NEW 168443
ASSERTION FAILED: !isCalculated() in WebCore::Length::operator*=
https://bugs.webkit.org/show_bug.cgi?id=168443
Summary ASSERTION FAILED: !isCalculated() in WebCore::Length::operator*=
Renata Hodovan
Reported 2017-02-16 10:27:43 PST
Created attachment 301782 [details] Test Load the attached test with debug WebKitTestRunner: Checked version: f7953f1 OS: Darwin-16.4.0-x86_64-i386-64bit <style> * { table-layout:fixed; width:calc(0% - 0em) } </style> <table> <col></col> </table> Backtrace: ASSERTION FAILED: !isCalculated() WebKit/Source/WebCore/platform/Length.h(237) : WebCore::Length &WebCore::Length::operator*=(float) 1 0x11a9a5e51 WTFCrash 2 0x1209727a8 WebCore::Length::operator*=(float) 3 0x120971fc5 WebCore::FixedTableLayout::calcWidthArray() 4 0x120972aef WebCore::FixedTableLayout::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) 5 0x124f4040c WebCore::RenderTable::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const 6 0x124f406c4 WebCore::RenderTable::computePreferredLogicalWidths() 7 0x1248059cf WebCore::RenderBox::minPreferredLogicalWidth() const 8 0x124f30046 WebCore::RenderTable::updateLogicalWidth() 9 0x124f354a1 WebCore::RenderTable::layout() 10 0x124730be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 11 0x124727350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 12 0x124723528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 13 0x12466e4f4 WebCore::RenderBlock::layout() 14 0x124730be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 15 0x124727350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 16 0x124723528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 17 0x12466e4f4 WebCore::RenderBlock::layout() 18 0x124730be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 19 0x124727350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 20 0x124723528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 21 0x12466e4f4 WebCore::RenderBlock::layout() 22 0x125092f06 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 23 0x125095366 WebCore::RenderView::layout() 24 0x120d62c2f WebCore::FrameView::layout(bool) 25 0x12038254a WebCore::Document::implicitClose() 26 0x120ccc563 WebCore::FrameLoader::checkCallImplicitClose() 27 0x120ccbd5c WebCore::FrameLoader::checkCompleted() 28 0x120cc7fa7 WebCore::FrameLoader::finishedParsing() 29 0x1203b2a19 WebCore::Document::finishedParsing() 30 0x1210c6786 WebCore::HTMLConstructionSite::finishedParsing() 31 0x1213f32a8 WebCore::HTMLTreeBuilder::finished() ASAN:DEADLYSIGNAL ================================================================= ==3429==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011a9a5e89 bp 0x7fff529e2290 sp 0x7fff529e2280 T0) #0 0x11a9a5e88 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3375e88) #1 0x1209727a7 in WebCore::Length::operator*=(float) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16f97a7) #2 0x120971fc4 in WebCore::FixedTableLayout::calcWidthArray() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16f8fc4) #3 0x120972aee in WebCore::FixedTableLayout::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x16f9aee) #4 0x124f4040b in WebCore::RenderTable::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cc740b) #5 0x124f406c3 in WebCore::RenderTable::computePreferredLogicalWidths() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cc76c3) #6 0x1248059ce in WebCore::RenderBox::minPreferredLogicalWidth() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x558c9ce) #7 0x124f30045 in WebCore::RenderTable::updateLogicalWidth() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cb7045) #8 0x124f354a0 in WebCore::RenderTable::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cbc4a0) #9 0x124730be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3) #10 0x12472734f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f) #11 0x124723527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527) #12 0x12466e4f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3) #13 0x124730be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3) #14 0x12472734f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f) #15 0x124723527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527) #16 0x12466e4f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3) #17 0x124730be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3) #18 0x12472734f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f) #19 0x124723527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527) #20 0x12466e4f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3) #21 0x125092f05 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e19f05) #22 0x125095365 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1c365) #23 0x120d62c2e in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ae9c2e) #24 0x120382549 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1109549) #25 0x120ccc562 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a53562) #26 0x120ccbd5b in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a52d5b) #27 0x120cc7fa6 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a4efa6) #28 0x1203b2a18 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1139a18) #29 0x1210c6785 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e4d785) #30 0x1213f32a7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x217a2a7) #31 0x12114031b in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec731b) #32 0x12113aac6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec1ac6) #33 0x12113a67d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec167d) #34 0x12114043b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec743b) #35 0x121140573 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec7573) #36 0x120580aff in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1307aff) #37 0x1204c7f32 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124ef32) #38 0x1204c78da in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124e8da) #39 0x11f8857f3 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60c7f3) #40 0x11f885e83 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ce83) #41 0x11f877a58 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5fea58) #42 0x125ab96e2 in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x68406e2) #43 0x10efa3549 in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d76549) #44 0x10efb339e in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8639e) #45 0x10efb3044 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d86044) #46 0x10efb00f0 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d830f0) #47 0x10efae25a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8125a) #48 0x10dab0859 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x883859) #49 0x10d41ec1a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f1c1a) #50 0x10d403244 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d6244) #51 0x10d41f905 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f2905) #52 0x10d4605ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2335ac) #53 0x10d4604d8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2334d8) #54 0x11aa22d20 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x33f2d20) #55 0x11aa68290 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3438290) #56 0x11aa6ce21 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x343ce21) #57 0x7fff8f2b3980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980) #58 0x7fff8f294a7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c) #59 0x7fff8f293f75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75) #60 0x7fff8f293973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973) #61 0x7fff8e81fa5b in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30a5b) #62 0x7fff8e81f890 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30890) #63 0x7fff8e81f6c5 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x306c5) #64 0x7fff8cdc55b3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x475b3) #65 0x7fff8d53fd6a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c1d6a) #66 0x7fff8cdb9f34 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3bf34) #67 0x7fff8cd8484f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x684f) #68 0x7fffa4a4f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6) #69 0x7fffa4a4e2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3) #70 0x10d2120a3 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000020a3) #71 0x7fffa47eb254 in start (/usr/lib/system/libdyld.dylib+0x5254) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3375e88) in WTFCrash ==3429==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 3429) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test (96 bytes, text/html)
2017-02-16 10:27 PST, Renata Hodovan
no flags
Ahmad Saleem
Comment 1 2023-01-20 09:55:37 PST
I am able to reproduce assert and it eventually crashes Mini-Browser WK2 Debug build on Trunk based of 259136@main using attached testcase. Just wanted to update. Thanks!
Note You need to log in before you can comment on or make changes to this bug.