WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
140180
Assert should never be reached hit in WebCore::CSSCalcPrimitiveValue::doubleValue
https://bugs.webkit.org/show_bug.cgi?id=140180
Summary
Assert should never be reached hit in WebCore::CSSCalcPrimitiveValue::doubleV...
Renata Hodovan
Reported
2015-01-07 09:37:35 PST
Created
attachment 244158
[details]
Test case Load this test with debug WK: <style> * { stroke-width: calc( -5374turn * 2388 + 7845.2deg ); } </style> Backtrace: SHOULD NEVER BE REACHED ../../Source/WebCore/css/CSSCalculationValue.cpp(253) : virtual double WebCore::CSSCalcPrimitiveValue::doubleValue() const Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff98b92700 (LWP 7008)] 0x00007fffed92a5c7 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffed92a5c7 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff2d98fb4 in WebCore::CSSCalcPrimitiveValue::doubleValue (this=0x7ffff7e3b480) at ../../Source/WebCore/css/CSSCalculationValue.cpp:253 #2 0x00007ffff2d99f4c in WebCore::CSSCalcBinaryOperation::doubleValue (this=0x7ffff7e444b0) at ../../Source/WebCore/css/CSSCalculationValue.cpp:440 #3 0x00007ffff2d996d6 in WebCore::CSSCalcBinaryOperation::createSimplified (op=WebCore::CalcAdd, leftSide=..., rightSide=...) at ../../Source/WebCore/css/CSSCalculationValue.cpp:385 #4 0x00007ffff2d9aed0 in WebCore::CSSCalcExpressionNodeParser::parseAdditiveValueExpression (this=0x7fffffff8aff, tokens=0x7ffff7f2ec80, depth=1, index=0x7fffffff8a8c, result=0x7fffffff8a90) at ../../Source/WebCore/css/CSSCalculationValue.cpp:681 #5 0x00007ffff2d9b03b in WebCore::CSSCalcExpressionNodeParser::parseValueExpression (this=0x7fffffff8aff, tokens=0x7ffff7f2ec80, depth=0, index=0x7fffffff8a8c, result=0x7fffffff8a90) at ../../Source/WebCore/css/CSSCalculationValue.cpp:692 #6 0x00007ffff2d9a757 in WebCore::CSSCalcExpressionNodeParser::parseCalc (this=0x7fffffff8aff, tokens=0x7ffff7f2ec80) at ../../Source/WebCore/css/CSSCalculationValue.cpp:577 #7 0x00007ffff2d97ff8 in WebCore::CSSCalcValue::create (name=..., parserValueList=..., range=WebCore::CalculationRangeAll) at ../../Source/WebCore/css/CSSCalculationValue.cpp:759 #8 0x00007ffff2e43633 in WebCore::CSSParser::parseCalculation (this=0x7fffffffbaa0, value=..., range=WebCore::CalculationRangeAll) at ../../Source/WebCore/css/CSSParser.cpp:10047 #9 0x00007ffff2e19b76 in WebCore::CSSParser::validateCalculationUnit (this=0x7fffffffbaa0, valueWithCalculation=..., unitFlags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength)) at ../../Source/WebCore/css/CSSParser.cpp:1590 #10 0x00007ffff2e19e30 in WebCore::CSSParser::validateUnit (this=0x7fffffffbaa0, valueWithCalculation=..., unitFlags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength), cssParserMode=WebCore::SVGAttributeMode) at ../../Source/WebCore/css/CSSParser.cpp:1645 #11 0x00007ffff2ec834a in WebCore::CSSParser::parseSVGValue (this=0x7fffffffbaa0, propId=WebCore::CSSPropertyStrokeWidth, important=false) at ../../Source/WebCore/css/SVGCSSParser.cpp:239 #12 0x00007ffff2e1ee99 in WebCore::CSSParser::parseValue (this=0x7fffffffbaa0, propId=WebCore::CSSPropertyStrokeWidth, important=false) at ../../Source/WebCore/css/CSSParser.cpp:3111 #13 0x00007ffff3ecaf17 in cssyyparse (parser=0x7fffffffbaa0) at /home/reni/data/REPOS/webkit/WebKitBuild/Debug/DerivedSources/WebCore/CSSGrammar.y:1288 #14 0x00007ffff2e15f9a in WebCore::CSSParser::parseSheet (this=0x7fffffffbaa0, sheet=0x7ffff7f1ca90, string=..., startLineNumber=0, ruleSourceDataResult=0x0, logErrors=true) at ../../Source/WebCore/css/CSSParser.cpp:439 #15 0x00007ffff2f10881 in WebCore::StyleSheetContents::parseStringAtLine (this=0x7ffff7f1ca90, sheetText=..., startLineNumber=0, createdByParser=true) at ../../Source/WebCore/css/StyleSheetContents.cpp:326 #16 0x00007ffff301885a in WebCore::InlineStyleSheetOwner::createSheet (this=0x7ffff7f3bd58, element=..., text=...) at ../../Source/WebCore/dom/InlineStyleSheetOwner.cpp:147 #17 0x00007ffff301829f in WebCore::InlineStyleSheetOwner::createSheetFromTextContents (this=0x7ffff7f3bd58, element=...) at ../../Source/WebCore/dom/InlineStyleSheetOwner.cpp:97 #18 0x00007ffff301825b in WebCore::InlineStyleSheetOwner::finishParsingChildren (this=0x7ffff7f3bd58, element=...) at ../../Source/WebCore/dom/InlineStyleSheetOwner.cpp:91 #19 0x00007ffff32503d9 in WebCore::HTMLStyleElement::finishParsingChildren (this=0x7ffff7f3bcf0) at ../../Source/WebCore/html/HTMLStyleElement.cpp:90 #20 0x00007ffff32fe47e in WebCore::HTMLElementStack::popCommon (this=0x7ffff7f38940) at ../../Source/WebCore/html/parser/HTMLElementStack.cpp:572 #21 0x00007ffff32fcea8 in WebCore::HTMLElementStack::pop (this=0x7ffff7f38940) at ../../Source/WebCore/html/parser/HTMLElementStack.cpp:213 #22 0x00007ffff3327e73 in WebCore::HTMLTreeBuilder::processEndTag (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2144 #23 0x00007ffff331e76e in WebCore::HTMLTreeBuilder::processToken (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:375 #24 0x00007ffff331e5a3 in WebCore::HTMLTreeBuilder::constructTree (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:341 #25 0x00007ffff32f6505 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7ffff7ed2100, rawToken=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:339 #26 0x00007ffff32f6160 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7ffff7ed2100, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:296 #27 0x00007ffff32f5a77 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7ffff7ed2100, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:187 #28 0x00007ffff32f6a93 in WebCore::HTMLDocumentParser::append (this=0x7ffff7ed2100, inputSource=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414 #29 0x00007ffff2f7b5c3 in WebCore::DecodedDataDocumentParser::flush (this=0x7ffff7ed2100, writer=...) at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #30 0x00007ffff346384b in WebCore::DocumentWriter::end (this=0x7ffff7ebeaa0) at ../../Source/WebCore/loader/DocumentWriter.cpp:244 #31 0x00007ffff344f029 in WebCore::DocumentLoader::finishedLoading (this=0x7ffff7ebea00, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440 #32 0x00007ffff344ed92 in WebCore::DocumentLoader::notifyFinished (this=0x7ffff7ebea00, resource=0x7ffff7ecb680) at ../../Source/WebCore/loader/DocumentLoader.cpp:374 #33 0x00007ffff3501e1e in WebCore::CachedResource::checkNotify (this=0x7ffff7ecb680) at ../../Source/WebCore/loader/cache/CachedResource.cpp:294 #34 0x00007ffff3501f1c in WebCore::CachedResource::finishLoading (this=0x7ffff7ecb680) at ../../Source/WebCore/loader/cache/CachedResource.cpp:310 #35 0x00007ffff34fe617 in WebCore::CachedRawResource::finishLoading (this=0x7ffff7ecb680, data=0x7ffff7e44570) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #36 0x00007ffff34b1886 in WebCore::SubresourceLoader::didFinishLoading (this=0x7ffff7ecb200, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:355 #37 0x00007ffff34ad4e7 in WebCore::ResourceLoader::didFinishLoading (this=0x7ffff7ecb200, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:506 #38 0x00007ffff3e58c65 in WebCore::readCallback (asyncResult=0x7731d0, data=0x7ffff7e3b0e0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1295 #39 0x00007fffeb4cc7d6 in async_ready_callback_wrapper (source_object=0x7c8ad0, res=0x7731d0, user_data=user_data@entry=0x7ffff7e3b0e0) at ginputstream.c:523 #40 0x00007fffeb4f20d5 in g_task_return_now (task=0x7731d0) at gtask.c:1077 #41 0x00007fffeb4f20f9 in complete_in_idle_cb (task=0x7731d0) at gtask.c:1086 #42 0x00007fffea7319fd in g_main_dispatch (context=0x478330) at gmain.c:3064 #43 g_main_context_dispatch (context=context@entry=0x478330) at gmain.c:3663 #44 0x00007fffea731d68 in g_main_context_iterate (context=0x478330, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #45 0x00007fffea73202a in g_main_loop_run (loop=0x8fd9e0) at gmain.c:3928 #46 0x00007ffff4537450 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #47 0x00007ffff2a65456 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd888) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #48 0x00007ffff2a652bb in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd888) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:70 #49 0x0000000000400891 in main (argc=2, argv=0x7fffffffd888) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test case
(78 bytes, text/html)
2015-01-07 09:37 PST
,
Renata Hodovan
no flags
Details
Patch
(6.20 KB, patch)
2015-01-07 19:42 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2015-01-07 19:42:50 PST
Created
attachment 244234
[details]
Patch
WebKit Commit Bot
Comment 2
2015-01-07 21:56:28 PST
Comment on
attachment 244234
[details]
Patch Clearing flags on attachment: 244234 Committed
r178102
: <
http://trac.webkit.org/changeset/178102
>
WebKit Commit Bot
Comment 3
2015-01-07 21:56:33 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug