WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
168443
ASSERTION FAILED: !isCalculated() in WebCore::Length::operator*=
https://bugs.webkit.org/show_bug.cgi?id=168443
Summary
ASSERTION FAILED: !isCalculated() in WebCore::Length::operator*=
Renata Hodovan
Reported
2017-02-16 10:27:43 PST
Created
attachment 301782
[details]
Test Load the attached test with debug WebKitTestRunner: Checked version: f7953f1 OS: Darwin-16.4.0-x86_64-i386-64bit <style> * { table-layout:fixed; width:calc(0% - 0em) } </style> <table> <col></col> </table> Backtrace: ASSERTION FAILED: !isCalculated() WebKit/Source/WebCore/platform/Length.h(237) : WebCore::Length &WebCore::Length::operator*=(float) 1 0x11a9a5e51 WTFCrash 2 0x1209727a8 WebCore::Length::operator*=(float) 3 0x120971fc5 WebCore::FixedTableLayout::calcWidthArray() 4 0x120972aef WebCore::FixedTableLayout::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) 5 0x124f4040c WebCore::RenderTable::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const 6 0x124f406c4 WebCore::RenderTable::computePreferredLogicalWidths() 7 0x1248059cf WebCore::RenderBox::minPreferredLogicalWidth() const 8 0x124f30046 WebCore::RenderTable::updateLogicalWidth() 9 0x124f354a1 WebCore::RenderTable::layout() 10 0x124730be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 11 0x124727350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 12 0x124723528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 13 0x12466e4f4 WebCore::RenderBlock::layout() 14 0x124730be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 15 0x124727350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 16 0x124723528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 17 0x12466e4f4 WebCore::RenderBlock::layout() 18 0x124730be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 19 0x124727350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 20 0x124723528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 21 0x12466e4f4 WebCore::RenderBlock::layout() 22 0x125092f06 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 23 0x125095366 WebCore::RenderView::layout() 24 0x120d62c2f WebCore::FrameView::layout(bool) 25 0x12038254a WebCore::Document::implicitClose() 26 0x120ccc563 WebCore::FrameLoader::checkCallImplicitClose() 27 0x120ccbd5c WebCore::FrameLoader::checkCompleted() 28 0x120cc7fa7 WebCore::FrameLoader::finishedParsing() 29 0x1203b2a19 WebCore::Document::finishedParsing() 30 0x1210c6786 WebCore::HTMLConstructionSite::finishedParsing() 31 0x1213f32a8 WebCore::HTMLTreeBuilder::finished() ASAN:DEADLYSIGNAL ================================================================= ==3429==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011a9a5e89 bp 0x7fff529e2290 sp 0x7fff529e2280 T0) #0 0x11a9a5e88 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3375e88) #1 0x1209727a7 in WebCore::Length::operator*=(float) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16f97a7) #2 0x120971fc4 in WebCore::FixedTableLayout::calcWidthArray() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16f8fc4) #3 0x120972aee in WebCore::FixedTableLayout::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16f9aee) #4 0x124f4040b in WebCore::RenderTable::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cc740b) #5 0x124f406c3 in WebCore::RenderTable::computePreferredLogicalWidths() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cc76c3) #6 0x1248059ce in WebCore::RenderBox::minPreferredLogicalWidth() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x558c9ce) #7 0x124f30045 in WebCore::RenderTable::updateLogicalWidth() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cb7045) #8 0x124f354a0 in WebCore::RenderTable::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cbc4a0) #9 0x124730be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3) #10 0x12472734f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f) #11 0x124723527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527) #12 0x12466e4f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3) #13 0x124730be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3) #14 0x12472734f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f) #15 0x124723527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527) #16 0x12466e4f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3) #17 0x124730be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3) #18 0x12472734f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f) #19 0x124723527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527) #20 0x12466e4f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3) #21 0x125092f05 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e19f05) #22 0x125095365 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1c365) #23 0x120d62c2e in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ae9c2e) #24 0x120382549 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1109549) #25 0x120ccc562 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a53562) #26 0x120ccbd5b in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a52d5b) #27 0x120cc7fa6 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a4efa6) #28 0x1203b2a18 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1139a18) #29 0x1210c6785 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e4d785) #30 0x1213f32a7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x217a2a7) #31 0x12114031b in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec731b) #32 0x12113aac6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec1ac6) #33 0x12113a67d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec167d) #34 0x12114043b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec743b) #35 0x121140573 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec7573) #36 0x120580aff in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1307aff) #37 0x1204c7f32 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124ef32) #38 0x1204c78da in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124e8da) #39 0x11f8857f3 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60c7f3) #40 0x11f885e83 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ce83) #41 0x11f877a58 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5fea58) #42 0x125ab96e2 in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x68406e2) #43 0x10efa3549 in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d76549) #44 0x10efb339e in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8639e) #45 0x10efb3044 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d86044) #46 0x10efb00f0 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d830f0) #47 0x10efae25a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8125a) #48 0x10dab0859 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x883859) #49 0x10d41ec1a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f1c1a) #50 0x10d403244 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d6244) #51 0x10d41f905 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f2905) #52 0x10d4605ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2335ac) #53 0x10d4604d8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2334d8) #54 0x11aa22d20 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x33f2d20) #55 0x11aa68290 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3438290) #56 0x11aa6ce21 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x343ce21) #57 0x7fff8f2b3980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980) #58 0x7fff8f294a7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c) #59 0x7fff8f293f75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75) #60 0x7fff8f293973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973) #61 0x7fff8e81fa5b in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30a5b) #62 0x7fff8e81f890 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30890) #63 0x7fff8e81f6c5 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x306c5) #64 0x7fff8cdc55b3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x475b3) #65 0x7fff8d53fd6a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c1d6a) #66 0x7fff8cdb9f34 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3bf34) #67 0x7fff8cd8484f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x684f) #68 0x7fffa4a4f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6) #69 0x7fffa4a4e2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3) #70 0x10d2120a3 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000020a3) #71 0x7fffa47eb254 in start (/usr/lib/system/libdyld.dylib+0x5254) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3375e88) in WTFCrash ==3429==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 3429) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test
(96 bytes, text/html)
2017-02-16 10:27 PST
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Ahmad Saleem
Comment 1
2023-01-20 09:55:37 PST
I am able to reproduce assert and it eventually crashes Mini-Browser WK2 Debug build on Trunk based of
259136@main
using attached testcase. Just wanted to update. Thanks!
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug