WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
178939
ASSERTION FAILED: beforeChildAnonymousContainer->isTable() in WebCore::RenderBlock::addChildIgnoringContinuation
https://bugs.webkit.org/show_bug.cgi?id=178939
Summary
ASSERTION FAILED: beforeChildAnonymousContainer->isTable() in WebCore::Render...
Renata Hodovan
Reported
2017-10-27 09:01:54 PDT
Created
attachment 325165
[details]
Test Load the attached test with debug WebKitTestRunner: <strike> <summary> <select autofocus="true"></select> <noscript></noscript> Checked version: 9e82982 OS: macOS Sierra (10.12.6) Backtrace: ASSERTION FAILED: beforeChildAnonymousContainer->isTable() WebKit/Source/WebCore/rendering/RenderBlock.cpp(575) : virtual void WebCore::RenderBlock::addChildIgnoringContinuation(RenderPtr<WebCore::RenderObject>, WebCore::RenderObject *) 1 0x134349321 WTFCrash 2 0x113160383 WebCore::RenderBlock::addChildIgnoringContinuation(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) 3 0x11315ee8b WebCore::RenderBlock::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) 4 0x1132893c0 WebCore::RenderBlockFlow::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) 5 0x113bf712a WebCore::RenderTreePosition::insert(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>) 6 0x113bf8b20 WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*) 7 0x113bf2045 WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*) 8 0x113bf1688 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) 9 0x113bf0261 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) 10 0x11835afeb WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 11 0x11835dbf3 WebCore::Document::updateStyleIfNeeded() 12 0x118379b71 WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusDirection, WebCore::Document::FocusRemovalEventsMode) 13 0x111b25389 WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::Frame&, WebCore::FocusDirection) 14 0x1184ae9bb WebCore::Element::focus(bool, WebCore::FocusDirection) 15 0x11230839f WebCore::HTMLFormControlElement::didAttachRenderers()::$_1::operator()() const 16 0x112308259 WTF::Function<void ()>::CallableWrapper<WebCore::HTMLFormControlElement::didAttachRenderers()::$_1>::call() 17 0x1110a0f93 WTF::Function<void ()>::operator()() const 18 0x11416fe62 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() 19 0x11416ff75 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() 20 0x11835b433 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 21 0x11835dbf3 WebCore::Document::updateStyleIfNeeded() 22 0x1183f0686 WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0::operator()() const 23 0x1183f0619 WTF::Function<void ()>::CallableWrapper<WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0>::call() 24 0x1110a0f93 WTF::Function<void ()>::operator()() const 25 0x11115d2e9 WebCore::Timer::fired() 26 0x1146f3bc0 WebCore::ThreadTimers::sharedTimerFiredInternal() 27 0x1146f53a1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 28 0x1146f5359 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() 29 0x1110a0f93 WTF::Function<void ()>::operator()() const 30 0x112ad02aa WebCore::MainThreadSharedTimer::fired() 31 0x112ad0a6a WebCore::timerFired(__CFRunLoopTimer*, void*) ASAN:DEADLYSIGNAL ================================================================= ==34099==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000134349359 bp 0x7fff58bf5630 sp 0x7fff58bf5620 T0) ==34099==The signal is caused by a WRITE memory access. ==34099==WARNING: invalid path to external symbolizer! ==34099==WARNING: Failed to use and restart external symbolizer! #0 0x134349358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) #1 0x113160382 in WebCore::RenderBlock::addChildIgnoringContinuation(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20d8382) #2 0x11315ee8a in WebCore::RenderBlock::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20d6e8a) #3 0x1132893bf in WebCore::RenderBlockFlow::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x22013bf) #4 0x113bf7129 in WebCore::RenderTreePosition::insert(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6f129) #5 0x113bf8b1f in WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b70b1f) #6 0x113bf2044 in WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6a044) #7 0x113bf1687 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b69687) #8 0x113bf0260 in WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b68260) #9 0x11835afea in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d2fea) #10 0x11835dbf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2) #11 0x118379b70 in WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusDirection, WebCore::Document::FocusRemovalEventsMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72f1b70) #12 0x111b25388 in WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::Frame&, WebCore::FocusDirection) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xa9d388) #13 0x1184ae9ba in WebCore::Element::focus(bool, WebCore::FocusDirection) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74269ba) #14 0x11230839e in WebCore::HTMLFormControlElement::didAttachRenderers()::$_1::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x128039e) #15 0x112308258 in WTF::Function<void ()>::CallableWrapper<WebCore::HTMLFormControlElement::didAttachRenderers()::$_1>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1280258) #16 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92) #17 0x11416fe61 in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x30e7e61) #18 0x11416ff74 in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x30e7f74) #19 0x11835b432 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d3432) #20 0x11835dbf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2) #21 0x1183f0685 in WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7368685) #22 0x1183f0618 in WTF::Function<void ()>::CallableWrapper<WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7368618) #23 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92) #24 0x11115d2e8 in WebCore::Timer::fired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xd52e8) #25 0x1146f3bbf in WebCore::ThreadTimers::sharedTimerFiredInternal() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366bbbf) #26 0x1146f53a0 in WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366d3a0) #27 0x1146f5358 in WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366d358) #28 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92) #29 0x112ad02a9 in WebCore::MainThreadSharedTimer::fired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1a482a9) #30 0x112ad0a69 in WebCore::timerFired(__CFRunLoopTimer*, void*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1a48a69) #31 0x7fffcdf2ac53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #32 0x7fffcdf2a8de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #33 0x7fffcdf2a439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #34 0x7fffcdf21b80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #35 0x7fffcdf21113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #36 0x7fffcd481ebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #37 0x7fffcd481cf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #38 0x7fffcd481b25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #39 0x7fffcba1aa53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #40 0x7fffcc1967ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #41 0x7fffcba0f3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #42 0x7fffcb9d9e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #43 0x7fffe39028c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #44 0x7fffe39012e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #45 0x107000dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0) #46 0x7fffe36a9234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) ==34099==Register values: rax = 0x00000000bbadbeef rbx = 0x00007fff58bf5a40 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000 rdi = 0x00001fffeb17ea7c rsi = 0x0000000000000000 rbp = 0x00007fff58bf5630 rsp = 0x00007fff58bf5620 r8 = 0x000000000000002e r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff r12 = 0x0000100000000000 r13 = 0x000000011315f070 r14 = 0xf2f2f200f201f2f2 r15 = 0xf200f201f1f1f1f1 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash ==34099==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 34099) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test
(76 bytes, text/html)
2017-10-27 09:01 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug