WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
155363
ASSERTION FAILED: !view().layoutStateEnabled() || style().styleType() == FIRST_LETTER in WebCore::RenderInline::clippedOverflowRectForRepaint
https://bugs.webkit.org/show_bug.cgi?id=155363
Summary
ASSERTION FAILED: !view().layoutStateEnabled() || style().styleType() == FIRS...
Renata Hodovan
Reported
2016-03-11 08:27:32 PST
Created
attachment 273735
[details]
Test case Load the attached test with minibrowser: <!DOCTYPE html> <style> * { overflow-x: scroll; will-change:transform; } .class_0 { mix-blend-mode:exclusion; } </style> </head> <command class="class_0"> OS: Mac OS X 10.11.1 (x86_64), x86_64 Checked build: ASAN debug Checked version: ecad464 Backtrace: ASSERTION FAILED: !view().layoutStateEnabled() || style().styleType() == FIRST_LETTER /Users/reni/work/WebKit/Source/WebCore/rendering/RenderInline.cpp(1208) : virtual WebCore::LayoutRect WebCore::RenderInline::clippedOverflowRectForRepaint(const WebCore::RenderLayerModelObject *) const 1 0x10dea1aa4 WTFCrash 2 0x1167a1ff3 WebCore::RenderInline::clippedOverflowRectForRepaint(WebCore::RenderLayerModelObject const*) const 3 0x1168376ea WebCore::RenderLayer::repaintIncludingNonCompositingDescendants(WebCore::RenderLayerModelObject*) 4 0x1168378c9 WebCore::RenderLayer::repaintIncludingNonCompositingDescendants(WebCore::RenderLayerModelObject*) 5 0x1168da47f WebCore::RenderLayerCompositor::repaintOnCompositingChange(WebCore::RenderLayer&) 6 0x1168d80e3 WebCore::RenderLayerCompositor::updateBacking(WebCore::RenderLayer&, WebCore::RenderLayerCompositor::CompositingChangeRepaint, WebCore::RenderLayerCompositor::BackingRequired) 7 0x1168d79d8 WebCore::RenderLayerCompositor::updateLayerCompositingState(WebCore::RenderLayer&, WebCore::RenderLayerCompositor::CompositingChangeRepaint) 8 0x1167fd1f9 WebCore::RenderLayer::updateScrollInfoAfterLayout() 9 0x1163aa50c WebCore::RenderBlock::updateScrollInfoAfterLayout() 10 0x11645582a WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 11 0x1163aa828 WebCore::RenderBlock::layout() 12 0x11645f7c3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 13 0x116457f2f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 14 0x116454445 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x1163aa828 WebCore::RenderBlock::layout() 16 0x11645f7c3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x116457f2f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 18 0x116454445 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x1163aa828 WebCore::RenderBlock::layout() 20 0x116dba1f6 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 21 0x116dbc2b9 WebCore::RenderView::layout() 22 0x11374eca9 WebCore::FrameView::layout(bool) 23 0x112c9add6 WebCore::Document::implicitClose() 24 0x1136b8019 WebCore::FrameLoader::checkCallImplicitClose() 25 0x1136b7afc WebCore::FrameLoader::checkCompleted() 26 0x1136b40c8 WebCore::FrameLoader::finishedParsing() 27 0x112cbe05a WebCore::Document::finishedParsing() 28 0x113a75a66 WebCore::HTMLConstructionSite::finishedParsing() 29 0x113da329c WebCore::HTMLTreeBuilder::finished() 30 0x113aedadc WebCore::HTMLDocumentParser::end() 31 0x113ae9cea WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() ASAN:SIGSEGV ================================================================= ==88424==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010dea1adc bp 0x7fff5ada9a50 sp 0x7fff5ada9a40 T0) #0 0x10dea1adb in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b16adb) #1 0x1167a1ff2 in WebCore::RenderInline::clippedOverflowRectForRepaint(WebCore::RenderLayerModelObject const*) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c04ff2) #2 0x1168376e9 in WebCore::RenderLayer::repaintIncludingNonCompositingDescendants(WebCore::RenderLayerModelObject*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c9a6e9) #3 0x1168378c8 in WebCore::RenderLayer::repaintIncludingNonCompositingDescendants(WebCore::RenderLayerModelObject*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c9a8c8) #4 0x1168da47e in WebCore::RenderLayerCompositor::repaintOnCompositingChange(WebCore::RenderLayer&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d3d47e) #5 0x1168d80e2 in WebCore::RenderLayerCompositor::updateBacking(WebCore::RenderLayer&, WebCore::RenderLayerCompositor::CompositingChangeRepaint, WebCore::RenderLayerCompositor::BackingRequired) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d3b0e2) #6 0x1168d79d7 in WebCore::RenderLayerCompositor::updateLayerCompositingState(WebCore::RenderLayer&, WebCore::RenderLayerCompositor::CompositingChangeRepaint) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d3a9d7) #7 0x1167fd1f8 in WebCore::RenderLayer::updateScrollInfoAfterLayout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c601f8) #8 0x1163aa50b in WebCore::RenderBlock::updateScrollInfoAfterLayout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x480d50b) #9 0x116455829 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48b8829) #10 0x1163aa827 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x480d827) #11 0x11645f7c2 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48c27c2) #12 0x116457f2e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48baf2e) #13 0x116454444 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48b7444) #14 0x1163aa827 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x480d827) #15 0x11645f7c2 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48c27c2) #16 0x116457f2e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48baf2e) #17 0x116454444 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48b7444) #18 0x1163aa827 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x480d827) #19 0x116dba1f5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x521d1f5) #20 0x116dbc2b8 in WebCore::RenderView::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x521f2b8) #21 0x11374eca8 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bb1ca8) #22 0x112c9add5 in WebCore::Document::implicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x10fddd5) #23 0x1136b8018 in WebCore::FrameLoader::checkCallImplicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b1b018) #24 0x1136b7afb in WebCore::FrameLoader::checkCompleted() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b1aafb) #25 0x1136b40c7 in WebCore::FrameLoader::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b170c7) #26 0x112cbe059 in WebCore::Document::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1121059) #27 0x113a75a65 in WebCore::HTMLConstructionSite::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ed8a65) #28 0x113da329b in WebCore::HTMLTreeBuilder::finished() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x220629b) #29 0x113aedadb in WebCore::HTMLDocumentParser::end() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f50adb) #30 0x113ae9ce9 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f4cce9) #31 0x113ae9958 in WebCore::HTMLDocumentParser::prepareToStopParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f4c958) #32 0x113aedb7d in WebCore::HTMLDocumentParser::attemptToEnd() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f50b7d) #33 0x113aedbd7 in WebCore::HTMLDocumentParser::finish() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f50bd7) #34 0x112e798af in WebCore::DocumentWriter::end() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12dc8af) #35 0x112dcc15c in WebCore::DocumentLoader::finishedLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122f15c) #36 0x112dcbc6a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122ec6a) #37 0x1121a9856 in WebCore::CachedResource::checkNotify() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60c856) #38 0x1121a9a43 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ca43) #39 0x11219fddc in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x602ddc) #40 0x11782d8f0 in WebCore::SubresourceLoader::didFinishLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5c908f0) #41 0x10697b9ac in WebKit::WebResourceLoader::didFinishResourceLoad(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b159ac) #42 0x10698fd42 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b29d42) #43 0x10698f9c1 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b299c1) #44 0x10698bd7e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b25d7e) #45 0x106988dfd in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b22dfd) #46 0x1056fd912 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x897912) #47 0x10503a0d0 in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d40d0) #48 0x105021631 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1bb631) #49 0x10503aec0 in IPC::Connection::dispatchOneMessage() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d4ec0) #50 0x10506a60c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x20460c) #51 0x10506a5dc in void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2045dc) #52 0x10506a3fb in std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2043fb) #53 0x10cce644a in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x195b44a) #54 0x10df7a2dd in WTF::RunLoop::performWork() (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bef2dd) #55 0x10df7b249 in WTF::RunLoop::performWork(void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bf0249) #56 0x7fff888498b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0) #57 0x7fff888290ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab) #58 0x7fff888285ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce) #59 0x7fff88827fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #60 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54) #61 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e) #62 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce) #63 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95) #64 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4) #65 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27) #66 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd) #67 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1) #68 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d) #69 0x104e4d1cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb) #70 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #71 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash ==88424==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 88424) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test case
(168 bytes, text/html)
2016-03-11 08:27 PST
,
Renata Hodovan
no flags
Details
Patch
(3.97 KB, patch)
2016-08-23 16:27 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Patch
(3.94 KB, patch)
2016-08-23 18:51 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Patch
(3.94 KB, patch)
2016-08-23 18:52 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Brent Fulgham
Comment 1
2016-08-05 09:32:14 PDT
This reproduces in
r204037
.
Radar WebKit Bug Importer
Comment 2
2016-08-05 09:32:39 PDT
<
rdar://problem/27720434
>
zalan
Comment 3
2016-08-23 16:27:38 PDT
Created
attachment 286805
[details]
Patch
Dave Hyatt
Comment 4
2016-08-23 16:29:42 PDT
Comment on
attachment 286805
[details]
Patch r=me
zalan
Comment 5
2016-08-23 18:51:05 PDT
Created
attachment 286816
[details]
Patch
zalan
Comment 6
2016-08-23 18:52:26 PDT
Created
attachment 286817
[details]
Patch
WebKit Commit Bot
Comment 7
2016-08-23 19:25:10 PDT
Comment on
attachment 286817
[details]
Patch Clearing flags on attachment: 286817 Committed
r204880
: <
http://trac.webkit.org/changeset/204880
>
WebKit Commit Bot
Comment 8
2016-08-23 19:25:12 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug