Created attachment 265055 [details] Test Load the attached test with debug MiniBrowser: <style> * { transform: perspective(0.1mm) translate(-2461%,0) translateY(0.3vh) skewX(180deg) translate3d( 489%,2892pt,-5596vmax); top: -4707rem; position: absolute; } </style> <u> <i> <q> <u> <textarea></textarea> </u> </q> </i> </u> OS: Ubuntu 14.10 x86_64 Checked build: debug EFL Checked version: 9fa8210 Backtrace: ASSERTION FAILED: !std::isnan(f) ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp(682) : float WebCore::clampEdgeValue(float) 1 0x7fddf43e7e17 WTFCrash 2 0x7fddfac4b590 3 0x7fddfac4b7ec WebCore::TransformationMatrix::clampedBoundsOfProjectedQuad(WebCore::FloatQuad const&) const 4 0x7fddfb176548 WebCore::CoordinatedGraphicsLayer::transformedVisibleRect() 5 0x7fddfb176bd4 WebCore::CoordinatedGraphicsLayer::updateContentBuffers() 6 0x7fddfb176a22 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 7 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 8 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 9 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 10 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 11 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 12 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 13 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 14 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 15 0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() 16 0x7fddfb169275 WebCore::CompositingCoordinator::flushPendingLayerChanges() 17 0x7fddfa293d56 WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush() 18 0x7fddfa293e0e WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired() 19 0x7fddfa295657 void std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const 20 0x7fddfa295509 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) 21 0x7fddfa295381 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() 22 0x7fddfa2950da std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) 23 0x7fddf9cf8ac2 std::function<void ()>::operator()() const 24 0x7fddf9da52da WebCore::Timer::fired() 25 0x7fddfab9ca0d WebCore::ThreadTimers::sharedTimerFiredInternal() 26 0x7fddfab9c5fb 27 0x7fddfab9cc1e 28 0x7fddf9cf8ac2 std::function<void ()>::operator()() const 29 0x7fddfb930063 WebCore::MainThreadSharedTimer::fired() 30 0x7fddfbb3e10e 31 0x7fddf275dfde Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fddf43e7e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fddf43e7e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007fddfac4b590 in WebCore::clampEdgeValue (f=-nan(0x400000)) at ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp:682 #2 0x00007fddfac4b7ec in WebCore::TransformationMatrix::clampedBoundsOfProjectedQuad (this=0x7fdde2450620, q=...) at ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp:703 #3 0x00007fddfb176548 in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect (this=0x7fdde244ff80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:917 #4 0x00007fddfb176bd4 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x7fdde244ff80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:995 #5 0x00007fddfb176a22 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244ff80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:967 #6 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244f740) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #7 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244ef00) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #8 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244e6c0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #9 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244de80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #10 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244d640) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #11 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde242f080) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #12 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde242e840) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #13 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde242e000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #14 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde241d140) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970 #15 0x00007fddfb169275 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7fdde26e1000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:99 #16 0x00007fddfa293d56 in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7fdde27e0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:212 #17 0x00007fddfa293e0e in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7fdde27e0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:227 #18 0x00007fddfa295657 in std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const (this=0xec8eb0, __object=0x7fdde27e0210) at /usr/include/c++/4.9/functional:569 #19 0x00007fddfa295509 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0xec8eb0, __args=<unknown type in /home/renifuzz/data/REPOS/fuzztargets/webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x10384fe3, DIE 0x104f431c>) at /usr/include/c++/4.9/functional:1264 #20 0x00007fddfa295381 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() (this=0xec8eb0) at /usr/include/c++/4.9/functional:1323 #21 0x00007fddfa2950da in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.9/functional:2039 #22 0x00007fddf9cf8ac2 in std::function<void ()>::operator()() const (this=0x7fdde27e0280) at /usr/include/c++/4.9/functional:2439 #23 0x00007fddf9da52da in WebCore::Timer::fired (this=0x7fdde27e0248) at ../../Source/WebCore/platform/Timer.h:133 #24 0x00007fddfab9ca0d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fdde27d4230) at ../../Source/WebCore/platform/ThreadTimers.cpp:121 #25 0x00007fddfab9c5fb in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0xec7530) at ../../Source/WebCore/platform/ThreadTimers.cpp:73 #26 0x00007fddfab9cc1e in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039 #27 0x00007fddf9cf8ac2 in std::function<void ()>::operator()() const (this=0x7fddffa619e8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at /usr/include/c++/4.9/functional:2439 #28 0x00007fddfb930063 in WebCore::MainThreadSharedTimer::fired (this=0x7fddffa619e0 <WebCore::MainThreadSharedTimer::singleton()::instance>) at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52 #29 0x00007fddfbb3e10e in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44 #30 0x00007fddf275dfde in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336 #31 _ecore_timer_expired_call (when=11169.473828386001) at lib/ecore/ecore_timer.c:733 #32 0x00007fddf275e12b in _ecore_timer_expired_timers_call (when=11169.473828386001) at lib/ecore/ecore_timer.c:686 #33 0x00007fddf2759e01 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1812 #34 0x00007fddf275a287 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983 #35 0x00007fddf4442d03 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #36 0x00007fddfa298fad in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffd996540c8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #37 0x00007fddfa298bbb in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffd996540c8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #38 0x00000000004008fa in main (argc=2, argv=0x7ffd996540c8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44