WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
164076
ASSERTION FAILED: !m_trailingWhitespaceWidth in WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace
https://bugs.webkit.org/show_bug.cgi?id=164076
Summary
ASSERTION FAILED: !m_trailingWhitespaceWidth in WebCore::SimpleLineLayout::Li...
Renata Hodovan
Reported
2016-10-27 13:43:09 PDT
Load the attached test with debug WebKitTestRunner: Checked version: 2c9fa6e OS: Darwin-15.6.0-x86_64-i386-64bit <style>a,a{white-space:pre-wrap;font-size:0;display:grid</style><a>	 Backtrace: ASSERTION FAILED: !m_trailingWhitespaceWidth WebKit/Source/WebCore/rendering/SimpleLineLayout.cpp(529) : void WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace(Layout::RunVector &) 1 0x1191bc4f1 WTFCrash 2 0x123174387 WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&) 3 0x12316d52d WebCore::SimpleLineLayout::removeTrailingWhitespace(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::SimpleLineLayout::TextFragmentIterator const&) 4 0x12316a75d WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WTF::Optional<unsigned int>, unsigned int&, WebCore::SimpleLineLayout::TextFragmentIterator const&, bool) 5 0x1231640e3 WebCore::SimpleLineLayout::createTextRuns(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::RenderBlockFlow&, unsigned int&) 6 0x123163752 WebCore::SimpleLineLayout::create(WebCore::RenderBlockFlow&) 7 0x12221fbbf WebCore::RenderBlockFlow::layoutSimpleLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 8 0x12221563b WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 9 0x122212791 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 10 0x12215c1b2 WebCore::RenderBlock::layout() 11 0x11ebe93ec WebCore::RenderElement::layoutIfNeeded() 12 0x1224f2e41 WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const 13 0x1224f4652 WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 14 0x1224f373e WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 15 0x1224f657c WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const 16 0x1224eeca7 WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 17 0x1224e5317 WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const 18 0x1224eac6d WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) 19 0x1224e85ad WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) 20 0x12215c1b2 WebCore::RenderBlock::layout() 21 0x11ebe93ec WebCore::RenderElement::layoutIfNeeded() 22 0x1224f2e41 WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const 23 0x1224f4652 WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 24 0x1224f373e WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 25 0x1224f657c WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const 26 0x1224eeca7 WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const 27 0x1224e5317 WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const 28 0x1224eac6d WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) 29 0x1224e85ad WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) 30 0x12215c1b2 WebCore::RenderBlock::layout() 31 0x11ebe93ec WebCore::RenderElement::layoutIfNeeded() ASAN:DEADLYSIGNAL ================================================================= ==9085==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001191bc529 bp 0x7fff502e1690 sp 0x7fff502e1680 T0) #0 0x1191bc528 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) #1 0x123174386 in WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d21386) #2 0x12316d52c in WebCore::SimpleLineLayout::removeTrailingWhitespace(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::SimpleLineLayout::TextFragmentIterator const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d1a52c) #3 0x12316a75c in WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns(WebCore::SimpleLineLayout::LineState&, WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WTF::Optional<unsigned int>, unsigned int&, WebCore::SimpleLineLayout::TextFragmentIterator const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d1775c) #4 0x1231640e2 in WebCore::SimpleLineLayout::createTextRuns(WTF::Vector<WebCore::SimpleLineLayout::Run, 10ul, WTF::CrashOnOverflow, 16ul>&, WebCore::RenderBlockFlow&, unsigned int&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d110e2) #5 0x123163751 in WebCore::SimpleLineLayout::create(WebCore::RenderBlockFlow&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d10751) #6 0x12221fbbe in WebCore::RenderBlockFlow::layoutSimpleLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dccbbe) #7 0x12221563a in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dc263a) #8 0x122212790 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dbf790) #9 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #10 0x11ebe93eb in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x17963eb) #11 0x1224f2e40 in WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509fe40) #12 0x1224f4651 in WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a1651) #13 0x1224f373d in WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a073d) #14 0x1224f657b in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a357b) #15 0x1224eeca6 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509bca6) #16 0x1224e5316 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5092316) #17 0x1224eac6c in WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5097c6c) #18 0x1224e85ac in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50955ac) #19 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #20 0x11ebe93eb in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x17963eb) #21 0x1224f2e40 in WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509fe40) #22 0x1224f4651 in WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a1651) #23 0x1224f373d in WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a073d) #24 0x1224f657b in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a357b) #25 0x1224eeca6 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509bca6) #26 0x1224e5316 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5092316) #27 0x1224eac6c in WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5097c6c) #28 0x1224e85ac in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50955ac) #29 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #30 0x11ebe93eb in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x17963eb) #31 0x1224f2e40 in WebCore::RenderGrid::logicalHeightForChild(WebCore::RenderBox&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509fe40) #32 0x1224f4651 in WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a1651) #33 0x1224f373d in WebCore::RenderGrid::minSizeForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a073d) #34 0x1224f657b in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems(WebCore::GridTrackSizingDirection, WebCore::GridSpan const&, WebCore::RenderBox&, WebCore::GridTrack&, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50a357b) #35 0x1224eeca6 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509bca6) #36 0x1224e5316 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks(WebCore::GridTrackSizingDirection, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5092316) #37 0x1224eac6c in WebCore::RenderGrid::computeIntrinsicLogicalHeight(WebCore::RenderGrid::GridSizingData&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5097c6c) #38 0x1224e85ac in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50955ac) #39 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #40 0x12221d3e3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dca3e3) #41 0x122215f4f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dc2f4f) #42 0x122212807 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dbf807) #43 0x12215c1b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #44 0x122ba33b5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57503b5) #45 0x122ba5815 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5752815) #46 0x11ef576a1 in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b046a1) #47 0x11e5df9d5 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x118c9d5) #48 0x11eec51e2 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a721e2) #49 0x11eec4ccb in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71ccb) #50 0x11eec1176 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a6e176) #51 0x11e603ab2 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11b0ab2) #52 0x11f28a555 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e37555) #53 0x11f5825b7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x212f5b7) #54 0x11f2fdcfb in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaacfb) #55 0x11f2f99e6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea69e6) #56 0x11f2f964d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea664d) #57 0x11f2fdd9b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaad9b) #58 0x11f2fddf3 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaadf3) #59 0x11e7c897f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x137597f) #60 0x11e722e56 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cfe56) #61 0x11e72298a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cf98a) #62 0x11da64b23 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611b23) #63 0x11da64d13 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611d13) #64 0x11da59d54 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x606d54) #65 0x123552e8e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ffe8e) #66 0x1113b843e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9143e) #67 0x1113c66ce in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f6ce) #68 0x1113c6374 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f374) #69 0x1113c3680 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9c680) #70 0x1113c1a10 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9aa10) #71 0x1100eada9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c3da9) #72 0x10fafefba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d7fba) #73 0x10fae77c4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c07c4) #74 0x10faffca5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8ca5) #75 0x10fb1025c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e925c) #76 0x10fb10188 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9188) #77 0x119240830 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d85830) #78 0x11928ad50 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dcfd50) #79 0x11928bb11 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dd0b11) #80 0x7fff81c1f880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880) #81 0x7fff81bfefbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb) #82 0x7fff81bfe4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de) #83 0x7fff81bfded7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7) #84 0x7fff82fde934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #85 0x7fff82fde76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #86 0x7fff82fde5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #87 0x7fff8e643df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #88 0x7fff8e643225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #89 0x7fff8e637d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #90 0x7fff8e601367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #91 0x7fff92f09193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #92 0x7fff92f07bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #93 0x10f90ef73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #94 0x7fff8ab8d5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #95 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) in WTFCrash ==9085==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 9085)
Attachments
Test
(70 bytes, application/octet-stream)
2016-10-27 13:43 PDT
,
Renata Hodovan
no flags
Details
Patch
(4.40 KB, patch)
2016-10-31 11:49 PDT
,
alan
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2016-10-27 13:43:13 PDT
Created
attachment 293051
[details]
Test
alan
Comment 2
2016-10-28 21:17:12 PDT
It looks like we end up with a NaN tab width when the font-size is 0. FontCascade::tabWidth() -> float tabDeltaWidth = tabWidth - fmodf(position, tabWidth); when tabWidth = 0 -> tabDeltaWidth = NaN diff --git a/Source/WebCore/platform/graphics/FontCascade.h b/Source/WebCore/platform/graphics/FontCascade.h index a463e37..a461402 100644 --- a/Source/WebCore/platform/graphics/FontCascade.h +++ b/Source/WebCore/platform/graphics/FontCascade.h @@ -365,6 +365,8 @@ inline float FontCascade::tabWidth(const Font& font, unsigned tabSize, float pos if (!tabSize) return letterSpacing(); float tabWidth = tabSize * font.spaceWidth() + letterSpacing(); + if (!tabWidth) + return 0; float tabDeltaWidth = tabWidth - fmodf(position, tabWidth); return (tabDeltaWidth < font.spaceWidth() / 2) ? tabWidth : tabDeltaWidth; } ^^ fixes the NaN issue, though I guess it's pretty useless to iterate through all the runs when the font size is 0.
alan
Comment 3
2016-10-28 21:45:55 PDT
early return on zero fonts. diff --git a/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp b/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp index 251dfe3..cb68346 100644 --- a/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp +++ b/Source/WebCore/rendering/SimpleLineLayoutTextFragmentIterator.cpp @@ -149,6 +149,8 @@ float TextFragmentIterator::textWidth(unsigned from, unsigned to, float xPositio auto& segment = *m_currentSegment; ASSERT(segment.start <= from && from <= segment.end && segment.start <= to && to <= segment.end); ASSERT(is<RenderText>(segment.renderer)); + if (!m_style.font.size()) + return 0; if (m_style.font.isFixedPitch() || (from == segment.start && to == segment.end)) return downcast<RenderText>(segment.renderer).width(from - segment.start, to - from, m_style.font, xPosition, nullptr, nullptr); return segment.text.is8Bit() ? runWidth<LChar>(segment, from, to, xPosition) : runWidth<UChar>(segment, from, to, xPosition); @@ -197,7 +199,7 @@ template <typename CharacterType> float TextFragmentIterator::runWidth(const FlowContents::Segment& segment, unsigned startPosition, unsigned endPosition, float xPosition) const { ASSERT(startPosition <= endPosition); - if (startPosition == endPosition) + if (startPosition == endPosition || !m_style.font.size()) return 0; unsigned segmentFrom = startPosition - segment.start; unsigned segmentTo = endPosition - segment.start;
alan
Comment 4
2016-10-31 11:49:35 PDT
Created
attachment 293444
[details]
Patch
WebKit Commit Bot
Comment 5
2016-10-31 13:19:33 PDT
Comment on
attachment 293444
[details]
Patch Clearing flags on attachment: 293444 Committed
r208170
: <
http://trac.webkit.org/changeset/208170
>
WebKit Commit Bot
Comment 6
2016-10-31 13:19:37 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug