WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
166820
ASSERTION FAILED: run.start < run.end in WebCore::SimpleLineLayout::RunResolver::Run::text
https://bugs.webkit.org/show_bug.cgi?id=166820
Summary
ASSERTION FAILED: run.start < run.end in WebCore::SimpleLineLayout::RunResolv...
Renata Hodovan
Reported
2017-01-08 12:05:17 PST
Load the attached test with debug WebKitTestRunner: Checked version: 217d599 OS: Darwin-15.6.0-x86_64-i386-64bit <s>window.onload = function() { try {arparent = dent.getElementById('id_0') ; try { var child = doById('id_0') } catch (err) {} d<style>*{display:table-footer-group;word-break:break-all Backtrace: ASSERTION FAILED: run.start < run.end WebKit/Source/WebCore/rendering/SimpleLineLayoutResolver.cpp(73) : WTF::StringView WebCore::SimpleLineLayout::RunResolver::Run::text() const 1 0x10b34ed41 WTFCrash 2 0x115773851 WebCore::SimpleLineLayout::RunResolver::Run::text() const 3 0x115123dd4 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 4 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 5 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 6 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 7 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 8 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 9 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 10 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 11 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 12 0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) 13 0x1151296c3 WebCore::write(WebCore::TextStream&, WebCore::RenderLayer const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayerPaintPhase, int, unsigned int) 14 0x115126565 WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int) 15 0x1151269b4 WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int) 16 0x115127101 WebCore::externalRepresentation(WebCore::RenderBox*, unsigned int) 17 0x115126d4d WebCore::externalRepresentation(WebCore::Frame*, unsigned int) 18 0x102d053bd WebKit::WebPage::renderTreeExternalRepresentation() const 19 0x103641a9d WKBundlePageCopyRenderTreeExternalRepresentation 20 0x12b93d41e WTR::InjectedBundlePage::dump() 21 0x12b93c122 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) 22 0x12b938ea7 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) 23 0x12b936fa8 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) 24 0x101d932d5 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) 25 0x102a39956 WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() 26 0x1111c27f8 WebCore::FrameLoader::checkLoadCompleteForThisFrame() 27 0x1111b0c9b WebCore::FrameLoader::checkLoadComplete() 28 0x110a03c37 WebCore::DocumentLoader::finishedLoading(double) 29 0x110a036fb WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) 30 0x10fd3a014 WebCore::CachedResource::checkNotify() 31 0x10fd3a204 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) ASAN:DEADLYSIGNAL ================================================================= ==35862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010b34ed79 bp 0x7fff5e2e3010 sp 0x7fff5e2e3000 T0) #0 0x10b34ed78 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) #1 0x115773850 in WebCore::SimpleLineLayout::RunResolver::Run::text() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6016850) #2 0x115123dd3 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c6dd3) #3 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #4 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #5 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #6 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #7 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #8 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #9 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #10 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #11 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7) #12 0x1151296c2 in WebCore::write(WebCore::TextStream&, WebCore::RenderLayer const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayerPaintPhase, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59cc6c2) #13 0x115126564 in WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c9564) #14 0x1151269b3 in WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c99b3) #15 0x115127100 in WebCore::externalRepresentation(WebCore::RenderBox*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59ca100) #16 0x115126d4c in WebCore::externalRepresentation(WebCore::Frame*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c9d4c) #17 0x102d053bc in WebKit::WebPage::renderTreeExternalRepresentation() const (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13da3bc) #18 0x103641a9c in WKBundlePageCopyRenderTreeExternalRepresentation (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d16a9c) #19 0x12b93d41d in WTR::InjectedBundlePage::dump() (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x6441d) #20 0x12b93c121 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x63121) #21 0x12b938ea6 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x5fea6) #22 0x12b936fa7 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x5dfa7) #23 0x101d932d4 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x4682d4) #24 0x102a39955 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x110e955) #25 0x1111c27f7 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a657f7) #26 0x1111b0c9a in WebCore::FrameLoader::checkLoadComplete() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a53c9a) #27 0x110a03c36 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a6c36) #28 0x110a036fa in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a66fa) #29 0x10fd3a013 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd013) #30 0x10fd3a203 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd203) #31 0x10fd2fde4 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d2de4) #32 0x115b4fd5e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63f2d5e) #33 0x1033f682e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1acb82e) #34 0x103404abe in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9abe) #35 0x103404764 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9764) #36 0x103401a70 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad6a70) #37 0x1033ffe00 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad4e00) #38 0x1020f16d9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c66d9) #39 0x101b03e0a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8e0a) #40 0x101aec5f4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c15f4) #41 0x101b04af5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d9af5) #42 0x101b150ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ea0ac) #43 0x101b14fd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9fd8) #44 0x10b3d3360 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e2d360) #45 0x10b41d130 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77130) #46 0x10b41def1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77ef1) #47 0x7fff8babb880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880) #48 0x7fff8ba9afbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb) #49 0x7fff8ba9a4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de) #50 0x7fff8ba99ed7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7) #51 0x7fff8ce7a934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #52 0x7fff8ce7a76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #53 0x7fff8ce7a5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #54 0x7fff984dfdf5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #55 0x7fff984df225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #56 0x7fff984d3d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #57 0x7fff9849d367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #58 0x7fff9cda5193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #59 0x7fff9cda3bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #60 0x101913f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #61 0x7fff94a295ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #62 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) in WTFCrash ==35862==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 35862)
Attachments
Test
(186 bytes, text/html)
2017-01-08 12:05 PST
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2017-01-08 12:05:20 PST
Created
attachment 298311
[details]
Test
zalan
Comment 2
2017-01-09 10:52:53 PST
I can't reproduce this
r210503
. (debug + ASAN)
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug