235574 – ASSERTION FAILED: outer.contains(inner) ../../Source/WebCore/rendering/style/NinePieceImage.cpp(129)

Bug 235574 - ASSERTION FAILED: outer.contains(inner) ../../Source/WebCore/rendering/style/NinePieceImage.cpp(129)

Summary: ASSERTION FAILED: outer.contains(inner) ../../Source/WebCore/rendering/style/...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-01-25 04:25 PST by A
Modified:	2022-02-01 04:26 PST (History)
CC List:	3 users (show)

See Also:

Attachments
the html trigger crash (275 bytes, text/html) 2022-01-25 04:25 PST, A	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description A 2022-01-25 04:25:52 PST

Created attachment 449915 [details]
the html trigger crash

1. build a debug webkit
2. open html
3. crash


ASSERTION FAILED: outer.contains(inner)
../../Source/WebCore/rendering/style/NinePieceImage.cpp(129) : static WTF::Vector<WebCore::FloatRect> WebCore::NinePieceImage::computeNineRects(const WebCore::FloatRect&, const LayoutB
oxExtent&, float)
1   0x7fac915b0964 WTFReportBacktrace
2   0x7fac915b0c01 WTFCrash
3   0x7facab0a7ba1 WTF::CrashOnOverflow::overflowed()
4   0x7facb4f34707 WebCore::NinePieceImage::computeNineRects(WebCore::FloatRect const&, WebCore::RectEdges<WebCore::LayoutUnit> const&, float)
5   0x7facb4f379a7 WebCore::NinePieceImage::paint(WebCore::GraphicsContext&, WebCore::RenderElement*, WebCore::RenderStyle const&, WebCore::LayoutRect const&, WebCore::LayoutSize const
&, float, WebCore::CompositeOperator) const
6   0x7facb494f122 WebCore::RenderBoxModelObject::paintNinePieceImage(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::NinePieceImage const&
, WebCore::CompositeOperator)
7   0x7facb49562d6 WebCore::RenderBoxModelObject::paintBorder(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::BackgroundBleedAvoidance, boo
l, bool)
8   0x7facb48fb042 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
9   0x7facb47e921d WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
10  0x7facb47e7563 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
11  0x7facb4b1099c WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsCont
ext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*)
12  0x7facb4b0b541 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFl
ag>)
13  0x7facb4b06b08 WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer:
:PaintLayerFlag>)
14  0x7facb4b06517 WebCore::RenderLayer::paintLayerWithEffects(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLaye
rFlag>)
15  0x7facb4b056f0 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>)
16  0x7facb4b0d7a4 WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::R
enderLayer::PaintLayerFlag>)
17  0x7facb4b0b915 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFl
ag>)
18  0x7facb4b58b0f /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x1e113b0f) [0x7facb4b58b0f]
19  0x7facb4b59539 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>
, WebCore::EventRegionContext*)
20  0x7facb4b5b4d0 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
21  0x7facb4034f37 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
22  0x7facae45a84a /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x17a1584a) [0x7facae45a84a]
23  0x7facae45af58 /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x17a15f58) [0x7facae45af58]
24  0x7facae45ad6e Nicosia::PaintingEngineBasic::paint(WebCore::GraphicsLayer&, WTF::Ref<Nicosia::Buffer, WTF::RawPtrTraits<Nicosia::Buffer> >&&, WebCore::IntRect const&, WebCore::IntR
ect const&, WebCore::IntRect const&, float)
25  0x7facae43378f WebCore::CoordinatedGraphicsLayer::updateContentBuffers()
26  0x7facae4323e2 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()

Comment 1 Radar WebKit Bug Importer 2022-02-01 04:26:21 PST

<rdar://problem/88322193>