RESOLVED CONFIGURATION CHANGED 231244
Regression (r283339): [ iOS15 Debug ] fast/attachment tests are ASSERTION FAILED: !textPosition.x 
https://bugs.webkit.org/show_bug.cgi?id=231244
Summary Regression (r283339): [ iOS15 Debug ] fast/attachment tests are ASSERTION FAI...
ayumi_kojima
Reported 2021-10-05 11:35:39 PDT
fast/attachment/attachment-label-highlight.html fast/attachment/attachment-title-with-rtl.html Are crashing on iOS 15 Debug. History: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=fast%2Fattachment%2Fattachment-label-highlight.html&test=fast%2Fattachment%2Fattachment-title-with-rtl.html Stderr: ASSERTION FAILED: !textPosition.x ./platform/graphics/coretext/DrawGlyphsRecorderCoreText.cpp(305) : void WebCore::DrawGlyphsRecorder::recordDrawGlyphs(CGRenderingStateRef, CGGStateRef, const CGAffineTransform *, const CGGlyph *, const CGPoint *, size_t) 1 0x138fc4e99 WTFCrash 2 0x15cd408bb WTFCrashWithInfo(int, char const*, char const*, int) 3 0x161366010 WebCore::DrawGlyphsRecorder::recordDrawGlyphs(CGRenderingState*, CGGState*, CGAffineTransform const*, unsigned short const*, CGPoint const*, unsigned long) 4 0x16136438c WebCore::drawGlyphs(CGContextDelegate*, CGRenderingState*, CGGState*, CGAffineTransform const*, unsigned short const*, CGPoint const*, unsigned long) 5 0x1141b8e21 draw_glyphs.11583 6 0x1141b8a9b CGContextShowGlyphsWithAdvances 7 0x110e53650 EnumerateOverlappingGlyphs(CGContext*, TFont const&, unsigned short const*, long, int, void (CFRange, bool) block_pointer) 8 0x110e551f3 CTFontDrawGlyphsWithAdvancesInternal 9 0x110e1bf17 TRun::DrawGlyphs(CGContext*, CFRange) const 10 0x110e34ed0 TLine::DrawGlyphs(CGContext*) const 11 0x161368304 WebCore::DrawGlyphsRecorder::drawNativeText(__CTFont const*, double, __CTLine const*, CGRect) 12 0x15f22cea5 WebCore::paintAttachmentText(WebCore::GraphicsContext&, WebCore::RenderAttachmentInfo&) 13 0x15f22c54c WebCore::RenderThemeIOS::paintAttachment(WebCore::RenderObject const&, WebCore::PaintInfo const&, WebCore::IntRect const&) 14 0x161a2a613 WebCore::RenderTheme::paint(WebCore::RenderBox const&, WebCore::ControlStates&, WebCore::PaintInfo const&, WebCore::LayoutRect const&) 15 0x1617abd72 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 16 0x16199faae WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 17 0x1618392b9 WebCore::paintPhase(WebCore::RenderElement&, WebCore::PaintPhase, WebCore::PaintInfo&, WebCore::LayoutPoint const&) 18 0x161839248 WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 19 0x160a3d350 WebCore::LayoutIntegration::LineLayout::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 20 0x1617a25d4 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 21 0x161778a52 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 22 0x16177a12e WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 23 0x16177836b WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 24 0x161778fc2 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) 25 0x161778bf7 WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) 26 0x161778b66 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 27 0x16177a12e WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 28 0x16177836b WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 29 0x1618ce300 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) 30 0x1618cc061 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) 31 0x1618c7e0f WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) com.apple.WebKit.WebContent.Development terminated (pid 85202) because the process crashed
Attachments
Crash log (166.27 KB, text/plain)
2021-10-05 11:37 PDT, ayumi_kojima 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
ayumi_kojima
Comment 1 2021-10-05 11:37:46 PDT
Created attachment 440239 [details] Crash log
Radar WebKit Bug Importer
Comment 2 2021-10-05 11:38:04 PDT
<rdar://problem/83896187>
ayumi_kojima
Comment 3 2021-10-05 11:39:47 PDT
According to the history, it appears that the crash started somewhere between r283320 and r283355
ayumi_kojima
Comment 4 2021-10-05 14:05:10 PDT
I was able to reproduce the crash locally using fast/attachment/attachment-label-highlight.html --debug --ios-simulator. The test crashed with r283339 and passed with r283332 (No revisions to test in-between).
ayumi_kojima
Comment 5 2021-10-05 14:06:22 PDT
I think https://trac.webkit.org/changeset/283339/webkit may have caused the crash.
ayumi_kojima
Comment 6 2021-10-05 15:32:35 PDT
Reverted the change here https://trac.webkit.org/changeset/283577/webkit
Devin Rousso
Comment 7 2021-10-08 16:43:13 PDT
After talking with @Myles Maxfield, we believe that the failing `ASSERT` is no longer (and may never have been) accurate/needed. CT is allowed to modify the text position between the `CGContextSetTextPosition` call and `DrawGlyphsRecorder::recordDrawGlyphs`. I tested this by calling `CGContextSetTextPosition` with manually overridden coordinates and visually confirming that the output was moved by the relevant amount.
Note You need to log in before you can comment on or make changes to this bug.