WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
164185
ASSERTION FAILED: m_endLine > 0 in WebCore::GridSpan::translate
https://bugs.webkit.org/show_bug.cgi?id=164185
Summary
ASSERTION FAILED: m_endLine > 0 in WebCore::GridSpan::translate
Renata Hodovan
Reported
2016-10-29 11:56:11 PDT
Load the attached test with debug WebKitTestRunner: Checked version: 8af8b44 OS: Darwin-15.6.0-x86_64-i386-64bit <style>{}*|*,a{grid-row-end:2168081754 span}*{display:inline-grid;grid-area:i Backtrace: ASSERTION FAILED: m_endLine > 0 WebKit/Source/WebCore/rendering/style/GridArea.h(147) : void WebCore::GridSpan::translate(unsigned int) 1 0x10a3b14f1 WTFCrash 2 0x1137142c9 WebCore::GridSpan::translate(unsigned int) 3 0x1136e2b49 WebCore::RenderGrid::placeItemsOnGrid(WebCore::RenderGrid::SizingOperation) 4 0x1136e134e WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) 5 0x1133551b2 WebCore::RenderBlock::layout() 6 0x1134163e4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 7 0x11340ef50 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 8 0x11340b808 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 9 0x1133551b2 WebCore::RenderBlock::layout() 10 0x113d9c3b6 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 11 0x113d9e816 WebCore::RenderView::layout() 12 0x1101506a2 WebCore::FrameView::layout(bool) 13 0x10f7d06fa WebCore::Document::updateLayout() 14 0x10f7d8fc1 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) 15 0x11045b6ec WebCore::HTMLBodyElement::scrollHeight() 16 0x11169c73a WebCore::jsElementScrollHeightGetter(JSC::ExecState&, WebCore::JSElement&, JSC::ThrowScope&) 17 0x1116675b8 long long WebCore::BindingCaller<WebCore::JSElement>::attribute<&(WebCore::jsElementScrollHeightGetter(JSC::ExecState&, WebCore::JSElement&, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, long long, char const*) 18 0x11166725b WebCore::jsElementScrollHeight(JSC::ExecState*, long long, JSC::PropertyName) 19 0x109e8d62a JSC::PropertySlot::customGetter(JSC::ExecState*, JSC::PropertyName) const 20 0x107a79673 JSC::PropertySlot::getValue(JSC::ExecState*, JSC::PropertyName) const 21 0x107a78dbd JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const 22 0x109a041ff llint_slow_path_get_by_id 23 0x109a326b6 llint_entry 24 0x109a2f4ae vmEntryToJavaScript 25 0x10945d2be JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 26 0x1093286f1 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 27 0x107e0971b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 28 0x107e09c38 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 29 0x107e0a6ae JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 30 0x110fd91f1 WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 31 0x1116eebed WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) ASAN:DEADLYSIGNAL ================================================================= ==9513==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010a3b1529 bp 0x7fff5f0fabe0 sp 0x7fff5f0fabd0 T0) #0 0x10a3b1528 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) #1 0x1137142c8 in WebCore::GridSpan::translate(unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x50c82c8) #2 0x1136e2b48 in WebCore::RenderGrid::placeItemsOnGrid(WebCore::RenderGrid::SizingOperation) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5096b48) #3 0x1136e134d in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x509534d) #4 0x1133551b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #5 0x1134163e3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dca3e3) #6 0x11340ef4f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dc2f4f) #7 0x11340b807 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4dbf807) #8 0x1133551b1 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d091b1) #9 0x113d9c3b5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57503b5) #10 0x113d9e815 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5752815) #11 0x1101506a1 in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b046a1) #12 0x10f7d06f9 in WebCore::Document::updateLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11846f9) #13 0x10f7d8fc0 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x118cfc0) #14 0x11045b6eb in WebCore::HTMLBodyElement::scrollHeight() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e0f6eb) #15 0x11169c739 in WebCore::jsElementScrollHeightGetter(JSC::ExecState&, WebCore::JSElement&, JSC::ThrowScope&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3050739) #16 0x1116675b7 in long long WebCore::BindingCaller<WebCore::JSElement>::attribute<&(WebCore::jsElementScrollHeightGetter(JSC::ExecState&, WebCore::JSElement&, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, long long, char const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x301b5b7) #17 0x11166725a in WebCore::jsElementScrollHeight(JSC::ExecState*, long long, JSC::PropertyName) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x301b25a) #18 0x109e8d629 in JSC::PropertySlot::customGetter(JSC::ExecState*, JSC::PropertyName) const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x27dd629) #19 0x107a79672 in JSC::PropertySlot::getValue(JSC::ExecState*, JSC::PropertyName) const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3c9672) #20 0x107a78dbc in JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3c8dbc) #21 0x109a041fe in llint_slow_path_get_by_id (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x23541fe) #22 0x109a326b5 in llint_entry (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x23826b5) #23 0x109a2f4ad in vmEntryToJavaScript (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x237f4ad) #24 0x10945d2bd in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1dad2bd) #25 0x1093286f0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1c786f0) #26 0x107e0971a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x75971a) #27 0x107e09c37 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x759c37) #28 0x107e0a6ad in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x75a6ad) #29 0x110fd91f0 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x298d1f0) #30 0x1116eebec in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x30a2bec) #31 0x10fc663c8 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x161a3c8) #32 0x10fc65c15 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1619c15) #33 0x10fa3d92a in WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13f192a) #34 0x10fa54344 in WebCore::DOMWindow::dispatchLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1408344) #35 0x10f7e2ad1 in WebCore::Document::dispatchWindowLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1196ad1) #36 0x10f7d854c in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x118c54c) #37 0x1100be1e2 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a721e2) #38 0x1100bdccb in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71ccb) #39 0x1100bdde4 in WebCore::FrameLoader::loadDone() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71de4) #40 0x10ec9221e in WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x64621e) #41 0x11474f339 in WebCore::SubresourceLoader::notifyDone() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6103339) #42 0x11474fa9a in WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6103a9a) #43 0x1025a56d0 in WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a916d0) #44 0x1025b3e09 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9fe09) #45 0x1025b3a14 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9fa14) #46 0x1025b0a93 in void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9ca93) #47 0x1025aec4b in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9ac4b) #48 0x1012d7da9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c3da9) #49 0x100cebfba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d7fba) #50 0x100cd47c4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c07c4) #51 0x100cecca5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8ca5) #52 0x100cfd25c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e925c) #53 0x100cfd188 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9188) #54 0x10a435830 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d85830) #55 0x10a47fc46 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dcfc46) #56 0x10a480b11 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dd0b11) #57 0x7fff81c1f880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880) #58 0x7fff81bfefbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb) #59 0x7fff81bfe4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de) #60 0x7fff81bfded7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7) #61 0x7fff82fde934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #62 0x7fff82fde76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #63 0x7fff82fde5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #64 0x7fff8e643df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #65 0x7fff8e643225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #66 0x7fff8e637d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #67 0x7fff8e601367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #68 0x7fff92f09193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #69 0x7fff92f07bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #70 0x100afbf73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #71 0x7fff8ab8d5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #72 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) in WTFCrash ==9513==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 9513)
Attachments
Test
(77 bytes, text/html)
2016-10-29 11:56 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2016-10-29 11:56:14 PDT
Created
attachment 293305
[details]
Test
Frédéric Wang (:fredw)
Comment 2
2017-11-16 08:42:02 PST
@Renata: I'm not able to reproduce the issue. I tried with debug build of WebKitGTK (
r224920
) and macOS (
r224757
).
Renata Hodovan
Comment 3
2017-11-21 01:20:40 PST
(In reply to Frédéric Wang (:fredw) from
comment #2
)
> @Renata: I'm not able to reproduce the issue. I tried with debug build of > WebKitGTK (
r224920
) and macOS (
r224757
).
@Frédéric: I cannot repro it either, so I think we can close it.
Frédéric Wang (:fredw)
Comment 4
2017-11-21 01:21:42 PST
OK, thanks for checking it!
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug