Created attachment 274432 [details] Test case Load the attached test with minibrowser: <!DOCTYPE html> <style> * { min-height: 16006%; } </style> <ruby> <select autofocus> <script src="modem:foo.bar"></script> </select> <rt></rt> </select> OS: Mac OS X 10.11.1 (x86_64), x86_64 Checked build: ASAN debug Checked version: 5e169ea Backtrace: ASSERTION FAILED: !needsLayout() /Users/reni/work/WebKit/Source/WebCore/rendering/RenderRubyRun.cpp(314) : void WebCore::RenderRubyRun::getOverhang(bool, WebCore::RenderObject *, WebCore::RenderObject *, float &, float &) const 1 0x111cb80d4 WTFCrash 2 0x11a8f2abe WebCore::RenderRubyRun::getOverhang(bool, WebCore::RenderObject*, WebCore::RenderObject*, float&, float&) const 3 0x1198f5e22 WebCore::LineWidth::applyOverhang(WebCore::RenderRubyRun*, WebCore::RenderObject*, WebCore::RenderObject*) 4 0x1198a6111 WebCore::BreakingContext::handleReplaced() 5 0x11989e1a3 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) 6 0x11a338544 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) 7 0x11a335162 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) 8 0x11a340d74 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 9 0x11a2b9725 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 10 0x11a2b639c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 11 0x11a20cbd8 WebCore::RenderBlock::layout() 12 0x11a2c1793 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 13 0x11a2b9eff WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 14 0x11a2b6415 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x11a20cbd8 WebCore::RenderBlock::layout() 16 0x11a2c1793 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x11a2b9eff WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 18 0x11a2b6415 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x11a20cbd8 WebCore::RenderBlock::layout() 20 0x11ac115a6 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 21 0x11ac13669 WebCore::RenderView::layout() 22 0x11757a1f9 WebCore::FrameView::layout(bool) 23 0x116ac46b6 WebCore::Document::implicitClose() 24 0x1174e3669 WebCore::FrameLoader::checkCallImplicitClose() 25 0x1174e314c WebCore::FrameLoader::checkCompleted() 26 0x1174e3265 WebCore::FrameLoader::loadDone() 27 0x116000826 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) 28 0x11b68a6aa WebCore::SubresourceLoader::notifyDone() 29 0x11b68ae39 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) 30 0x10a70a404 WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) 31 0x10a71edae void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::index_sequence<0ul>) ASAN:SIGSEGV ================================================================= ==59437==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000111cb810c bp 0x7fff570193d0 sp 0x7fff570193c0 T0) #0 0x111cb810b in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b2110b) #1 0x11a8f2abd in WebCore::RenderRubyRun::getOverhang(bool, WebCore::RenderObject*, WebCore::RenderObject*, float&, float&) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4f3dabd) #2 0x1198f5e21 in WebCore::LineWidth::applyOverhang(WebCore::RenderRubyRun*, WebCore::RenderObject*, WebCore::RenderObject*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3f40e21) #3 0x1198a6110 in WebCore::BreakingContext::handleReplaced() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ef1110) #4 0x11989e1a2 in WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ee91a2) #5 0x11a338543 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4983543) #6 0x11a335161 in WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4980161) #7 0x11a340d73 in WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x498bd73) #8 0x11a2b9724 in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4904724) #9 0x11a2b639b in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x490139b) #10 0x11a20cbd7 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4857bd7) #11 0x11a2c1792 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x490c792) #12 0x11a2b9efe in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4904efe) #13 0x11a2b6414 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4901414) #14 0x11a20cbd7 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4857bd7) #15 0x11a2c1792 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x490c792) #16 0x11a2b9efe in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4904efe) #17 0x11a2b6414 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4901414) #18 0x11a20cbd7 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4857bd7) #19 0x11ac115a5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x525c5a5) #20 0x11ac13668 in WebCore::RenderView::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x525e668) #21 0x11757a1f8 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bc51f8) #22 0x116ac46b5 in WebCore::Document::implicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x110f6b5) #23 0x1174e3668 in WebCore::FrameLoader::checkCallImplicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e668) #24 0x1174e314b in WebCore::FrameLoader::checkCompleted() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e14b) #25 0x1174e3264 in WebCore::FrameLoader::loadDone() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e264) #26 0x116000825 in WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x64b825) #27 0x11b68a6a9 in WebCore::SubresourceLoader::notifyDone() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cd56a9) #28 0x11b68ae38 in WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cd5e38) #29 0x10a70a403 in WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b13403) #30 0x10a71edad in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::index_sequence<0ul>) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b27dad) #31 0x10a71e991 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::make_index_sequence<1ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b27991) #32 0x10a71aa89 in void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b23a89) #33 0x10a717b9e in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b20b9e) #34 0x10948d4f2 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x8964f2) #35 0x108dcafa0 in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d3fa0) #36 0x108db2501 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1bb501) #37 0x108dcbd90 in IPC::Connection::dispatchOneMessage() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d4d90) #38 0x108dfb4dc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2044dc) #39 0x108dfb4ac in void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2044ac) #40 0x108dfb2cb in std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2042cb) #41 0x110af09fa in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x19599fa) #42 0x111d928dd in WTF::RunLoop::performWork() (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bfb8dd) #43 0x111d93849 in WTF::RunLoop::performWork(void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bfc849) #44 0x7fff888498b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0) #45 0x7fff888290ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab) #46 0x7fff888285ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce) #47 0x7fff88827fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #48 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54) #49 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e) #50 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce) #51 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95) #52 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4) #53 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27) #54 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd) #55 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1) #56 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d) #57 0x108bdb1cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb) #58 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #59 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash ==59437==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 59437) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
This issue does not reproduce under r204037. If you believe there is still a problem, please reopen the bug and attach a revised test case.