241007 – ASSERTION FAILED: type != SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN

Bug 241007 - ASSERTION FAILED: type != SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN

Summary: ASSERTION FAILED: type != SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-05-27 03:17 PDT by Frédéric Wang (:fredw)
Modified:	2022-06-03 03:18 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Repro case (419 bytes, text/html) 2022-05-27 03:17 PDT, Frédéric Wang (:fredw)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frédéric Wang (:fredw) 2022-05-27 03:17:59 PDT

Created attachment 459804 [details]
Repro case

With the attached testcase at https://commits.webkit.org/250833@main I'm getting this debug assertion:

#0  WTFCrash() () at /app/webkit/Source/WTF/wtf/Assertions.cpp:322
#1  0x00007ff517ff1cf6 in WTFCrashWithInfo(int, char const*, char const*, int) () at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Assertions.h:748
#2  0x00007ff51dd26f06 in WebCore::SVGLengthContext::resolveRectangle(WebCore::SVGElement const*, WebCore::SVGUnitTypes::SVGUnitType, WebCore::FloatRect const&, WebCore::SVGLengthValue const&, WebCore::SVGLengthValue const&, WebCore::SVGLengthValue const&, WebCore::SVGLengthValue const&) (context=0x7ff50534b580, type=WebCore::SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN, viewport=..., x=..., y=..., width=..., height=...) at /app/webkit/Source/WebCore/svg/SVGLengthContext.cpp:53
#3  0x00007ff51d5a30b5 in WebCore::SVGLengthContext::resolveRectangle<WebCore::SVGFilterElement>(WebCore::SVGFilterElement const*, WebCore::SVGUnitTypes::SVGUnitType, WebCore::FloatRect const&) (context=
    0x7ff50534b580, type=WebCore::SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN, viewport=...) at /app/webkit/Source/WebCore/svg/SVGLengthContext.h:41
#4  0x00007ff51d9d81f9 in WebCore::RenderSVGResourceFilter::resourceBoundingBox(WebCore::RenderObject const&) (this=0x7ff50530c610, object=...) at /app/webkit/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp:225
#5  0x00007ff51da21638 in WebCore::SVGRenderSupport::intersectRepaintRectWithResources(WebCore::RenderElement const&, WebCore::FloatRect&) (renderer=..., repaintRect=...)
    at /app/webkit/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:323
#6  0x00007ff51d9b6be7 in WebCore::LegacyRenderSVGShape::updateRepaintBoundingBox() (this=0x7ff50530c780) at /app/webkit/Source/WebCore/rendering/svg/LegacyRenderSVGShape.cpp:448
#7  0x00007ff51d9b508e in WebCore::LegacyRenderSVGShape::layout() (this=0x7ff50530c780) at /app/webkit/Source/WebCore/rendering/svg/LegacyRenderSVGShape.cpp:154
#8  0x00007ff51da212b5 in WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement&, bool) (start=..., selfNeedsLayout=false) at /app/webkit/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:285
#9  0x00007ff51d9b28d3 in WebCore::LegacyRenderSVGRoot::layout() (this=0x7ff50530c430) at /app/webkit/Source/WebCore/rendering/svg/LegacyRenderSVGRoot.cpp:185
#10 0x00007ff51d5dda61 in WebCore::RenderElement::layoutIfNeeded() (this=0x7ff50530c430) at /app/webkit/Source/WebCore/rendering/RenderElement.h:147
#11 0x00007ff51d61e483 in WebCore::LegacyLineLayout::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7ff4a4cd9a50, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...)
    at /app/webkit/Source/WebCore/rendering/LegacyLineLayout.cpp:1792
#12 0x00007ff51d67766d in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7ff505349e30, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...)
    at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:722
#13 0x00007ff51d67692a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7ff505349e30, relayoutChildren=false, pageLogicalHeight=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:533
#14 0x00007ff51d664c57 in WebCore::RenderBlock::layout() (this=0x7ff505349e30) at /app/webkit/Source/WebCore/rendering/RenderBlock.cpp:616
#15 0x00007ff51d677a0c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
    (this=0x7ff505349cf0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:780
#16 0x00007ff51d6774bf in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=0x7ff505349cf0, relayoutChildren=false, maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:684
#17 0x00007ff51d67694e in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7ff505349cf0, relayoutChildren=false, pageLogicalHeight=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:535
#18 0x00007ff51d664c57 in WebCore::RenderBlock::layout() (this=0x7ff505349cf0) at /app/webkit/Source/WebCore/rendering/RenderBlock.cpp:616
#19 0x00007ff51d677a0c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
    (this=0x7ff5053493f0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:780
#20 0x00007ff51d6774bf in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=0x7ff5053493f0, relayoutChildren=false, maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:684
#21 0x00007ff51d67694e in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7ff5053493f0, relayoutChildren=false, pageLogicalHeight=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:535
#22 0x00007ff51d664c57 in WebCore::RenderBlock::layout() (this=0x7ff5053493f0) at /app/webkit/Source/WebCore/rendering/RenderBlock.cpp:616
#23 0x00007ff51d8e458e in WebCore::RenderView::layout() (this=0x7ff5053493f0) at /app/webkit/Source/WebCore/rendering/RenderView.cpp:186
#24 0x00007ff51cd917a0 in WebCore::FrameViewLayoutContext::layout() (this=0x7ff505348160) at /app/webkit/Source/WebCore/page/FrameViewLayoutContext.cpp:235
#25 0x00007ff51cd306c3 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7ff505348010) at /app/webkit/Source/WebCore/page/FrameView.cpp:4565
#26 0x00007ff51cdce547 in WebCore::Page::layoutIfNeeded() (this=0x7ff4becf0600) at /app/webkit/Source/WebCore/page/Page.cpp:1543
#27 0x00007ff51cdcede1 in WebCore::Page::updateRendering() (this=0x7ff4becf0600) at /app/webkit/Source/WebCore/page/Page.cpp:1621
#28 0x00007ff5197a867c in WebKit::WebPage::updateRendering() (this=0x7ff4bdcf9680) at /app/webkit/Source/WebKit/WebProcess/WebPage/WebPage.cpp:4408
#29 0x00007ff51983cbcc in WebKit::DrawingAreaCoordinatedGraphics::display(WebKit::UpdateInfo&) (this=0x7ff50528e140, updateInfo=...)
    at /app/webkit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:811
#30 0x00007ff51983c818 in WebKit::DrawingAreaCoordinatedGraphics::display() (this=0x7ff50528e140) at /app/webkit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:765
#31 0x00007ff51983a547 in WebKit::DrawingAreaCoordinatedGraphics::forceRepaint() (this=0x7ff50528e140) at /app/webkit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:182
#32 0x00007ff5197a7ed1 in WebKit::WebPage::forceRepaintWithoutCallback() (this=0x7ff4bdcf9680) at /app/webkit/Source/WebKit/WebProcess/WebPage/WebPage.cpp:4074

#33 0x00007ff5194de2c8 in WKBundlePageForceRepaint(WKBundlePageRef) (page=0x7ff4bdcf9680) at /app/webkit/Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:549
#34 0x00007ff4aad0a8b3 in WTR::InjectedBundlePage::dump() (this=0x7ff505244678) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:798
#35 0x00007ff4aad0f8da in WTR::dumpAfterWaitAttributeIsRemoved(WKBundlePageRef) (page=0x7ff4bdcf9680) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:1788
#36 0x00007ff4aad0fa24 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*) (this=0x7ff505244678, frame=0x7ff5052fcbd0) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:1821
#37 0x00007ff4aad0af37 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (this=0x7ff505244678, frame=0x7ff5052fcbd0) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:874
#38 0x00007ff4aad098c1 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (page=0x7ff4bdcf9680, frame=0x7ff5052fcbd0, clientInfo=0x7ff505244678)
    at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:507
#39 0x00007ff51949f4c5 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage&, WebKit::WebFrame&, WTF::RefPtr<API::Object, WTF::RawPtrTraits<API::Object>, WTF::DefaultRefDerefTraits<API::Object> >&)
    (this=0x7ff50525b000, page=..., frame=..., userData=...) at /app/webkit/Source/WebKit/WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.cpp:139
#40 0x00007ff5196fdb96 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (this=0x7ff5052e7d20) at /app/webkit/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:684
#41 0x00007ff51cb44ff5 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (this=0x7ff50528d000) at /app/webkit/Source/WebCore/loader/FrameLoader.cpp:2612
#42 0x00007ff51cb45b84 in WebCore::FrameLoader::checkLoadComplete() (this=0x7ff50528d000) at /app/webkit/Source/WebCore/loader/FrameLoader.cpp:2767
#43 0x00007ff51cae6430 in WebCore::DocumentLoader::finishedLoading() (this=0x7ff4a4ce0000) at /app/webkit/Source/WebCore/loader/DocumentLoader.cpp:508
--Type <RET> for more, q to quit, c to continue without paging--
#44 0x00007ff51cae5ddf in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) (this=0x7ff4a4ce0000, resource=..., metrics=...) at /app/webkit/Source/WebCore/loader/DocumentLoader.cpp:446
#45 0x00007ff51cc2d431 in WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) (this=0x7ff4becfa000, metrics=...) at /app/webkit/Source/WebCore/loader/cache/CachedResource.cpp:336
#46 0x00007ff51cc2d599 in WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) (this=0x7ff4becfa000, metrics=...)
    at /app/webkit/Source/WebCore/loader/cache/CachedResource.cpp:352
#47 0x00007ff51cc28e3f in WebCore::CachedRawResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) (this=0x7ff4becfa000, data=0x7ff4a4cfa770, metrics=...)
    at /app/webkit/Source/WebCore/loader/cache/CachedRawResource.cpp:129
#48 0x00007ff51cbbeefb in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (this=0x7ff4a4cdd000, networkLoadMetrics=...) at /app/webkit/Source/WebCore/loader/SubresourceLoader.cpp:735
#49 0x00007ff5195ed437 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (this=0x7ff50520e8a0, networkLoadMetrics=...) at /app/webkit/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:258
#50 0x00007ff5185f3b0b in IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>&&, std::integer_sequence<unsigned long, 0ul>) (object=0x7ff50520e8a0, function=
    (void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const WebCore::NetworkLoadMetrics &)) 0x7ff5195ed13a <WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)>, args=...)
    at /app/webkit/Source/WebKit/Platform/IPC/HandleMessage.h:131
#51 0x00007ff5185f2b12 in IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (args=..., object=0x7ff50520e8a0, function=
    (void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const WebCore::NetworkLoadMetrics &)) 0x7ff5195ed13a <WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)>)
    at /app/webkit/Source/WebKit/Platform/IPC/HandleMessage.h:137
#52 0x00007ff5185f1f16 in IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (connection=..., decoder=..., object=0x7ff50520e8a0, function=
    (void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const WebCore::NetworkLoadMetrics &)) 0x7ff5195ed13a <WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)>)
    at /app/webkit/Source/WebKit/Platform/IPC/HandleMessage.h:259
#53 0x00007ff5185f1542 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (this=0x7ff50520e8a0, connection=..., decoder=...)
    at /app/webkit/WebKitBuild/Debug/DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:75
#54 0x00007ff5195e3b1d in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x7ff5052ee190, connection=..., decoder=...)
    at /app/webkit/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:102
#55 0x00007ff518c794ac in IPC::Connection::dispatchMessage(IPC::Decoder&) (this=0x7ff5052df1c8, decoder=...) at /app/webkit/Source/WebKit/Platform/IPC/Connection.cpp:1108
#56 0x00007ff518c79742 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)Traceback (most recent call last):
#57 0x00007ff518c79cea in IPC::Connection::dispatchOneIncomingMessage() (this=0x7ff5052df1c8) at /app/webkit/Source/WebKit/Platform/IPC/Connection.cpp:1222
#58 0x00007ff518c791bc in operator()() (__closure=0x7ff5052cf0f8) at /app/webkit/Source/WebKit/Platform/IPC/Connection.cpp:1072
#59 0x00007ff518c802a0 in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder>)::<lambda()>, void>::call(void) (this=0x7ff5052cf0f0)
    at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:53
#60 0x00007ff50df766cb in WTF::Function<void ()>::operator()() const (this=0x7ffcc4a2af60) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:82
#61 0x00007ff50f283e61 in WTF::RunLoop::performWork() (this=0x7ff5052f8000) at /app/webkit/Source/WTF/wtf/RunLoop.cpp:133
#62 0x00007ff50f3379a6 in operator()(gpointer) const (__closure=0x0, userData=0x7ff5052f8000) at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#63 0x00007ff50f3379ca in _FUN(gpointer) () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:82
#64 0x00007ff50f337939 in operator()(GSource*, GSourceFunc, gpointer) const (__closure=0x0, source=0x55da2cc59e50, callback=0x7ff50f3379ad <_FUN(gpointer)>, userData=0x7ff5052f8000) at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#65 0x00007ff50f337987 in _FUN(GSource*, GSourceFunc, gpointer) () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#66 0x00007ff509084294 in g_main_dispatch (context=0x55da2cc84d80) at ../glib/gmain.c:3381
#67 g_main_context_dispatch (context=0x55da2cc84d80) at ../glib/gmain.c:4099
#68 0x00007ff509084638 in g_main_context_iterate (context=0x55da2cc84d80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175
#69 0x00007ff509084943 in g_main_loop_run (loop=0x55da2cd4f310) at ../glib/gmain.c:4373
#70 0x00007ff50f337ff2 in WTF::RunLoop::run() () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#71 0x00007ff51986bed3 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (this=0x7ffcc4a2b210, argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:70
#72 0x00007ff51986bd2a in WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:96
#73 0x00007ff51986bc0a in WebKit::WebProcessMain(int, char**) (argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:98
#74 0x000055da2caa89d9 in main(int, char**) (argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:31

Comment 1 Radar WebKit Bug Importer 2022-06-03 03:18:13 PDT

<rdar://problem/94338390>