140516 – [Win] Assertion in 'fast/images/large-size-image-crash.html'

Bug 140516 - [Win] Assertion in 'fast/images/large-size-image-crash.html'

Summary: [Win] Assertion in 'fast/images/large-size-image-crash.html'

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-15 15:15 PST by Brent Fulgham
Modified:	2016-09-16 10:11 PDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2015-01-15 15:15:45 PST

A debug assert is firing in the layout test 'fast/images/large-size-image-crash.html' with the following stack trace:

 	WTF.dll!WTFCrash() Line 321	C++
>	WebKit.dll!WTF::safeCast<int,unsigned int>(unsigned int value) Line 164	C++
 	WebKit.dll!WebCore::BitmapImage::cacheFrame(unsigned int index, short subsamplingLevel, WebCore::BitmapImage::ImageFrameCaching frameCaching) Line 206	C++
 	WebKit.dll!WebCore::BitmapImage::frameAtIndex(unsigned int index, float presentationScaleHint) Line 410	C++
 	WebKit.dll!WebCore::BitmapImage::draw(WebCore::GraphicsContext * ctxt, const WebCore::FloatRect & destRect, const WebCore::FloatRect & srcRect, WebCore::ColorSpace styleColorSpace, WebCore::CompositeOperator compositeOp, WebCore::BlendMode blendMode, WebCore::ImageOrientationDescription description) Line 222	C++
 	WebKit.dll!WebCore::GraphicsContext::drawImage(WebCore::Image * image, WebCore::ColorSpace colorSpace, const WebCore::FloatRect & destination, const WebCore::FloatRect & source, const WebCore::ImagePaintingOptions & imagePaintingOptions) Line 569	C++
 	WebKit.dll!WebCore::GraphicsContext::drawImage(WebCore::Image * image, WebCore::ColorSpace colorSpace, const WebCore::FloatRect & destination, const WebCore::ImagePaintingOptions & imagePaintingOptions) Line 559	C++
 	WebKit.dll!WebCore::RenderImage::paintIntoRect(WebCore::GraphicsContext * context, const WebCore::FloatRect & rect) Line 570	C++
 	WebKit.dll!WebCore::RenderImage::paintReplaced(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 483	C++
 	WebKit.dll!WebCore::RenderReplaced::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 183	C++
 	WebKit.dll!WebCore::RenderImage::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 499	C++
 	WebKit.dll!WebCore::InlineElementBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit __formal, WebCore::LayoutUnit __formal) Line 89	C++
 	WebKit.dll!WebCore::InlineFlowBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit lineTop, WebCore::LayoutUnit lineBottom) Line 1167	C++
 	WebKit.dll!WebCore::RootInlineBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit lineTop, WebCore::LayoutUnit lineBottom) Line 187	C++
 	WebKit.dll!WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject * renderer, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 268	C++
 	WebKit.dll!WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 3414	C++
 	WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1458	C++
 	WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1607	C++
 	WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1438	C++
 	WebKit.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox & child, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 1510	C++
 	WebKit.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 1477	C++
 	WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1472	C++
 	WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1607	C++
 	WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1438	C++
 	WebKit.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox & child, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 1510	C++
 	WebKit.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 1477	C++
 	WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1472	C++
 	WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1607	C++
 	WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1438	C++
 	WebKit.dll!WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase phase, const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow> & layerFragments, WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4589	C++
 	WebKit.dll!WebCore::RenderLayer::paintForegroundForFragments(const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow> & layerFragments, WebCore::GraphicsContext * context, WebCore::GraphicsContext * transparencyLayerContext, const WebCore::LayoutRect & transparencyPaintDirtyRect, bool haveTransparency, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer, bool selectionOnly) Line 4554	C++
 	WebKit.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4174	C++
 	WebKit.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 3847	C++
 	WebKit.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 3829	C++
 	WebKit.dll!WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0,WTF::CrashOnOverflow> * list, WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4271	C++
 	WebKit.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4185	C++
 	WebKit.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 3847	C++
 	WebKit.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 3829	C++
 	WebKit.dll!WebCore::RenderLayer::paint(WebCore::GraphicsContext * context, const WebCore::LayoutRect & damageRect, const WebCore::LayoutSize & subpixelAccumulation, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRoot, unsigned int paintFlags) Line 3633	C++
 	WebKit.dll!WebCore::FrameView::paintContents(WebCore::GraphicsContext * context, const WebCore::IntRect & dirtyRect) Line 3874	C++
 	WebKit.dll!WebCore::ScrollView::paint(WebCore::GraphicsContext * context, const WebCore::IntRect & rect) Line 1225	C++
 	WebKit.dll!WebView::paintIntoBackingStore(WebCore::FrameView * frameView, HDC__ * bitmapDC, const WebCore::IntRect & dirtyRect, WebView::WindowsToPaint windowsToPaint) Line 1235	C++
 	WebKit.dll!WebView::updateBackingStore(WebCore::FrameView * frameView, HDC__ * dc, bool backingStoreCompletelyDirty, WebView::WindowsToPaint windowsToPaint) Line 1060	C++
 	WebKit.dll!WebView::paint(HDC__ * dc, long options) Line 1170	C++
 	WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned int wParam, long lParam) Line 2261	C++
 	[External Code]	
 	DumpRenderTree.dll!dump() Line 684	C++
 	DumpRenderTree.dll!FrameLoadDelegate::locationChangeDone(IWebError * __formal, IWebFrame * frame) Line 250	C++
 	DumpRenderTree.dll!FrameLoadDelegate::didFinishLoadForFrame(IWebView * __formal, IWebFrame * frame) Line 258	C++
 	WebKit.dll!WebFrameLoaderClient::dispatchDidFinishLoad() Line 497	C++
 	WebKit.dll!WebCore::FrameLoader::checkLoadCompleteForThisFrame() Line 2286	C++
 	WebKit.dll!WebCore::FrameLoader::checkLoadComplete() Line 2466	C++
 	WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 857	C++
 	WebKit.dll!WebCore::FrameLoader::loadDone() Line 784	C++
 	WebKit.dll!WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource * resource, bool shouldPerformPostLoadActions) Line 834	C++
 	WebKit.dll!WebCore::SubresourceLoader::notifyDone() Line 437	C++
 	WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime) Line 363	C++
 	WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal, double finishTime) Line 503	C++
 	WebKit.dll!WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didFinishLoading() Line 181	C++
 	WebKit.dll!WebCore::ResourceHandleCFURLConnectionDelegate::didFinishLoadingCallback(_CFURLConnection * __formal, const void * clientInfo) Line 88	C++
 	CFNetwork.dll!URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue * preQ) Line 1739	C++
 	CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<enum XClientEvent,XClientEventParams> * e, long count) Line 2256	C++
 	CFNetwork.dll!XConnectionEventQueue<enum XClientEvent,XClientEventParams>::processAllEvents() Line 231	C++
 	CFNetwork.dll!URLConnectionClient::processEvents() Line 362	C++
 	CFNetwork.dll!MultiplexerSource::perform() Line 229	C++
 	CoreFoundation.dll!__CFRunLoopDoSources0(__CFRunLoop * rl, __CFRunLoopMode * rlm, unsigned char stopAfterHandle) Line 41844	C++
 	CoreFoundation.dll!__CFRunLoopRun(__CFRunLoop * rl, __CFRunLoopMode * rlm, double seconds, unsigned char stopAfterHandle, __CFRunLoopMode * previousMode) Line 42281	C++
 	CoreFoundation.dll!CFRunLoopRunSpecific(__CFRunLoop * rl, const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42477	C++
 	CoreFoundation.dll!CFRunLoopRunInMode(const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42511	C++
 	DumpRenderTree.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1120	C++
 	DumpRenderTree.dll!main(int argc, const char * * argv) Line 1476	C++
 	DumpRenderTree.dll!dllLauncherEntryPoint(int argc, const char * * argv) Line 1506	C++
 	DumpRenderTree.exe!main(int argc, const char * * argv) Line 239	C++


SafeCast is angry that the value is not in the bounds of the expected type:

value = 3,105,862,920
FromType is unsigned int
ToType is int

Since the Windows bot is a 32-bit build, this failure makes sense.

Comment 1 Alexey Proskuryakov 2016-09-16 10:11:12 PDT

See also: rdar://problem/27491960