Bug 163461 - ASSERTION FAILED: !rect.isEmpty() in WebCore::GraphicsContext::drawRect
Summary: ASSERTION FAILED: !rect.isEmpty() in WebCore::GraphicsContext::drawRect
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: zalan
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2016-10-14 14:52 PDT by Renata Hodovan
Modified: 2016-12-26 19:15 PST (History)
7 users (show)

See Also:

Attachments
Test (36 bytes, text/html)
2016-10-14 14:52 PDT, Renata Hodovan 		no flags Details
Patch (9.96 KB, patch)
2016-12-25 22:04 PST, zalan 		no flags Details | Formatted Diff | Diff
Patch (5.49 KB, patch)
2016-12-26 18:37 PST, zalan 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2016-10-14 14:52:10 PDT 
Load the attached test with debug webkittestrunner.

Checked version: 2c9fa6e
OS: Darwin-15.6.0-x86_64-i386-64bit

<ul style=font-size:1px><ul><ul><li>

Backtrace:

WebKit/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm(229) : static bool WebKit::SandboxExtension::createHandle(const WTF::String &, WebKit::SandboxExtension::Type, WebKit::SandboxExtension::Handle &)
ASSERTION FAILED: !rect.isEmpty()
WebKit/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp(421) : void WebCore::GraphicsContext::drawRect(const WebCore::FloatRect &, float)
1   0x10ab034f1 WTFCrash
2   0x110a4f315 WebCore::GraphicsContext::drawRect(WebCore::FloatRect const&, float)
3   0x114073234 WebCore::RenderListMarker::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
4   0x113d51387 WebCore::paintPhase(WebCore::RenderElement&, WebCore::PaintPhase, WebCore::PaintInfo&, WebCore::LayoutPoint const&)
5   0x113d5120e WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
6   0x111276ccb WebCore::InlineElementBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit)
7   0x11128a3ff WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit)
8   0x1146392ac WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit)
9   0x11403d94d WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const
10  0x113ba0119 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
11  0x113aaca50 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
12  0x113aaf01b WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
13  0x113aac452 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
14  0x11406b6ea WebCore::RenderListItem::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
15  0x113aad971 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType)
16  0x113aacdbe WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool)
17  0x113aaccb8 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
18  0x113aaf01b WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
19  0x113aac452 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
20  0x113aad971 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType)
21  0x113aacdbe WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool)
22  0x113aaccb8 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
23  0x113aaf01b WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
24  0x113aac452 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
25  0x11406b6ea WebCore::RenderListItem::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
26  0x113aad971 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType)
27  0x113aacdbe WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool)
28  0x113aaccb8 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
29  0x113aaf01b WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
30  0x113aac452 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
31  0x113f35294 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*)
ASAN:DEADLYSIGNAL
=================================================================
==8147==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010ab03529 bp 0x7fff5e9a2030 sp 0x7fff5e9a2020 T0)
    #0 0x10ab03528 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528)
    #1 0x110a4f314 in WebCore::GraphicsContext::drawRect(WebCore::FloatRect const&, float) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1cb5314)
    #2 0x114073233 in WebCore::RenderListMarker::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52d9233)
    #3 0x113d51386 in WebCore::paintPhase(WebCore::RenderElement&, WebCore::PaintPhase, WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4fb7386)
    #4 0x113d5120d in WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4fb720d)
    #5 0x111276cca in WebCore::InlineElementBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x24dccca)
    #6 0x11128a3fe in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x24f03fe)
    #7 0x1146392ab in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x589f2ab)
    #8 0x11403d94c in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a394c)
    #9 0x113ba0118 in WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4e06118)
    #10 0x113aaca4f in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12a4f)
    #11 0x113aaf01a in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d1501a)
    #12 0x113aac451 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12451)
    #13 0x11406b6e9 in WebCore::RenderListItem::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52d16e9)
    #14 0x113aad970 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d13970)
    #15 0x113aacdbd in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12dbd)
    #16 0x113aaccb7 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12cb7)
    #17 0x113aaf01a in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d1501a)
    #18 0x113aac451 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12451)
    #19 0x113aad970 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d13970)
    #20 0x113aacdbd in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12dbd)
    #21 0x113aaccb7 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12cb7)
    #22 0x113aaf01a in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d1501a)
    #23 0x113aac451 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12451)
    #24 0x11406b6e9 in WebCore::RenderListItem::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52d16e9)
    #25 0x113aad970 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d13970)
    #26 0x113aacdbd in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12dbd)
    #27 0x113aaccb7 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12cb7)
    #28 0x113aaf01a in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d1501a)
    #29 0x113aac451 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d12451)
    #30 0x113f35293 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x519b293)
    #31 0x113f2bb5d in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5191b5d)
    #32 0x113f1e80c in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x518480c)
    #33 0x113fbd574 in WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5223574)
    #34 0x113fbe5f5 in WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52245f5)
    #35 0x110a6e11c in WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1cd411c)
    #36 0x110a9734a in WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1cfd34a)
    #37 0x1139455fb in WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4bab5fb)
    #38 0x115880ee3 in -[WebLayer drawInContext:] (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6ae6ee3)
    #39 0x7fff871afb18 in CABackingStoreUpdate_ (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x20b18)
    #40 0x7fff871aed6c in invocation function for block in CA::Layer::display_() (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x1fd6c)
    #41 0x7fff871ae758 in CA::Layer::display_() (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x1f758)
    #42 0x115881fa8 in -[WebSimpleLayer display] (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6ae7fa8)
    #43 0x7fff871a04a4 in CA::Layer::display_if_needed(CA::Transaction*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x114a4)
    #44 0x7fff8719ffcc in CA::Layer::layout_and_display_if_needed(CA::Transaction*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x10fcc)
    #45 0x7fff8719f4a0 in CA::Context::commit_transaction(CA::Transaction*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x104a0)
    #46 0x7fff8719f0eb in CA::Transaction::commit() (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x100eb)
    #47 0x101fab433 in WebKit::TiledCoreAnimationDrawingArea::forceRepaint() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xd44433)
    #48 0x10262348c in WebKit::WebPage::forceRepaintWithoutCallback() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13bc48c)
    #49 0x102f45d5c in WKBundlePageForceRepaint (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1cded5c)
    #50 0x12a3de1ac in WTR::InjectedBundlePage::dump() (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x641ac)
    #51 0x12a3dd121 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x63121)
    #52 0x12a3d9ea6 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x5fea6)
    #53 0x12a3d7fa7 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x5dfa7)
    #54 0x1016cdaf4 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x466af4)
    #55 0x10234eeb5 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x10e7eb5)
    #56 0x11081e8c7 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a848c7)
    #57 0x11080cbca in WebCore::FrameLoader::checkLoadComplete() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a72bca)
    #58 0x11080bd55 in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71d55)
    #59 0x11080bde4 in WebCore::FrameLoader::loadDone() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71de4)
    #60 0x10f3e021e in WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x64621e)
    #61 0x114e9d339 in WebCore::SubresourceLoader::notifyDone() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6103339)
    #62 0x114e9da9a in WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6103a9a)
    #63 0x102cf86d0 in WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a916d0)
    #64 0x102d06e09 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9fe09)
    #65 0x102d06a14 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9fa14)
    #66 0x102d03a93 in void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9ca93)
    #67 0x102d01c4b in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9ac4b)
    #68 0x101a2ada9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c3da9)
    #69 0x10143efba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d7fba)
    #70 0x1014277c4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c07c4)
    #71 0x10143fca5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8ca5)
    #72 0x10145025c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e925c)
    #73 0x101450188 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9188)
    #74 0x10ab87830 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d85830)
    #75 0x10abd1d50 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dcfd50)
    #76 0x10abd2b11 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dd0b11)
    #77 0x7fff833a6880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880)
    #78 0x7fff83385fbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb)
    #79 0x7fff833854de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de)
    #80 0x7fff83384ed7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7)
    #81 0x7fff84765934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
    #82 0x7fff8476576e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
    #83 0x7fff847655ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
    #84 0x7fff8fdcadf5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
    #85 0x7fff8fdca225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
    #86 0x7fff8fdbed7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
    #87 0x7fff8fd88367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
    #88 0x7fff94690193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
    #89 0x7fff9468ebbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
    #90 0x101250f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
    #91 0x7fff8c3145ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
    #92 0x0  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) in WTFCrash
==8147==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 8147)
Comment 1 Renata Hodovan 2016-10-14 14:52:13 PDT 
Created attachment 291669 [details]
Test
Comment 2 zalan 2016-12-25 22:04:49 PST 
Created attachment 297759 [details]
Patch
Comment 3 Darin Adler 2016-12-26 01:30:39 PST 
Comment on attachment 297759 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=297759&action=review

Better, but not 100% right, I think.

> Source/WebCore/rendering/RenderListMarker.cpp:1191
> +    auto marker = getRelativeMarkerRect();

Should be markerRect, not marker.

> Source/WebCore/rendering/RenderListMarker.cpp:1780
> +            LayoutUnit ascent = fontMetrics.ascent();
> +            LayoutUnit bulletWidth = (ascent * 2 / 3 + 1) / 2;
> +            relativeRect = LayoutRect(1, 3 * (ascent - ascent * 2 / 3) / 2, bulletWidth, bulletWidth);

We are using ascent instead of floatAscent, which means it gets truncated to an integer before putting it into a LayoutUnit; is that what we want?

I also think the rounding tricks here are no longer quite right. For example, the bullet width math adds 1 before dividing by 2. That’s a trick for rounding instead of truncating when dealing with integers, and it seems inappropriate for LayoutUnit. I’m not sure we have sufficient test cases.
Comment 4 zalan 2016-12-26 17:17:45 PST 
(In reply to comment #3)
> Comment on attachment 297759 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=297759&action=review
> 
> Better, but not 100% right, I think.
> 
> > Source/WebCore/rendering/RenderListMarker.cpp:1191
> > +    auto marker = getRelativeMarkerRect();
> 
> Should be markerRect, not marker.
> 
> > Source/WebCore/rendering/RenderListMarker.cpp:1780
> > +            LayoutUnit ascent = fontMetrics.ascent();
> > +            LayoutUnit bulletWidth = (ascent * 2 / 3 + 1) / 2;
> > +            relativeRect = LayoutRect(1, 3 * (ascent - ascent * 2 / 3) / 2, bulletWidth, bulletWidth);
> 
> We are using ascent instead of floatAscent, which means it gets truncated to
> an integer before putting it into a LayoutUnit; is that what we want?
> 
> I also think the rounding tricks here are no longer quite right. For
> example, the bullet width math adds 1 before dividing by 2. That’s a trick
> for rounding instead of truncating when dealing with integers, and it seems
> inappropriate for LayoutUnit. I’m not sure we have sufficient test cases.
You are right. What I am gonna do is decouple the actual assert fix and the subpixel adjustment and land the subpixel part later(bug 166487)
Comment 5 zalan 2016-12-26 18:37:31 PST 
Created attachment 297776 [details]
Patch
Comment 6 WebKit Commit Bot 2016-12-26 19:15:19 PST 
Comment on attachment 297776 [details]
Patch

Clearing flags on attachment: 297776

Committed r210152: <http://trac.webkit.org/changeset/210152>
Comment 7 WebKit Commit Bot 2016-12-26 19:15:24 PST 
All reviewed patches have been landed.  Closing bug.