WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
155364
ASSERTION FAILED: layoutState->m_renderer == this in WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage
https://bugs.webkit.org/show_bug.cgi?id=155364
Summary
ASSERTION FAILED: layoutState->m_renderer == this in WebCore::RenderBlock::of...
Renata Hodovan
Reported
2016-03-11 09:13:44 PST
Created
attachment 273736
[details]
Test case Load the attached test with minibrowser: <!DOCTYPE html> <dl> <canvas>a</canvas> </dl> <style> * { -webkit-grid-column: grid_18 span/4 span grid_3; width: +40%; position:fixed; letter-spacing:-webkit-calc(373*73% /-webkit-calc(609)*650%)px; -webkit-flow-into:flow_3; } dl { -webkit-writing-mode:vertical-lr; } </style> OS: Mac OS X 10.11.1 (x86_64), x86_64 Checked build: ASAN debug Checked version: ecad464 Backtrace: ASSERTION FAILED: layoutState->m_renderer == this /Users/reni/work/WebKit/Source/WebCore/rendering/RenderBlock.cpp(3493) : virtual WebCore::LayoutUnit WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const 1 0x10bc20aa4 WTFCrash 2 0x11415e8e2 WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const 3 0x1142ca3f5 WebCore::RenderBox::containingBlockLogicalWidthForPositioned(WebCore::RenderBoxModelObject const*, WebCore::RenderRegion*, bool) const 4 0x1142cd48d WebCore::RenderBox::containingBlockLogicalHeightForPositioned(WebCore::RenderBoxModelObject const*, bool) const 5 0x1142cc60b WebCore::RenderBox::computeReplacedLogicalHeightUsing(WebCore::SizeType, WebCore::Length) const 6 0x1147fd6bb WebCore::RenderReplaced::computeReplacedLogicalHeight() const 7 0x1147fc39a WebCore::RenderReplaced::computeReplacedLogicalWidth(WebCore::ShouldComputePreferred) const 8 0x1142d073f WebCore::RenderBox::computePositionedLogicalWidthReplaced(WebCore::RenderBox::LogicalExtentComputedValues&) const 9 0x1142bb37c WebCore::RenderBox::computePositionedLogicalWidth(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderRegion*) const 10 0x1142b891f WebCore::RenderBox::computeLogicalWidthInRegion(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderRegion*) const 11 0x11412adb8 WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded(WebCore::RenderObject&) 12 0x11412b520 WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) 13 0x11412aa02 WebCore::RenderBlock::layoutPositionedObjects(bool, bool) 14 0x1141ce4a5 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x114123828 WebCore::RenderBlock::layout() 16 0x114432e1f WebCore::RenderFlowThread::layout() 17 0x114780eef WebCore::RenderNamedFlowThread::layout() 18 0x11113d16c WebCore::RenderElement::layoutIfNeeded() 19 0x111133c96 WebCore::FlowThreadController::layoutRenderNamedFlowThreads() 20 0x114b3321d WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 21 0x114b352b9 WebCore::RenderView::layout() 22 0x1114c7ca9 WebCore::FrameView::layout(bool) 23 0x110a13dd6 WebCore::Document::implicitClose() 24 0x111431019 WebCore::FrameLoader::checkCallImplicitClose() 25 0x111430afc WebCore::FrameLoader::checkCompleted() 26 0x11142d0c8 WebCore::FrameLoader::finishedParsing() 27 0x110a3705a WebCore::Document::finishedParsing() 28 0x1117eea66 WebCore::HTMLConstructionSite::finishedParsing() 29 0x111b1c29c WebCore::HTMLTreeBuilder::finished() 30 0x111866adc WebCore::HTMLDocumentParser::end() 31 0x111862cea WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() ASAN:SIGSEGV ================================================================= ==74681==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010bc20adc bp 0x7fff5d020c50 sp 0x7fff5d020c40 T0) #0 0x10bc20adb in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b16adb) #1 0x11415e8e1 in WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48488e1) #2 0x1142ca3f4 in WebCore::RenderBox::containingBlockLogicalWidthForPositioned(WebCore::RenderBoxModelObject const*, WebCore::RenderRegion*, bool) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x49b43f4) #3 0x1142cd48c in WebCore::RenderBox::containingBlockLogicalHeightForPositioned(WebCore::RenderBoxModelObject const*, bool) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x49b748c) #4 0x1142cc60a in WebCore::RenderBox::computeReplacedLogicalHeightUsing(WebCore::SizeType, WebCore::Length) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x49b660a) #5 0x1147fd6ba in WebCore::RenderReplaced::computeReplacedLogicalHeight() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4ee76ba) #6 0x1147fc399 in WebCore::RenderReplaced::computeReplacedLogicalWidth(WebCore::ShouldComputePreferred) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4ee6399) #7 0x1142d073e in WebCore::RenderBox::computePositionedLogicalWidthReplaced(WebCore::RenderBox::LogicalExtentComputedValues&) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x49ba73e) #8 0x1142bb37b in WebCore::RenderBox::computePositionedLogicalWidth(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderRegion*) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x49a537b) #9 0x1142b891e in WebCore::RenderBox::computeLogicalWidthInRegion(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderRegion*) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x49a291e) #10 0x11412adb7 in WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded(WebCore::RenderObject&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4814db7) #11 0x11412b51f in WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x481551f) #12 0x11412aa01 in WebCore::RenderBlock::layoutPositionedObjects(bool, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4814a01) #13 0x1141ce4a4 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x48b84a4) #14 0x114123827 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x480d827) #15 0x114432e1e in WebCore::RenderFlowThread::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4b1ce1e) #16 0x114780eee in WebCore::RenderNamedFlowThread::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4e6aeee) #17 0x11113d16b in WebCore::RenderElement::layoutIfNeeded() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x182716b) #18 0x111133c95 in WebCore::FlowThreadController::layoutRenderNamedFlowThreads() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x181dc95) #19 0x114b3321c in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x521d21c) #20 0x114b352b8 in WebCore::RenderView::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x521f2b8) #21 0x1114c7ca8 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bb1ca8) #22 0x110a13dd5 in WebCore::Document::implicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x10fddd5) #23 0x111431018 in WebCore::FrameLoader::checkCallImplicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b1b018) #24 0x111430afb in WebCore::FrameLoader::checkCompleted() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b1aafb) #25 0x11142d0c7 in WebCore::FrameLoader::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b170c7) #26 0x110a37059 in WebCore::Document::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1121059) #27 0x1117eea65 in WebCore::HTMLConstructionSite::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ed8a65) #28 0x111b1c29b in WebCore::HTMLTreeBuilder::finished() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x220629b) #29 0x111866adb in WebCore::HTMLDocumentParser::end() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f50adb) #30 0x111862ce9 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f4cce9) #31 0x111862958 in WebCore::HTMLDocumentParser::prepareToStopParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f4c958) #32 0x111866b7d in WebCore::HTMLDocumentParser::attemptToEnd() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f50b7d) #33 0x111866bd7 in WebCore::HTMLDocumentParser::finish() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f50bd7) #34 0x110bf28af in WebCore::DocumentWriter::end() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12dc8af) #35 0x110b4515c in WebCore::DocumentLoader::finishedLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122f15c) #36 0x110b44c6a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122ec6a) #37 0x10ff22856 in WebCore::CachedResource::checkNotify() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60c856) #38 0x10ff22a43 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ca43) #39 0x10ff18ddc in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x602ddc) #40 0x1155a68f0 in WebCore::SubresourceLoader::didFinishLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5c908f0) #41 0x1047029ac in WebKit::WebResourceLoader::didFinishResourceLoad(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b159ac) #42 0x104716d42 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b29d42) #43 0x1047169c1 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b299c1) #44 0x104712d7e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b25d7e) #45 0x10470fdfd in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b22dfd) #46 0x103484912 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x897912) #47 0x102dc10d0 in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d40d0) #48 0x102da8631 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1bb631) #49 0x102dc1ec0 in IPC::Connection::dispatchOneMessage() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d4ec0) #50 0x102df160c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x20460c) #51 0x102df15dc in void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2045dc) #52 0x102df13fb in std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2043fb) #53 0x10aa6544a in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x195b44a) #54 0x10bcf92dd in WTF::RunLoop::performWork() (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bef2dd) #55 0x10bcfa249 in WTF::RunLoop::performWork(void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bf0249) #56 0x7fff888498b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0) #57 0x7fff888290ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab) #58 0x7fff888285ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce) #59 0x7fff88827fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #60 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54) #61 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e) #62 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce) #63 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95) #64 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4) #65 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27) #66 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd) #67 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1) #68 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d) #69 0x102bd61cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb) #70 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #71 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash ==74681==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 74681) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test case
(306 bytes, text/html)
2016-03-11 09:13 PST
,
Renata Hodovan
no flags
Details
Test reduction
(180 bytes, text/html)
2016-11-30 09:33 PST
,
alan
no flags
Details
Patch
(7.72 KB, patch)
2016-11-30 14:35 PST
,
alan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Brent Fulgham
Comment 1
2016-08-05 09:33:35 PDT
This reproduces in
r204037
.
Radar WebKit Bug Importer
Comment 2
2016-08-05 09:34:04 PDT
<
rdar://problem/27720461
>
alan
Comment 3
2016-11-30 09:33:38 PST
Created
attachment 295725
[details]
Test reduction
alan
Comment 4
2016-11-30 14:35:45 PST
Created
attachment 295773
[details]
Patch
Brent Fulgham
Comment 5
2016-11-30 14:56:32 PST
Comment on
attachment 295773
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=295773&action=review
> Source/WebCore/rendering/RenderBox.cpp:3148 > + break;
So these two lines are the only meaningful difference in this patch! :-)
Dave Hyatt
Comment 6
2016-11-30 14:57:56 PST
Comment on
attachment 295773
[details]
Patch r=me
WebKit Commit Bot
Comment 7
2016-11-30 15:13:05 PST
Comment on
attachment 295773
[details]
Patch Clearing flags on attachment: 295773 Committed
r209158
: <
http://trac.webkit.org/changeset/209158
>
WebKit Commit Bot
Comment 8
2016-11-30 15:13:11 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug