RESOLVED FIXED140251
ASSERTION FAILED: !valueWithCalculation.calculation() in WebCore::CSSParser::validateCalculationUnit 
https://bugs.webkit.org/show_bug.cgi?id=140251
Summary ASSERTION FAILED: !valueWithCalculation.calculation() in WebCore::CSSParser::...
Renata Hodovan
Reported 2015-01-08 09:52:02 PST
Created attachment 244267 [details] Test case The following test asserts on debug WK <div style="text-shadow: 3px 3px calc( 3 * 3px ) "> Backtrace: ASSERTION FAILED: !valueWithCalculation.calculation() ../../Source/WebCore/css/CSSParser.cpp(1589) : bool WebCore::CSSParser::validateCalculationUnit(WebCore::CSSParser::ValueWithCalculation&, WebCore::CSSParser::Units) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff98984700 (LWP 2701)] 0x00007fffed92a5c7 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffed92a5c7 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff2e19b43 in WebCore::CSSParser::validateCalculationUnit (this=0x7fffffffba70, valueWithCalculation=..., unitFlags=(WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg)) at ../../Source/WebCore/css/CSSParser.cpp:1589 #2 0x00007ffff2e19e30 in WebCore::CSSParser::validateUnit (this=0x7fffffffba70, valueWithCalculation=..., unitFlags=(WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), cssParserMode=WebCore::CSSStrictMode) at ../../Source/WebCore/css/CSSParser.cpp:1645 #3 0x00007ffff2e363cf in WebCore::CSSParser::parseShadow (this=0x7fffffffba70, valueList=..., propId=WebCore::CSSPropertyTextShadow) at ../../Source/WebCore/css/CSSParser.cpp:7279 #4 0x00007ffff2e1c85d in WebCore::CSSParser::parseValue (this=0x7fffffffba70, propId=WebCore::CSSPropertyTextShadow, important=false) at ../../Source/WebCore/css/CSSParser.cpp:2407 #5 0x00007ffff3ecaf17 in cssyyparse (parser=0x7fffffffba70) at /home/reni/data/REPOS/webkit/WebKitBuild/Debug/DerivedSources/WebCore/CSSGrammar.y:1288 #6 0x00007ffff2e18c34 in WebCore::CSSParser::parseDeclaration (this=0x7fffffffba70, string=..., contextStyleSheet=0x7ffff7f1ca90) at ../../Source/WebCore/css/CSSParser.cpp:1408 #7 0x00007ffff2e18b79 in WebCore::CSSParser::parseInlineStyleDeclaration (string=..., element=0x7ffff7f26a28) at ../../Source/WebCore/css/CSSParser.cpp:1400 #8 0x00007ffff308659d in WebCore::StyledElement::setInlineStyleFromString (this=0x7ffff7f26a28, newStyleString=...) at ../../Source/WebCore/dom/StyledElement.cpp:186 #9 0x00007ffff30851ac in WebCore::StyledElement::styleAttributeChanged (this=0x7ffff7f26a28, newStyleString=..., reason=WebCore::Element::ModifiedDirectly) at ../../Source/WebCore/dom/StyledElement.cpp:202 #10 0x00007ffff3084f22 in WebCore::StyledElement::attributeChanged (this=0x7ffff7f26a28, name=..., oldValue=..., newValue=..., reason=WebCore::Element::ModifiedDirectly) at ../../Source/WebCore/dom/StyledElement.cpp:154 #11 0x00007ffff2feb4e7 in WebCore::Element::parserSetAttributes (this=0x7ffff7f26a28, attributeVector=...) at ../../Source/WebCore/dom/Element.cpp:1263 #12 0x00007ffff32ec7c3 in WebCore::setAttributes (element=0x7ffff7f26a28, token=0x7fffffffd040, parserContentPolicy=WebCore::AllowScriptingContent) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:56 #13 0x00007ffff32f0132 in WebCore::HTMLConstructionSite::createHTMLElement (this=0x7ffff7f38920, token=0x7fffffffd040) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:644 #14 0x00007ffff32eef70 in WebCore::HTMLConstructionSite::insertHTMLElement (this=0x7ffff7f38920, token=0x7fffffffd040) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:479 #15 0x00007ffff332027c in WebCore::HTMLTreeBuilder::processStartTagForInBody (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:659 #16 0x00007ffff3322a9a in WebCore::HTMLTreeBuilder::processStartTag (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1127 #17 0x00007ffff331e74e in WebCore::HTMLTreeBuilder::processToken (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:371 #18 0x00007ffff331e5a3 in WebCore::HTMLTreeBuilder::constructTree (this=0x7ffff7f38900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:341 #19 0x00007ffff32f6505 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7ffff7ed2100, rawToken=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:339 #20 0x00007ffff32f6160 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7ffff7ed2100, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:296 #21 0x00007ffff32f5a77 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7ffff7ed2100, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:187 #22 0x00007ffff32f6a93 in WebCore::HTMLDocumentParser::append (this=0x7ffff7ed2100, inputSource=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414 #23 0x00007ffff2f7b5c3 in WebCore::DecodedDataDocumentParser::flush (this=0x7ffff7ed2100, writer=...) at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #24 0x00007ffff346384b in WebCore::DocumentWriter::end (this=0x7ffff7ebeaa0) at ../../Source/WebCore/loader/DocumentWriter.cpp:244 #25 0x00007ffff344f029 in WebCore::DocumentLoader::finishedLoading (this=0x7ffff7ebea00, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440 #26 0x00007ffff344ed92 in WebCore::DocumentLoader::notifyFinished (this=0x7ffff7ebea00, resource=0x7ffff7ecb680) at ../../Source/WebCore/loader/DocumentLoader.cpp:374 #27 0x00007ffff3501e1e in WebCore::CachedResource::checkNotify (this=0x7ffff7ecb680) at ../../Source/WebCore/loader/cache/CachedResource.cpp:294 #28 0x00007ffff3501f1c in WebCore::CachedResource::finishLoading (this=0x7ffff7ecb680) at ../../Source/WebCore/loader/cache/CachedResource.cpp:310 #29 0x00007ffff34fe617 in WebCore::CachedRawResource::finishLoading (this=0x7ffff7ecb680, data=0x7ffff7e45570) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #30 0x00007ffff34b1886 in WebCore::SubresourceLoader::didFinishLoading (this=0x7ffff7ecb200, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:355 #31 0x00007ffff34ad4e7 in WebCore::ResourceLoader::didFinishLoading (this=0x7ffff7ecb200, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:506 #32 0x00007ffff3e58c65 in WebCore::readCallback (asyncResult=0x7ac1e0, data=0x7ffff7e3b0e0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1295 #33 0x00007fffeb4cc7d6 in async_ready_callback_wrapper (source_object=0x7c8ad0, res=0x7ac1e0, user_data=user_data@entry=0x7ffff7e3b0e0) at ginputstream.c:523 #34 0x00007fffeb4f20d5 in g_task_return_now (task=0x7ac1e0) at gtask.c:1077 #35 0x00007fffeb4f20f9 in complete_in_idle_cb (task=0x7ac1e0) at gtask.c:1086 #36 0x00007fffea7319fd in g_main_dispatch (context=0x478300) at gmain.c:3064 #37 g_main_context_dispatch (context=context@entry=0x478300) at gmain.c:3663 #38 0x00007fffea731d68 in g_main_context_iterate (context=0x478300, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #39 0x00007fffea73202a in g_main_loop_run (loop=0x8fdaa0) at gmain.c:3928 #40 0x00007ffff4537450 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #41 0x00007ffff2a65456 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd968) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #42 0x00007ffff2a652bb in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd968) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:70 #43 0x0000000000400891 in main (argc=2, argv=0x7fffffffd968) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test case (51 bytes, text/html)
2015-01-08 09:52 PST, Renata Hodovan 		no flags
Details
Patch (10.65 KB, patch)
2015-01-08 11:18 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews103 for mac-mountainlion (547.29 KB, application/zip)
2015-01-08 12:05 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews104 for mac-mountainlion-wk2 (546.07 KB, application/zip)
2015-01-08 12:07 PST, Build Bot 		no flags
Details
Patch (9.93 KB, patch)
2015-01-08 12:11 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.85 KB, patch)
2015-01-08 12:31 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (10.13 KB, patch)
2015-01-08 20:26 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-01-08 11:18:07 PST
Created attachment 244272 [details] Patch
Build Bot
Comment 2 2015-01-08 12:05:01 PST
Comment on attachment 244272 [details] Patch Attachment 244272 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/5659534064353280 New failing tests: fast/css-grid-layout/grid-columns-rows-get-set-multiple.html fast/css-grid-layout/non-grid-columns-rows-get-set-multiple.html fast/css-grid-layout/grid-columns-rows-get-set.html fast/regions/region-min-max-width-support.html
Build Bot
Comment 3 2015-01-08 12:05:05 PST
Created attachment 244280 [details] Archive of layout-test-results from ews103 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Build Bot
Comment 4 2015-01-08 12:07:51 PST
Comment on attachment 244272 [details] Patch Attachment 244272 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/6200990256594944 New failing tests: fast/css-grid-layout/grid-columns-rows-get-set-multiple.html fast/css-grid-layout/non-grid-columns-rows-get-set-multiple.html fast/css-grid-layout/grid-columns-rows-get-set.html fast/regions/region-min-max-width-support.html
Build Bot
Comment 5 2015-01-08 12:07:59 PST
Created attachment 244281 [details] Archive of layout-test-results from ews104 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.5
Chris Dumez
Comment 6 2015-01-08 12:11:49 PST
Created attachment 244282 [details] Patch
Chris Dumez
Comment 7 2015-01-08 12:31:29 PST
Created attachment 244283 [details] Patch
Darin Adler
Comment 8 2015-01-08 20:09:02 PST
Comment on attachment 244283 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=244283&action=review > Source/WebCore/css/CSSCalculationValue.h:103 > + void setPermittedValueRange(CalculationPermittedValueRange range) > + { > + m_shouldClampToNonNegative = range != CalculationRangeAll; > + } Generally I’d like to see us put inline function bodies separately after the class. Eventually as a class gets larger it can be hard to read it if we have function bodies inside the class. > Source/WebCore/css/CSSParser.cpp:1592 > + // The calculation value was already parsed so we reuse it. However, we may need to update > + // its range. Seems like an unfortunate line break. I suggest all on one line.
Chris Dumez
Comment 9 2015-01-08 20:26:23 PST
Created attachment 244321 [details] Patch
WebKit Commit Bot
Comment 10 2015-01-08 21:29:10 PST
Comment on attachment 244321 [details] Patch Clearing flags on attachment: 244321 Committed r178156: <http://trac.webkit.org/changeset/178156>
WebKit Commit Bot
Comment 11 2015-01-08 21:29:14 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.