Bug 166010 - ASSERTION FAILED: !parent->renderer()->isEmbeddedObject() in WebCore::HTMLEmbedElement::rendererIsNeeded
Summary: ASSERTION FAILED: !parent->renderer()->isEmbeddedObject() in WebCore::HTMLEmb...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2016-12-18 03:36 PST by Renata Hodovan
Modified: 2023-01-20 10:11 PST (History)
4 users (show)

See Also:

Attachments
Test (48 bytes, text/html)
2016-12-18 03:36 PST, Renata Hodovan 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2016-12-18 03:36:35 PST 
Load the attached test with debug WebKitTestRunner:

Checked version: f368f1d
OS: Darwin-15.6.0-x86_64-i386-64bit

<object><embed src><LINK REL="stylesheet"href=.>

Backtrace:

ASSERTION FAILED: !parent->renderer()->isEmbeddedObject()
WebKit/Source/WebCore/html/HTMLEmbedElement.cpp(199) : virtual bool WebCore::HTMLEmbedElement::rendererIsNeeded(const WebCore::RenderStyle &)
1   0x11980bf31 WTFCrash
2   0x11fc2f78b WebCore::HTMLEmbedElement::rendererIsNeeded(WebCore::RenderStyle const&)
3   0x1242a4d28 WebCore::Style::affectsRenderedSubtree(WebCore::Element&, WebCore::RenderStyle const&)
4   0x1242a3524 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&)
5   0x1242a6d40 WebCore::Style::TreeResolver::resolveComposedTree()
6   0x1242a887a WebCore::Style::TreeResolver::resolve(WebCore::Style::Change)
7   0x11ee814a3 WebCore::Document::recalcStyle(WebCore::Style::Change)
8   0x11ee6c10b WebCore::Document::updateStyleIfNeeded()
9   0x11f8439e7 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive()
10  0x111086a85 WebKit::WebPage::layoutIfNeeded()
11  0x1109daf58 WebKit::TiledCoreAnimationDrawingArea::flushLayers()
12  0x12244795c WebCore::LayerFlushScheduler::layerFlushCallback()
13  0x12244ad6c WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const
14  0x12244ac8d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_
15  0x12244ac39 std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()()
16  0x11de01445 std::__1::function<void ()>::operator()() const
17  0x123ac355f WebCore::RunLoopObserver::runLoopObserverFired()
18  0x123ac34e0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*)
19  0x7fff927c8fc7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
20  0x7fff927c8f37 __CFRunLoopDoObservers
21  0x7fff927a7e58 CFRunLoopRunSpecific
22  0x7fff90b63935 RunCurrentEventLoopInMode
23  0x7fff90b6376f ReceiveNextEventCommon
24  0x7fff90b635af _BlockUntilNextEventMatchingListInModeWithFilter
25  0x7fff95a03df6 _DPSNextEvent
26  0x7fff95a03226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
27  0x7fff959f7d80 -[NSApplication run]
28  0x7fff959c1368 NSApplicationMain
29  0x7fff897b8194 _xpc_objc_main
30  0x7fff897b6bbe xpc_main
31  0x10fc81f74 main
ASAN:DEADLYSIGNAL
=================================================================
==53912==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011980bf69 bp 0x7fff4ff79a60 sp 0x7fff4ff79a50 T0)
    #0 0x11980bf68 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e6ef68)
    #1 0x11fc2f78a in WebCore::HTMLEmbedElement::rendererIsNeeded(WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f2578a)
    #2 0x1242a4d27 in WebCore::Style::affectsRenderedSubtree(WebCore::Element&, WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659ad27)
    #3 0x1242a3523 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6599523)
    #4 0x1242a6d3f in WebCore::Style::TreeResolver::resolveComposedTree() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659cd3f)
    #5 0x1242a8879 in WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659e879)
    #6 0x11ee814a2 in WebCore::Document::recalcStyle(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11774a2)
    #7 0x11ee6c10a in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x116210a)
    #8 0x11f8439e6 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b399e6)
    #9 0x111086a84 in WebKit::WebPage::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13eda84)
    #10 0x1109daf57 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xd41f57)
    #11 0x12244795b in WebCore::LayerFlushScheduler::layerFlushCallback() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x473d95b)
    #12 0x12244ad6b in WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740d6b)
    #13 0x12244ac8c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740c8c)
    #14 0x12244ac38 in std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740c38)
    #15 0x11de01444 in std::__1::function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0xf7444)
    #16 0x123ac355e in WebCore::RunLoopObserver::runLoopObserverFired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5db955e)
    #17 0x123ac34df in WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5db94df)
    #18 0x7fff927c8fc6 in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9fc6)
    #19 0x7fff927c8f36 in __CFRunLoopDoObservers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9f36)
    #20 0x7fff927a7e57 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e57)
    #21 0x7fff90b63934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
    #22 0x7fff90b6376e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
    #23 0x7fff90b635ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
    #24 0x7fff95a03df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
    #25 0x7fff95a03225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
    #26 0x7fff959f7d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
    #27 0x7fff959c1367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
    #28 0x7fff897b8193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
    #29 0x7fff897b6bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
    #30 0x10fc81f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
    #31 0x7fff9c5a45ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
    #32 0x0  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e6ef68) in WTFCrash
==53912==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 53912)
Comment 1 Renata Hodovan 2016-12-18 03:36:38 PST 
Created attachment 297436 [details]
Test
Comment 2 Ahmad Saleem 2023-01-20 10:11:21 PST 
Loading this test case in WK2 Debug Mini-Browser only load following in Terminal logs:

CONSOLE SECURITY ERROR Did not parse stylesheet at 'https://bug-166010-attachments.webkit.org/' because non CSS MIME types are not allowed when 'X-Content-Type-Options: nosniff' is given.

Any steps to reproduce it or if it is not instantly showing assert failed while loading, we can consider this as fixed or resolved?
Comment 3 Ahmad Saleem 2023-01-20 10:11:45 PST 
(In reply to Ahmad Saleem from comment #2)
> Loading this test case in WK2 Debug Mini-Browser only load following in
> Terminal logs:
> 
> CONSOLE SECURITY ERROR Did not parse stylesheet at
> 'https://bug-166010-attachments.webkit.org/' because non CSS MIME types are
> not allowed when 'X-Content-Type-Options: nosniff' is given.
> 
> Any steps to reproduce it or if it is not instantly showing assert failed
> while loading, we can consider this as fixed or resolved?

WebKit Debug based of 259136@main.