141646 – Assert should not reached failure in WebCore::lastHyphenLocation

Bug 141646 - Assert should not reached failure in WebCore::lastHyphenLocation

Summary: Assert should not reached failure in WebCore::lastHyphenLocation

Status:	RESOLVED CONFIGURATION CHANGED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Platform (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-02-16 07:37 PST by Renata Hodovan
Modified:	2018-01-16 11:28 PST (History)
CC List:	8 users (show)

See Also:

Attachments
Test case (326 bytes, text/html) 2015-02-16 07:37 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-02-16 07:37:02 PST

Created attachment 246652 [details]
Test case

Load this with debug WK:


<!DOCTYPE html>
<style>
* {
    letter-spacing: 2821vmin;
    zoom: 7823;
}
</style>
<form>
    <small>
        <abbr>
            <mark>
                <rp>
                    <label>
                        <q></q>
                    </label>
                </rp>
            </mark>
        </abbr>
    </small>
</form>


Backtrace:

SHOULD NEVER BE REACHED
../../Source/WebCore/platform/text/Hyphenation.cpp(41) : size_t WebCore::lastHyphenLocation(WTF::StringView, size_t, const WTF::AtomicString&)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff94ed1700 (LWP 13064)]
0x00007fffed74709f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321	    *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fffed74709f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff3754eb5 in WebCore::lastHyphenLocation () at ../../Source/WebCore/platform/text/Hyphenation.cpp:41
#2  0x00007ffff39a91d6 in WebCore::maxWordFragmentWidth (renderer=0x7fffd9fa8500, style=..., font=..., word=..., minimumPrefixLength=0, minimumSuffixLength=0, suffixStart=@0x7fffffff9e4c: 0, fallbackFonts=..., glyphOverflow=...) at ../../Source/WebCore/rendering/RenderText.cpp:654
#3  0x00007ffff39aa059 in WebCore::RenderText::computePreferredLogicalWidths (this=0x7fffd9fa8500, leadWidth=0, fallbackFonts=..., glyphOverflow=...) at ../../Source/WebCore/rendering/RenderText.cpp:820
#4  0x00007ffff39abad8 in WebCore::RenderText::width (this=0x7fffd9fa8500, from=0, len=1, f=..., xPos=0, fallbackFonts=0x7fffffffa858, glyphOverflow=0x7fffffffa060) at ../../Source/WebCore/rendering/RenderText.cpp:1234
#5  0x00007ffff39ff26d in WebCore::textWidth (text=0x7fffd9fa8500, from=0, len=1, font=..., xPos=0, isFixedPitch=false, collapseWhiteSpace=true, fallbackFonts=..., layout=0x0) at ../../Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:505
#6  0x00007ffff3a02041 in WebCore::BreakingContext::handleText (this=0x7fffffffa3b0, wordMeasurements=..., hyphenated=@0x7fffffffa718: false, consecutiveHyphenatedLines=@0x7fffffffa510: 0) at ../../Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:903
#7  0x00007ffff39fc401 in WebCore::LineBreaker::nextSegmentBreak (this=0x7fffffffa710, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at ../../Source/WebCore/rendering/line/LineBreaker.cpp:115
#8  0x00007ffff39fc09f in WebCore::LineBreaker::nextLineBreak (this=0x7fffffffa710, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at ../../Source/WebCore/rendering/line/LineBreaker.cpp:82
#9  0x00007ffff3812e5c in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x7fffd9fcfb80, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1180
#10 0x00007ffff38129cf in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x7fffd9fcfb80, layoutState=..., hasInlineChild=true) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1124
#11 0x00007ffff381526f in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7fffd9fcfb80, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1542
#12 0x00007ffff37f477d in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7fffd9fcfb80, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:647
#13 0x00007ffff37f3a94 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd9fcfb80, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:479
#14 0x00007ffff37c9623 in WebCore::RenderBlock::layout (this=0x7fffd9fcfb80) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#15 0x00007ffff37f4b44 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd9fcf958, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:705
#16 0x00007ffff37f468b in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd9fcf958, relayoutChildren=false, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:628
#17 0x00007ffff37f3ab8 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd9fcf958, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:481
#18 0x00007ffff37c9623 in WebCore::RenderBlock::layout (this=0x7fffd9fcf958) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#19 0x00007ffff37f4b44 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd9fcf8a0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:705
#20 0x00007ffff37f468b in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd9fcf8a0, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:628
#21 0x00007ffff37f3ab8 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd9fcf8a0, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:481
#22 0x00007ffff37c9623 in WebCore::RenderBlock::layout (this=0x7fffd9fcf8a0) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#23 0x00007ffff37f4b44 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd97ea218, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:705
#24 0x00007ffff37f468b in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd97ea218, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:628
#25 0x00007ffff37f3ab8 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd97ea218, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:481
#26 0x00007ffff37c9623 in WebCore::RenderBlock::layout (this=0x7fffd97ea218) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#27 0x00007ffff39c894f in WebCore::RenderView::layoutContent (this=0x7fffd97ea218, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232
#28 0x00007ffff39c901f in WebCore::RenderView::layout (this=0x7fffd97ea218) at ../../Source/WebCore/rendering/RenderView.cpp:357
#29 0x00007ffff352cda2 in WebCore::FrameView::layout (this=0x7fffd8017800, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1317
#30 0x00007ffff2ed1413 in WebCore::Document::implicitClose (this=0x7fffd8040fc0) at ../../Source/WebCore/dom/Document.cpp:2498
#31 0x00007ffff33d148b in WebCore::FrameLoader::checkCallImplicitClose (this=0x7fffd97f1098) at ../../Source/WebCore/loader/FrameLoader.cpp:895
#32 0x00007ffff33d11f7 in WebCore::FrameLoader::checkCompleted (this=0x7fffd97f1098) at ../../Source/WebCore/loader/FrameLoader.cpp:841
#33 0x00007ffff33d0f60 in WebCore::FrameLoader::finishedParsing (this=0x7fffd97f1098) at ../../Source/WebCore/loader/FrameLoader.cpp:761
#34 0x00007ffff2eda3ba in WebCore::Document::finishedParsing (this=0x7fffd8040fc0) at ../../Source/WebCore/dom/Document.cpp:4638
#35 0x00007ffff324cd45 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7fffd97e74a0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404
#36 0x00007ffff3289862 in WebCore::HTMLTreeBuilder::finished (this=0x7fffd97e7480) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2940
#37 0x00007ffff32556e0 in WebCore::HTMLDocumentParser::end (this=0x7fffd8017c80) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402
#38 0x00007ffff32557ae in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fffd8017c80) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411
#39 0x00007ffff325445e in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fffd8017c80) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132
#40 0x00007ffff32557e5 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fffd8017c80) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423
#41 0x00007ffff3255893 in WebCore::HTMLDocumentParser::finish (this=0x7fffd8017c80) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#42 0x00007ffff33c1571 in WebCore::DocumentWriter::end (this=0x7fffd801ac20) at ../../Source/WebCore/loader/DocumentWriter.cpp:247
#43 0x00007ffff33acbd1 in WebCore::DocumentLoader::finishedLoading (this=0x7fffd801ab80, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441
#44 0x00007ffff33ac93a in WebCore::DocumentLoader::notifyFinished (this=0x7fffd801ab80, resource=0x7fffd803ca40) at ../../Source/WebCore/loader/DocumentLoader.cpp:375
#45 0x00007ffff3461090 in WebCore::CachedResource::checkNotify (this=0x7fffd803ca40) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293
#46 0x00007ffff346118e in WebCore::CachedResource::finishLoading (this=0x7fffd803ca40) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309
#47 0x00007ffff345d6f5 in WebCore::CachedRawResource::finishLoading (this=0x7fffd803ca40, data=0x7fffd9fc8330) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104
#48 0x00007ffff340feb9 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd8011000, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:364
#49 0x00007ffff340b7f3 in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd8011000, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:542
#50 0x00007ffff3dbe10f in WebCore::readCallback (asyncResult=0x7901f0, data=0x7fffd9fc4000) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1295
#51 0x00007fffeb27c7e6 in async_ready_callback_wrapper (source_object=0x7c72d0, res=0x7901f0, user_data=user_data@entry=0x7fffd9fc4000) at ginputstream.c:523
#52 0x00007fffeb2a20e5 in g_task_return_now (task=0x7901f0) at gtask.c:1077
#53 0x00007fffeb2a2109 in complete_in_idle_cb (task=0x7901f0) at gtask.c:1086
#54 0x00007fffea55aa1d in g_main_dispatch (context=0x478b00) at gmain.c:3064
#55 g_main_context_dispatch (context=context@entry=0x478b00) at gmain.c:3663
#56 0x00007fffea55ad88 in g_main_context_iterate (context=0x478b00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734
#57 0x00007fffea55b04a in g_main_loop_run (loop=0x901c90) at gmain.c:3928
#58 0x00007ffff44b7750 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#59 0x00007ffff29a854c in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd948) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#60 0x00007ffff29a83b1 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd948) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77
#61 0x00000000004008d1 in main (argc=2, argv=0x7fffffffd948) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Comment 1 Brent Fulgham 2016-08-04 16:56:29 PDT

I don't see an assertion with this test case, but it does seem to enter an endless loop in r204307.

Comment 2 Brent Fulgham 2016-08-04 17:01:15 PDT

We seem to enter an endless loop in WebCore::maxWordFragmentWidth, in the following code:

    while ((hyphenLocation = lastHyphenLocation(word, hyphenLocation, style.locale())) >= minimumPrefixLength)
        hyphenLocations.append(hyphenLocation);

The 'lastHyphenLocation' keeps returning 0, which is >= minimumPrefixLength (which is also zero), and we never get out of the loop.

This problem seems like it's been around for a few years.

Comment 3 Radar WebKit Bug Importer 2016-08-04 17:04:31 PDT

<rdar://problem/27710431>

Comment 4 Myles C. Maxfield 2018-01-16 11:28:03 PST

This appears to no longer happen in r226920