WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
146646
Crash: LayoutState root's container is nullptr when the layout root is detached.
https://bugs.webkit.org/show_bug.cgi?id=146646
Summary
Crash: LayoutState root's container is nullptr when the layout root is detached.
alan
Reported
2015-07-06 10:55:56 PDT
0 WebCore 0x0000000196cb5f74 WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const&, unsigned int, bool*) const + 64 (RenderObject.cpp:1587) 1 WebCore 0x0000000196b0b0d0 WebCore::LayoutState::LayoutState(WebCore::RenderObject&) + 96 (LayoutState.cpp:140) 2 WebCore 0x0000000196b0b0d0 WebCore::LayoutState::LayoutState(WebCore::RenderObject&) + 96 (LayoutState.cpp:140) 3 WebCore 0x0000000196d1a074 WebCore::RenderView::pushLayoutState(WebCore::RenderObject&) + 40 (StdLibExtras.h:337) 4 WebCore 0x00000001961b181c WebCore::FrameView::layout(bool) + 716 (FrameView.cpp:1307) 5 WebCore 0x00000001962550e8 WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) + 204 (RenderFrameBase.cpp:63) 6 WebCore 0x000000019624a324 WebCore::RenderIFrame::layout() + 76 (RenderIFrame.cpp:105) 7 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 8 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 9 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 10 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 11 WebCore 0x0000000196c28fcc WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 948 (RenderElement.h:134) 12 WebCore 0x0000000196c145a0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 936 (RenderBlockFlow.cpp:651) 13 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 14 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 15 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 16 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 17 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 18 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 19 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 20 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 21 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 22 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 23 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 24 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 25 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 26 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 27 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 28 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 29 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 30 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 31 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 32 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 33 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 34 WebCore 0x0000000196c16228 WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) + 280 (RenderElement.h:134) 35 WebCore 0x0000000196b17b24 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) + 448 (LineBreaker.cpp:69) 36 WebCore 0x0000000196b17ce8 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) + 204 (LineBreaker.cpp:90) 37 WebCore 0x0000000196c26f58 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 572 (RenderBlockLineLayout.cpp:1248) 38 WebCore 0x0000000196c25b94 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 800 (RenderBlockLineLayout.cpp:1202) 39 WebCore 0x0000000196c29414 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 2044 (RenderBlockLineLayout.cpp:1612) 40 WebCore 0x0000000196c145a0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 936 (RenderBlockFlow.cpp:651) 41 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 42 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 43 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 44 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 45 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 46 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 47 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 48 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 49 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 50 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 51 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 52 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 53 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 54 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709) 55 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632) 56 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485) 57 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926) 58 WebCore 0x00000001961b3ad8 WebCore::RenderView::layout() + 924 (RenderView.cpp:232) 59 WebCore 0x00000001961b20bc WebCore::FrameView::layout(bool) + 2924 (FrameView.cpp:1319) 60 WebCore 0x00000001964a15f8 WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element&, WebCore::DimensionsCheck) + 1360 (Document.cpp:1997) 61 WebCore 0x000000019621ba38 WebCore::Element::offsetWidth() + 36 (Element.cpp:747) 62 WebCore 0x00000001968570a4 WebCore::jsElementOffsetWidth(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) + 44 (JSElement.cpp:856) 63 JavaScriptCore 0x00000001858214bc llint_slow_path_get_by_id + 2072 (PropertySlot.h:256) 64 JavaScriptCore 0x0000000185c3696c llint_entry + 9884 65 JavaScriptCore 0x0000000185c39e38 llint_entry + 23400 66 JavaScriptCore 0x0000000185c39e9c llint_entry + 23500 67 JavaScriptCore 0x0000000185c39e9c llint_entry + 23500 68 ??? 0x000000017d55b9bc 0 + 6397737404 69 ??? 0x000000017cb32218 0 + 6387081752 70 JavaScriptCore 0x0000000185c340b4 vmEntryToJavaScript + 308 71 JavaScriptCore 0x0000000185b6b63c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 188 (JITCode.cpp:77) 72 JavaScriptCore 0x000000018582d1b4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 396 (Interpreter.cpp:962) 73 JavaScriptCore 0x0000000185934f40 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 76 (CallData.cpp:39) 74 WebCore 0x00000001962a4ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 860 (JSMainThreadExecState.h:56) 75 WebCore 0x0000000196562b54 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 748 (EventTarget.cpp:256) 76 WebCore 0x00000001961a83bc WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 324 (EventTarget.cpp:208) 77 WebCore 0x00000001961c6350 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 292 (DOMWindow.cpp:1901) 78 WebCore 0x00000001961caf7c WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 656 (FrameLoader.cpp:451) 79 WebCore 0x00000001965d0618 WebCore::FrameLoader::detachFromParent() + 128 (FrameLoader.cpp:535) 80 WebCore 0x00000001961a1ba8 WebCore::FrameLoader::detachChildren() + 192 (FrameLoader.cpp:2396) 81 WebCore 0x00000001961a1a4c WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader*) + 44 (FrameLoader.cpp:1658) 82 WebCore 0x00000001965cfd64 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 236 (FrameLoader.cpp:1883) 83 WebCore 0x00000001961a0f74 WebCore::FrameLoader::commitProvisionalLoad() + 444 (FrameLoader.cpp:1770) 84 WebCore 0x00000001961ca6c8 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:356) 85 WebCore 0x00000001961be780 WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient*) + 792 (CachedRawResource.cpp:146) 86 WebCore 0x000000019613354c WebCore::ThreadTimers::sharedTimerFiredInternal() + 144 (ThreadTimers.cpp:132) 87 WebCore 0x000000019613348c WebCore::timerFired(__CFRunLoopTimer*, void*) + 32 (SharedTimerCF.cpp:82) 88 CoreFoundation 0x0000000184194720 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 24 (CFRunLoop.c:1632) 89 CoreFoundation 0x00000001841943c4 __CFRunLoopDoTimer + 880 (CFRunLoop.c:2171) 90 CoreFoundation 0x0000000184191aac __CFRunLoopRun + 1516 (CFRunLoop.c:2310) 91 CoreFoundation 0x00000001840bd0bc CFRunLoopRunSpecific + 380 (CFRunLoop.c:2818) 92 Foundation 0x0000000185058e8c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:366) 93 Foundation 0x00000001850ae724 -[NSRunLoop(NSRunLoop) run] + 84 (NSRunLoop.m:388) 94 libxpc.dylib 0x0000000199c4d298 _xpc_objc_main + 656 (main.m:176) 95 libxpc.dylib 0x0000000199c4efa8 xpc_main + 196 (init.c:1424) 96 com.apple.WebKit.WebContent 0x0000000100017920 main + 52 (XPCServiceMain.mm:89) 97 libdyld.dylib 0x0000000199a329e4 start + 0 (start_glue.s:78)
Attachments
Patch
(4.13 KB, patch)
2015-07-06 11:03 PDT
,
alan
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
alan
Comment 1
2015-07-06 10:56:43 PDT
rdar://problem/21371544
alan
Comment 2
2015-07-06 11:03:33 PDT
Created
attachment 256223
[details]
Patch
WebKit Commit Bot
Comment 3
2015-07-06 12:38:34 PDT
Comment on
attachment 256223
[details]
Patch Clearing flags on attachment: 256223 Committed
r186366
: <
http://trac.webkit.org/changeset/186366
>
WebKit Commit Bot
Comment 4
2015-07-06 12:38:38 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug