Bug 146349 - ASSERTION FAILED: number >= 1 && number <= 99999999 in WebCore::toArmenian
Summary: ASSERTION FAILED: number >= 1 && number <= 99999999 in WebCore::toArmenian
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Renata Hodovan
URL:
Keywords: InRadar
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2015-06-26 10:18 PDT by Renata Hodovan
Modified: 2022-03-16 14:13 PDT (History)
4 users (show)

See Also:

Attachments
Test case (94 bytes, text/html)
2015-06-26 10:18 PDT, Renata Hodovan 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2015-06-26 10:18:38 PDT 
Created attachment 255645 [details]
Test case

Load this with debug WebKit:

<!DOCTYPE html>
<style>
li {
    list-style: upper-armenian;
}
</style>
<li value="666666666">


Backtrace:


ASSERTION FAILED: number >= 1 && number <= 99999999
../../Source/WebCore/rendering/RenderListMarker.cpp(265) : void WebCore::toArmenian(WTF::StringBuilder&, int, bool)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8cdfb700 (LWP 10055)]
0x00007fffed3c5538 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007fffed3c5538 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff349ae38 in WebCore::toArmenian (builder=..., number=666666666, upper=true) at ../../Source/WebCore/rendering/RenderListMarker.cpp:265
#2  0x00007ffff349bef0 in WebCore::listMarkerText (type=WebCore::UpperArmenian, value=666666666)
    at ../../Source/WebCore/rendering/RenderListMarker.cpp:1104
#3  0x00007ffff349dec1 in WebCore::RenderListMarker::updateContent (this=0x7fffd3fa33f0) at ../../Source/WebCore/rendering/RenderListMarker.cpp:1521
#4  0x00007ffff349dc94 in WebCore::RenderListMarker::updateMarginsAndContent (this=0x7fffd3fa33f0)
    at ../../Source/WebCore/rendering/RenderListMarker.cpp:1411
#5  0x00007ffff3498c16 in WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded (this=0x7fffd3fe84e0)
    at ../../Source/WebCore/rendering/RenderListItem.cpp:297
#6  0x00007ffff3498d20 in WebCore::RenderListItem::layout (this=0x7fffd3fe84e0) at ../../Source/WebCore/rendering/RenderListItem.cpp:310
#7  0x00007ffff335ffb4 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd3fd12e0, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#8  0x00007ffff335faf3 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd3fd12e0, relayoutChildren=true, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#9  0x00007ffff335ef5b in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd3fd12e0, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#10 0x00007ffff333317a in WebCore::RenderBlock::layout (this=0x7fffd3fd12e0) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#11 0x00007ffff335ffb4 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd3fd1228, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#12 0x00007ffff335faf3 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd3fd1228, relayoutChildren=true, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#13 0x00007ffff335ef5b in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd3fd1228, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#14 0x00007ffff333317a in WebCore::RenderBlock::layout (this=0x7fffd3fd1228) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#15 0x00007ffff335ffb4 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd37e7228, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#16 0x00007ffff335faf3 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd37e7228, relayoutChildren=true, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#17 0x00007ffff335ef5b in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd37e7228, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#18 0x00007ffff333317a in WebCore::RenderBlock::layout (this=0x7fffd37e7228) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#19 0x00007ffff3538a2b in WebCore::RenderView::layoutContent (this=0x7fffd37e7228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232
#20 0x00007ffff353911e in WebCore::RenderView::layout (this=0x7fffd37e7228) at ../../Source/WebCore/rendering/RenderView.cpp:357
#21 0x00007ffff311bbc0 in WebCore::FrameView::layout (this=0x7fffd2017880, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1335
#22 0x00007ffff2b9f20c in WebCore::Document::implicitClose (this=0x7fffd204a340) at ../../Source/WebCore/dom/Document.cpp:2626
#23 0x00007ffff2fdf981 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7fffd37ee098) at ../../Source/WebCore/loader/FrameLoader.cpp:889
#24 0x00007ffff2fdf6b8 in WebCore::FrameLoader::checkCompleted (this=0x7fffd37ee098) at ../../Source/WebCore/loader/FrameLoader.cpp:835
#25 0x00007ffff2fdf3ff in WebCore::FrameLoader::finishedParsing (this=0x7fffd37ee098) at ../../Source/WebCore/loader/FrameLoader.cpp:755
#26 0x00007ffff2ba8f24 in WebCore::Document::finishedParsing (this=0x7fffd204a340) at ../../Source/WebCore/dom/Document.cpp:4807
#27 0x00007ffff3e5860b in WebCore::HTMLConstructionSite::finishedParsing (this=0x7fffd37fe6e0)
    at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404
#28 0x00007ffff2ee0afe in WebCore::HTMLTreeBuilder::finished (this=0x7fffd37fe6c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2940
#29 0x00007ffff2eb1218 in WebCore::HTMLDocumentParser::end (this=0x7fffd2018540) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402
#30 0x00007ffff2eb12f1 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fffd2018540)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411
#31 0x00007ffff2eafed3 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fffd2018540)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132
#32 0x00007ffff2eb1334 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fffd2018540)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423
#33 0x00007ffff2eb13eb in WebCore::HTMLDocumentParser::finish (this=0x7fffd2018540) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#34 0x00007ffff2fce8b6 in WebCore::DocumentWriter::end (this=0x7fffd201bda0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247
#35 0x00007ffff2fb85e2 in WebCore::DocumentLoader::finishedLoading (this=0x7fffd201bd00, finishTime=0)
    at ../../Source/WebCore/loader/DocumentLoader.cpp:430
#36 0x00007ffff2fb8340 in WebCore::DocumentLoader::notifyFinished (this=0x7fffd201bd00, resource=0x7fffd2029cc0)
    at ../../Source/WebCore/loader/DocumentLoader.cpp:377
#37 0x00007ffff305edbf in WebCore::CachedResource::checkNotify (this=0x7fffd2029cc0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297
#38 0x00007ffff305eece in WebCore::CachedResource::finishLoading (this=0x7fffd2029cc0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313
#39 0x00007ffff305b112 in WebCore::CachedRawResource::finishLoading (this=0x7fffd2029cc0, data=0x7fffd3ffed40)
    at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#40 0x00007ffff30235aa in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd2038800, finishTime=0)
    at ../../Source/WebCore/loader/SubresourceLoader.cpp:371
#41 0x00007ffff301e9bd in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd2038800, finishTime=0)
    at ../../Source/WebCore/loader/ResourceLoader.cpp:598
#42 0x00007ffff3800848 in WebCore::readCallback (asyncResult=0x551210, data=0x7fffd3fc6aa0)
    at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1339
#43 0x00007fffe9c8a3b6 in async_ready_callback_wrapper (source_object=0x4c99b0, res=0x551210, user_data=0x7fffd3fc6aa0) at ginputstream.c:523
#44 0x00007fffe9cb0984 in g_task_return_now (task=0x551210) at gtask.c:1077
#45 0x00007fffe9cb09a9 in complete_in_idle_cb (task=0x551210) at gtask.c:1086
#46 0x00007fffe96e8add in g_main_dispatch (context=0x4c2f70) at gmain.c:3064
#47 g_main_context_dispatch (context=context@entry=0x4c2f70) at gmain.c:3663
#48 0x00007fffeb030828 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=0x7fffffffd4a0, wfds=0x7fffffffd420, rfds=0x7fffffffd3a0, 
    ecore_fds=<optimized out>, ctx=<optimized out>) at lib/ecore/ecore_glib.c:172
#49 _ecore_glib_select (ecore_fds=<optimized out>, rfds=0x7fffffffd3a0, wfds=0x7fffffffd420, efds=0x7fffffffd4a0, ecore_timeout=<optimized out>)
    at lib/ecore/ecore_glib.c:204
#50 0x00007fffeb033d0b in _ecore_main_select (timeout=9.532824124368238e-130) at lib/ecore/ecore_main.c:1456
#51 0x00007fffeb0346ac in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1882
#52 0x00007fffeb034797 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:982
#53 0x00007ffff4475b85 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#54 0x00007ffff2993549 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd8d8)
    at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#55 0x00007ffff2993158 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd8d8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#56 0x00000000004008da in main (argc=2, argv=0x7fffffffd8d8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Comment 1 Brent Fulgham 2016-08-04 17:07:11 PDT 
Reproduces in r204307.
Comment 2 Radar WebKit Bug Importer 2016-08-04 17:07:41 PDT 
<rdar://problem/27710489>
Comment 3 Darin Adler 2022-03-16 14:13:46 PDT 
Iā€™d be surprised if this still reproduces after https://commits.webkit.org/238975@main