166820 – ASSERTION FAILED: run.start < run.end in WebCore::SimpleLineLayout::RunResolver::Run::text

Bug 166820 - ASSERTION FAILED: run.start < run.end in WebCore::SimpleLineLayout::RunResolver::Run::text

Summary: ASSERTION FAILED: run.start < run.end in WebCore::SimpleLineLayout::RunResolv...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2017-01-08 12:05 PST by Renata Hodovan
Modified:	2017-01-09 10:52 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Test (186 bytes, text/html) 2017-01-08 12:05 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2017-01-08 12:05:17 PST

Load the attached test with debug WebKitTestRunner:

Checked version: 217d599
OS: Darwin-15.6.0-x86_64-i386-64bit

<s>window.onload = function() {
try {arparent = dent.getElementById('id_0')
;
try { var
child = doById('id_0') } catch (err) {} 
d<style>*{display:table-footer-group;word-break:break-all

Backtrace:

ASSERTION FAILED: run.start < run.end
WebKit/Source/WebCore/rendering/SimpleLineLayoutResolver.cpp(73) : WTF::StringView WebCore::SimpleLineLayout::RunResolver::Run::text() const
1   0x10b34ed41 WTFCrash
2   0x115773851 WebCore::SimpleLineLayout::RunResolver::Run::text() const
3   0x115123dd4 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
4   0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
5   0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
6   0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
7   0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
8   0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
9   0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
10  0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
11  0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
12  0x1151240b8 WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int)
13  0x1151296c3 WebCore::write(WebCore::TextStream&, WebCore::RenderLayer const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayerPaintPhase, int, unsigned int)
14  0x115126565 WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int)
15  0x1151269b4 WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int)
16  0x115127101 WebCore::externalRepresentation(WebCore::RenderBox*, unsigned int)
17  0x115126d4d WebCore::externalRepresentation(WebCore::Frame*, unsigned int)
18  0x102d053bd WebKit::WebPage::renderTreeExternalRepresentation() const
19  0x103641a9d WKBundlePageCopyRenderTreeExternalRepresentation
20  0x12b93d41e WTR::InjectedBundlePage::dump()
21  0x12b93c122 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool)
22  0x12b938ea7 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*)
23  0x12b936fa8 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*)
24  0x101d932d5 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&)
25  0x102a39956 WebKit::WebFrameLoaderClient::dispatchDidFinishLoad()
26  0x1111c27f8 WebCore::FrameLoader::checkLoadCompleteForThisFrame()
27  0x1111b0c9b WebCore::FrameLoader::checkLoadComplete()
28  0x110a03c37 WebCore::DocumentLoader::finishedLoading(double)
29  0x110a036fb WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&)
30  0x10fd3a014 WebCore::CachedResource::checkNotify()
31  0x10fd3a204 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
ASAN:DEADLYSIGNAL
=================================================================
==35862==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010b34ed79 bp 0x7fff5e2e3010 sp 0x7fff5e2e3000 T0)
    #0 0x10b34ed78 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78)
    #1 0x115773850 in WebCore::SimpleLineLayout::RunResolver::Run::text() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6016850)
    #2 0x115123dd3 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c6dd3)
    #3 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #4 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #5 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #6 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #7 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #8 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #9 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #10 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #11 0x1151240b7 in WebCore::write(WebCore::TextStream&, WebCore::RenderObject const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c70b7)
    #12 0x1151296c2 in WebCore::write(WebCore::TextStream&, WebCore::RenderLayer const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayerPaintPhase, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59cc6c2)
    #13 0x115126564 in WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c9564)
    #14 0x1151269b3 in WebCore::writeLayers(WebCore::TextStream&, WebCore::RenderLayer const*, WebCore::RenderLayer*, WebCore::LayoutRect const&, int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c99b3)
    #15 0x115127100 in WebCore::externalRepresentation(WebCore::RenderBox*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59ca100)
    #16 0x115126d4c in WebCore::externalRepresentation(WebCore::Frame*, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59c9d4c)
    #17 0x102d053bc in WebKit::WebPage::renderTreeExternalRepresentation() const (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13da3bc)
    #18 0x103641a9c in WKBundlePageCopyRenderTreeExternalRepresentation (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d16a9c)
    #19 0x12b93d41d in WTR::InjectedBundlePage::dump() (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x6441d)
    #20 0x12b93c121 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x63121)
    #21 0x12b938ea6 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x5fea6)
    #22 0x12b936fa7 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x5dfa7)
    #23 0x101d932d4 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x4682d4)
    #24 0x102a39955 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x110e955)
    #25 0x1111c27f7 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a657f7)
    #26 0x1111b0c9a in WebCore::FrameLoader::checkLoadComplete() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a53c9a)
    #27 0x110a03c36 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a6c36)
    #28 0x110a036fa in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12a66fa)
    #29 0x10fd3a013 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd013)
    #30 0x10fd3a203 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5dd203)
    #31 0x10fd2fde4 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d2de4)
    #32 0x115b4fd5e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x63f2d5e)
    #33 0x1033f682e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1acb82e)
    #34 0x103404abe in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9abe)
    #35 0x103404764 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad9764)
    #36 0x103401a70 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad6a70)
    #37 0x1033ffe00 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ad4e00)
    #38 0x1020f16d9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c66d9)
    #39 0x101b03e0a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8e0a)
    #40 0x101aec5f4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c15f4)
    #41 0x101b04af5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d9af5)
    #42 0x101b150ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ea0ac)
    #43 0x101b14fd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9fd8)
    #44 0x10b3d3360 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e2d360)
    #45 0x10b41d130 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77130)
    #46 0x10b41def1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e77ef1)
    #47 0x7fff8babb880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880)
    #48 0x7fff8ba9afbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb)
    #49 0x7fff8ba9a4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de)
    #50 0x7fff8ba99ed7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7)
    #51 0x7fff8ce7a934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
    #52 0x7fff8ce7a76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
    #53 0x7fff8ce7a5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
    #54 0x7fff984dfdf5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
    #55 0x7fff984df225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
    #56 0x7fff984d3d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
    #57 0x7fff9849d367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
    #58 0x7fff9cda5193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
    #59 0x7fff9cda3bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
    #60 0x101913f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
    #61 0x7fff94a295ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
    #62 0x0  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2da8d78) in WTFCrash
==35862==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 35862)

Comment 1 Renata Hodovan 2017-01-08 12:05:20 PST

Created attachment 298311 [details]
Test

Comment 2 zalan 2017-01-09 10:52:53 PST

I can't reproduce this r210503. (debug + ASAN)