastProperty=0x1a4) at ../../Source/WebCore/css/StyleResolver.cpp:3981 #7 0x00007ffff2fc56e1 in WebCore::StyleResolver::applyMatchedProperties (this=0xa39620, matchResult=..., element=0x85b6b0, shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache) at ../../Source/WebCore/css/StyleResolver.cpp:1754 #8 0x00007ffff2fc0c3e in WebCore::StyleResolver::styleForElement (this=0xa39620, element=0x85b6b0, defaultParent=0x9e0710, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at ../../Source/WebCore/css/StyleResolver.cpp:799 #9 0x00007ffff3c1f747 in WebCore::Style::styleForElement (element=..., inheritedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:264 #10 0x00007ffff3c1f8ff in WebCore::Style::createRendererIfNeeded (element=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:290 #11 0x00007ffff3c20fdf in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:619 #12 0x00007ffff3c218d0 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:759 #13 0x00007ffff3c22068 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:921 #14 0x00007ffff3c225d2 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:1000 #15 0x00007ffff305ed91 in WebCore::Document::recalcStyle (this=0xabf430, change=WebCore::Style::Force) at ../../Source/WebCore/dom/Document.cpp:1751 #16 0x00007ffff305f09c in WebCore::Document::updateStyleIfNeeded (this=0xabf430) at ../../Source/WebCore/dom/Document.cpp:1796 #17 0x00007ffff3069e3b in WebCore::Document::finishedParsing (this=0xabf430) at ../../Source/WebCore/dom/Document.cpp:4522 #18 0x00007ffff33bd667 in WebCore::HTMLConstructionSite::finishedParsing (this=0x85a6a8) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #19 0x00007ffff33fb1dd in WebCore::HTMLTreeBuilder::finished (this=0x85a690) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997 #20 0x00007ffff33c60d0 in WebCore::HTMLDocumentParser::end (this=0xa3a6a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #21 0x00007ffff33c61bb in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0xa3a6a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #22 0x00007ffff33c4c69 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0xa3a6a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #23 0x00007ffff33c61fe in WebCore::HTMLDocumentParser::attemptToEnd (this=0xa3a6a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #24 0x00007ffff33c62b5 in WebCore::HTMLDocumentParser::finish (this=0xa3a6a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #25 0x00007ffff35322d1 in WebCore::DocumentWriter::end (this=0xabaa60) at ../../Source/WebCore/loader/DocumentWriter.cpp:246 #26 0x00007ffff351d9ad in WebCore::DocumentLoader::finishedLoading (this=0xaba9c0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441 #27 0x00007ffff351d716 in WebCore::DocumentLoader::notifyFinished (this=0xaba9c0, resource=0x882aa0) at ../../Source/WebCore/loader/DocumentLoader.cpp:375 #28 0x00007ffff35d47c4 in WebCore::CachedResource::checkNotify (this=0x882aa0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:347 #29 0x00007ffff35d48ce in WebCore::CachedResource::finishLoading (this=0x882aa0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:363 #30 0x00007ffff35d11f4 in WebCore::CachedRawResource::finishLoading (this=0x882aa0, data=0x85a3e0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:101 #31 0x00007ffff3580a50 in WebCore::SubresourceLoader::didFinishLoading (this=0x883010, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:309 #32 0x00007ffff357c73b in WebCore::ResourceLoader::didFinishLoading (this=0x883010, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:512 #33 0x00007ffff3eecb0f in WebCore::readCallback (asyncResult=0x9e09a0, data=0x7a2be0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302 #34 0x00007fffebac72ea in async_ready_callback_wrapper (source_object=0xa3bb30, res=0x9e09a0, user_data=0x7a2be0) at ginputstream.c:519 #35 0x00007fffebae6ceb in g_task_return_now (task=0x9e09a0) at gtask.c:1108 #36 0x00007fffebae6d09 in complete_in_idle_cb (task=0x9e09a0) at gtask.c:1117 #37 0x00007fffead3d2e6 in g_main_dispatch (context=0x677bb0) at gmain.c:3065 #38 g_main_context_dispatch (context=context@entry=0x677bb0) at gmain.c:3641 #39 0x00007fffead3d638 in g_main_context_iterate (context=0x677bb0, block=block@entry=0x1, dispatch=dispatch@entry=0x1, self=<optimized out>) at gmain.c:3712 #40 0x00007fffead3da3a in g_main_loop_run (loop=0xafe620) at gmain.c:3906 #41 0x00007ffff45e062e in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #42 0x00007ffff2b1c1e2 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=0x2, argv=0x7fffffffd938) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #43 0x00007ffff2b1c047 in WebKit::WebProcessMainUnix (argc=0x2, argv=0x7fffffffd938) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #44 0x000000000040080d in main (argc=0x2, argv=0x7fffffffd938) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32