WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
155640
ASSERTION FAILED: rendererHasOutlineAutoAncestor || renderer->outlineStyleForRepaint().outlineStyleIsAuto() || (is<RenderElement>(*renderer) && downcast<RenderElement>(*renderer).hasContinuation()) in WebCore::RenderObject::propagateRepaintToParentWithOut
https://bugs.webkit.org/show_bug.cgi?id=155640
Summary
ASSERTION FAILED: rendererHasOutlineAutoAncestor || renderer->outlineStyleFor...
Renata Hodovan
Reported
2016-03-18 09:01:52 PDT
Created
attachment 274416
[details]
Test case Load the attached test with MiniBrowser: <!DOCTYPE html> <script> window.onload = function() { document.execCommand('selectAll') child = document.createElement('frame') parent = document.getElementById('id_3') parent.appendChild(child) } </script> <style> h3 { outline: auto } </style> <h3> <a> <animateMotion> <metadata id="id_3"></metadata> a </animateMotion> </a> </h3> OS: Mac OS X 10.11.1 (x86_64), x86_64 Checked build: ASAN debug Checked version: 5e169ea Backtrace: "ASSERTION FAILED: rendererHasOutlineAutoAncestor || renderer->outlineStyleForRepaint().outlineStyleIsAuto() || (is<RenderElement>(*renderer) && downcast<RenderElement>(*renderer).hasContinuation()) /Users/reni/work/WebKit/Source/WebCore/rendering/RenderObject.cpp(902) : void WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded(const WebCore::RenderLayerModelObject &, const WebCore::LayoutRect &) const 1 0x10df4b0d4 WTFCrash 2 0x116b2d867 WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded(WebCore::RenderLayerModelObject const&, WebCore::LayoutRect const&) const 3 0x116b2edde WebCore::RenderObject::repaintUsingContainer(WebCore::RenderLayerModelObject const*, WebCore::LayoutRect const&, bool) const 4 0x116ba400a WebCore::RenderSelectionInfoBase::repaintRectangle(WebCore::LayoutRect const&) 5 0x116ba487a WebCore::RenderSelectionInfo::repaint() 6 0x116eb3f18 WebCore::RenderView::applySubtreeSelection(WebCore::SelectionSubtreeRoot const&, WebCore::RenderView::SelectionRepaintMode, WebCore::SelectionSubtreeRoot::OldSelectionData const&) 7 0x116eb00d4 WebCore::RenderView::updateSelectionForSubtrees(WTF::HashMap<WebCore::SelectionSubtreeRoot*, WebCore::SelectionSubtreeRoot::SelectionSubtreeData, WTF::PtrHash<WebCore::SelectionSubtreeRoot*>, WTF::HashTraits<WebCore::SelectionSubtreeRoot*>, WTF::HashTraits<WebCore::SelectionSubtreeRoot::SelectionSubtreeData> >&, WebCore::RenderView::SelectionRepaintMode) 8 0x116eaf6bd WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) 9 0x1137cfded WebCore::FrameSelection::updateAppearance() 10 0x1137cee44 WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&) 11 0x1137e8ea5 WebCore::FrameSelection::updateAppearanceAfterLayout() 12 0x1137fc732 WebCore::FrameView::performPostLayoutTasks() 13 0x11380a9e5 WebCore::FrameView::layout(bool) 14 0x112d546b6 WebCore::Document::implicitClose() 15 0x113773669 WebCore::FrameLoader::checkCallImplicitClose() 16 0x11377314c WebCore::FrameLoader::checkCompleted() 17 0x11376f718 WebCore::FrameLoader::finishedParsing() 18 0x112d7797a WebCore::Document::finishedParsing() 19 0x113b32e96 WebCore::HTMLConstructionSite::finishedParsing() 20 0x113e6343c WebCore::HTMLTreeBuilder::finished() 21 0x113ba7b8c WebCore::HTMLDocumentParser::end() 22 0x113ba3d9a WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 23 0x113ba3a09 WebCore::HTMLDocumentParser::prepareToStopParsing() 24 0x113ba7c2e WebCore::HTMLDocumentParser::attemptToEnd() 25 0x113ba7c88 WebCore::HTMLDocumentParser::finish() 26 0x112f335e0 WebCore::DocumentWriter::end() 27 0x112e85a5d WebCore::DocumentLoader::finishedLoading(double) 28 0x112e8556b WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) 29 0x11225de67 WebCore::CachedResource::checkNotify() 30 0x11225e054 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) 31 0x1122543cd WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) ASAN:SIGSEGV ================================================================= ==20754==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010df4b10c bp 0x7fff5ad83ad0 sp 0x7fff5ad83ac0 T0) #0 0x10df4b10b in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b2110b) #1 0x116b2d866 in WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded(WebCore::RenderLayerModelObject const&, WebCore::LayoutRect const&) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4ee8866) #2 0x116b2eddd in WebCore::RenderObject::repaintUsingContainer(WebCore::RenderLayerModelObject const*, WebCore::LayoutRect const&, bool) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4ee9ddd) #3 0x116ba4009 in WebCore::RenderSelectionInfoBase::repaintRectangle(WebCore::LayoutRect const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4f5f009) #4 0x116ba4879 in WebCore::RenderSelectionInfo::repaint() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4f5f879) #5 0x116eb3f17 in WebCore::RenderView::applySubtreeSelection(WebCore::SelectionSubtreeRoot const&, WebCore::RenderView::SelectionRepaintMode, WebCore::SelectionSubtreeRoot::OldSelectionData const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x526ef17) #6 0x116eb00d3 in WebCore::RenderView::updateSelectionForSubtrees(WTF::HashMap<WebCore::SelectionSubtreeRoot*, WebCore::SelectionSubtreeRoot::SelectionSubtreeData, WTF::PtrHash<WebCore::SelectionSubtreeRoot*>, WTF::HashTraits<WebCore::SelectionSubtreeRoot*>, WTF::HashTraits<WebCore::SelectionSubtreeRoot::SelectionSubtreeData> >&, WebCore::RenderView::SelectionRepaintMode) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x526b0d3) #7 0x116eaf6bc in WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x526a6bc) #8 0x1137cfdec in WebCore::FrameSelection::updateAppearance() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b8adec) #9 0x1137cee43 in WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b89e43) #10 0x1137e8ea4 in WebCore::FrameSelection::updateAppearanceAfterLayout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ba3ea4) #11 0x1137fc731 in WebCore::FrameView::performPostLayoutTasks() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bb7731) #12 0x11380a9e4 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bc59e4) #13 0x112d546b5 in WebCore::Document::implicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x110f6b5) #14 0x113773668 in WebCore::FrameLoader::checkCallImplicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e668) #15 0x11377314b in WebCore::FrameLoader::checkCompleted() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e14b) #16 0x11376f717 in WebCore::FrameLoader::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2a717) #17 0x112d77979 in WebCore::Document::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1132979) #18 0x113b32e95 in WebCore::HTMLConstructionSite::finishedParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eede95) #19 0x113e6343b in WebCore::HTMLTreeBuilder::finished() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x221e43b) #20 0x113ba7b8b in WebCore::HTMLDocumentParser::end() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f62b8b) #21 0x113ba3d99 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f5ed99) #22 0x113ba3a08 in WebCore::HTMLDocumentParser::prepareToStopParsing() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f5ea08) #23 0x113ba7c2d in WebCore::HTMLDocumentParser::attemptToEnd() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f62c2d) #24 0x113ba7c87 in WebCore::HTMLDocumentParser::finish() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f62c87) #25 0x112f335df in WebCore::DocumentWriter::end() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12ee5df) #26 0x112e85a5c in WebCore::DocumentLoader::finishedLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1240a5c) #27 0x112e8556a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124056a) #28 0x11225de66 in WebCore::CachedResource::checkNotify() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x618e66) #29 0x11225e053 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x619053) #30 0x1122543cc in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60f3cc) #31 0x117919d20 in WebCore::SubresourceLoader::didFinishLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cd4d20) #32 0x10699f15c in WebKit::WebResourceLoader::didFinishResourceLoad(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b1315c) #33 0x1069b34f2 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b274f2) #34 0x1069b3171 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b27171) #35 0x1069af52e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b2352e) #36 0x1069ac5ad in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b205ad) #37 0x1057224f2 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x8964f2) #38 0x10505ffa0 in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d3fa0) #39 0x105047501 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1bb501) #40 0x105060d90 in IPC::Connection::dispatchOneMessage() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d4d90) #41 0x1050904dc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2044dc) #42 0x1050904ac in void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2044ac) #43 0x1050902cb in std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2042cb) #44 0x10cd839fa in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x19599fa) #45 0x10e0258dd in WTF::RunLoop::performWork() (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bfb8dd) #46 0x10e026849 in WTF::RunLoop::performWork(void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bfc849) #47 0x7fff888498b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0) #48 0x7fff888290ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab) #49 0x7fff888285ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce) #50 0x7fff88827fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #51 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54) #52 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e) #53 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce) #54 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95) #55 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4) #56 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27) #57 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd) #58 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1) #59 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d) #60 0x104e761cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb) #61 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #62 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash ==20754==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 20754) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test case
(399 bytes, text/html)
2016-03-18 09:01 PDT
,
Renata Hodovan
no flags
Details
Patch
(3.94 KB, patch)
2016-03-26 18:20 PDT
,
alan
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
alan
Comment 1
2016-03-26 18:20:49 PDT
Created
attachment 274992
[details]
Patch
WebKit Commit Bot
Comment 2
2016-03-28 11:39:20 PDT
Comment on
attachment 274992
[details]
Patch Clearing flags on attachment: 274992 Committed
r198753
: <
http://trac.webkit.org/changeset/198753
>
WebKit Commit Bot
Comment 3
2016-03-28 11:39:26 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug