RESOLVED FIXED 93564
Crash in RenderLayer::setStaticInlinePosition loading this test case 
https://bugs.webkit.org/show_bug.cgi?id=93564
Summary Crash in RenderLayer::setStaticInlinePosition loading this test case
Simon Fraser (smfr)
Reported 2012-08-08 18:03:55 PDT
Created attachment 157355 [details] Testcase Loading the attached testcase on TOT crashes: (lldb) p this (WebCore::RenderLayer *) $0 = 0x0000000000000000 (lldb) * thread #1: tid = 0x2603, 0x0000000103f7163e WebCore`WebCore::RenderLayer::setStaticInlinePosition(WebCore::FractionalLayoutUnit) + 14 at RenderLayer.h:578, stop reason = EXC_BAD_ACCESS (code=1, address=0xd8) frame #0: 0x0000000103f7163e WebCore`WebCore::RenderLayer::setStaticInlinePosition(WebCore::FractionalLayoutUnit) + 14 at RenderLayer.h:578 frame #1: 0x0000000103f9d990 WebCore`setStaticPositions + 192 at RenderBlockLineLayout.cpp:888 frame #2: 0x0000000103fa020b WebCore`WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::FloatingObject*, WebCore::LineWidth&) + 187 at RenderBlockLineLayout.cpp:1924 frame #3: 0x0000000103f9a2d0 WebCore`WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, std::__1::pair<WebCore::RenderText*, WebCore::LazyLineBreakIterator>&, WebCore::RenderBlock::FloatingObject*, unsigned int) + 320 at RenderBlockLineLayout.cpp:2137 frame #4: 0x0000000103f9873b WebCore`WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 939 at RenderBlockLineLayout.cpp:1270 frame #5: 0x0000000103f97508 WebCore`WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1224 at RenderBlockLineLayout.cpp:1235 frame #6: 0x0000000103f9e1a9 WebCore`WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1497 at RenderBlockLineLayout.cpp:1530 frame #7: 0x0000000103f40fd2 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1602 at RenderBlock.cpp:1483 frame #8: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346 frame #9: 0x0000000103f4cb7c WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1324 at RenderBlock.cpp:2403 frame #10: 0x0000000103f43b39 WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 1385 at RenderBlock.cpp:2339 frame #11: 0x0000000103f40ff5 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1637 at RenderBlock.cpp:1485 frame #12: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346 frame #13: 0x00000001034365e6 WebCore`WebCore::RenderObject::layoutIfNeeded() + 54 at RenderObject.h:640 frame #14: 0x0000000103f9ad90 WebCore`WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, std::__1::pair<WebCore::RenderText*, WebCore::LazyLineBreakIterator>&, WebCore::RenderBlock::FloatingObject*, unsigned int) + 3072 at RenderBlockLineLayout.cpp:2289 frame #15: 0x0000000103f9873b WebCore`WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 939 at RenderBlockLineLayout.cpp:1270 frame #16: 0x0000000103f97508 WebCore`WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1224 at RenderBlockLineLayout.cpp:1235 frame #17: 0x0000000103f9e1a9 WebCore`WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1497 at RenderBlockLineLayout.cpp:1530 frame #18: 0x0000000103f40fd2 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1602 at RenderBlock.cpp:1483 frame #19: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346 frame #20: 0x0000000103f4cb7c WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1324 at RenderBlock.cpp:2403 frame #21: 0x0000000103f43b39 WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 1385 at RenderBlock.cpp:2339 frame #22: 0x0000000103f40ff5 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1637 at RenderBlock.cpp:1485 frame #23: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346 frame #24: 0x0000000103f4cb7c WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1324 at RenderBlock.cpp:2403 frame #25: 0x0000000103f43b39 WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 1385 at RenderBlock.cpp:2339 frame #26: 0x0000000103f40ff5 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1637 at RenderBlock.cpp:1485 frame #27: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346 frame #28: 0x00000001041ba15d WebCore`WebCore::RenderView::layout() + 1021 at RenderView.cpp:156 frame #29: 0x00000001034c145f WebCore`WebCore::FrameView::layout(bool) + 3135 at FrameView.cpp:1117 frame #30: 0x00000001031ace1e WebCore`WebCore::Document::updateLayout() + 270 at Document.cpp:1921 frame #31: 0x00000001031acef5 WebCore`WebCore::Document::updateLayoutIgnorePendingStylesheets() + 197 at Document.cpp:1953 frame #32: 0x000000010334547d WebCore`WebCore::DOMWindow::scrollTo(int, int) const + 61 at DOMWindow.cpp:1417 frame #33: 0x000000010395d382 WebCore`WebCore::jsDOMWindowPrototypeFunctionScrollTo(JSC::ExecState*) + 658 at JSDOMWindow.cpp:12414 frame #34: 0x00004de00a401265 frame #35: 0x00000001021e0024 JavaScriptCore`JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 84 at JITCode.h:133 frame #36: 0x00000001021dcddf JavaScriptCore`JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1727 at Interpreter.cpp:1322 frame #37: 0x000000010208e828 JavaScriptCore`JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 296 at CallData.cpp:39 frame #38: 0x0000000103869b62 WebCore`WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 at JSMainThreadExecState.h:56 frame #39: 0x0000000103996bce WebCore`WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1294 at JSEventListener.cpp:132 frame #40: 0x00000001033ef0d7 WebCore`WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 359 at EventTarget.cpp:231 frame #41: 0x00000001033eef3b WebCore`WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 315 at EventTarget.cpp:198 frame #42: 0x000000010333f840 WebCore`WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 272 at DOMWindow.cpp:1665 frame #43: 0x0000000103346578 WebCore`WebCore::DOMWindow::dispatchLoadEvent() + 296 at DOMWindow.cpp:1639 frame #44: 0x00000001031aef5a WebCore`WebCore::Document::dispatchWindowLoadEvent() + 138 at Document.cpp:4083 frame #45: 0x00000001031ac7a0 WebCore`WebCore::Document::implicitClose() + 480 at Document.cpp:2523 frame #46: 0x00000001034984db WebCore`WebCore::FrameLoader::checkCallImplicitClose() + 155 at FrameLoader.cpp:763 frame #47: 0x00000001034981d3 WebCore`WebCore::FrameLoader::checkCompleted() + 323 at FrameLoader.cpp:709 frame #48: 0x0000000103497173 WebCore`WebCore::FrameLoader::finishedParsing() + 179 at FrameLoader.cpp:642 frame #49: 0x00000001031b7e42 WebCore`WebCore::Document::finishedParsing() + 530 at Document.cpp:4862 frame #50: 0x000000010367192c WebCore`WebCore::HTMLTreeBuilder::finished() + 140 at HTMLTreeBuilder.cpp:2792 frame #51: 0x00000001035ad043 WebCore`WebCore::HTMLDocumentParser::end() + 211 at HTMLDocumentParser.cpp:372 frame #52: 0x00000001035ac1a6 WebCore`WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 262 at HTMLDocumentParser.cpp:381 frame #53: 0x00000001035abfa2 WebCore`WebCore::HTMLDocumentParser::prepareToStopParsing() + 242 at HTMLDocumentParser.cpp:149 frame #54: 0x00000001035ad093 WebCore`WebCore::HTMLDocumentParser::attemptToEnd() + 67 at HTMLDocumentParser.cpp:393 frame #55: 0x00000001035ad0e8 WebCore`WebCore::HTMLDocumentParser::finish() + 72 at HTMLDocumentParser.cpp:420 frame #56: 0x0000000103215d1f WebCore`WebCore::DocumentWriter::end() + 383 at DocumentWriter.cpp:241 frame #57: 0x00000001031f4e7f WebCore`WebCore::DocumentLoader::finishedLoading() + 207 at DocumentLoader.cpp:300 frame #58: 0x0000000103dd026d WebCore`WebCore::MainResourceLoader::didFinishLoading(double) + 445 at MainResourceLoader.cpp:520 frame #59: 0x00000001041e66d5 WebCore`WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 at ResourceLoader.cpp:436 frame #60: 0x00000001041e333a WebCore`-[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 186 at ResourceHandleMac.mm:860 frame #61: 0x00007fff8b6e31e8 Foundation`__65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 frame #62: 0x00007fff8b6e312c Foundation`-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 frame #63: 0x00007fff8b6e3028 Foundation`-[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 frame #64: 0x00007fff90c84181 CFNetwork`___delegate_didFinishLoading_block_invoke_0 + 40 frame #65: 0x00007fff90c766fa CFNetwork`___withDelegateAsync_block_invoke_0 + 90 frame #66: 0x00007fff90d065ca CFNetwork`__block_global_1 + 28 frame #67: 0x00007fff94958e44 CoreFoundation`CFArrayApplyFunction + 68 frame #68: 0x00007fff90c67894 CFNetwork`RunloopBlockContext::perform() + 124 frame #69: 0x00007fff90c6776b CFNetwork`MultiplexerSource::perform() + 221 frame #70: 0x00007fff9493a841 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #71: 0x00007fff9493a165 CoreFoundation`__CFRunLoopDoSources0 + 245 frame #72: 0x00007fff9495d4e5 CoreFoundation`__CFRunLoopRun + 789 frame #73: 0x00007fff9495cdd2 CoreFoundation`CFRunLoopRunSpecific + 290 frame #74: 0x00007fff93c96774 HIToolbox`RunCurrentEventLoopInMode + 209 frame #75: 0x00007fff93c96512 HIToolbox`ReceiveNextEventCommon + 356 frame #76: 0x00007fff93c963a3 HIToolbox`BlockUntilNextEventMatchingListInMode + 62 frame #77: 0x00007fff8f22bf73 AppKit`_DPSNextEvent + 685 frame #78: 0x00007fff8f22b832 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 frame #79: 0x00007fff8f222bd3 AppKit`-[NSApplication run] + 517 frame #80: 0x000000010420cedc WebCore`WebCore::RunLoop::run() + 92 at RunLoopMac.mm:36 frame #81: 0x00000001012fed88 WebKit2`WebKit::WebProcessMain(WebKit::CommandLine const&) + 3368 at WebProcessMainMac.mm:183 frame #82: 0x0000000101211ba8 WebKit2`WebKitMain + 200 at WebKitMain.cpp:50 frame #83: 0x0000000101211ac4 WebKit2`WebKitMain + 148 at WebKitMain.cpp:74 frame #84: 0x0000000100000da2 WebProcess`main + 274 at MainMac.cpp:68
Attachments
Testcase (1.96 KB, text/html)
2012-08-08 18:03 PDT, Simon Fraser (smfr) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Julien Chaffraix
Comment 1 2012-09-27 19:37:13 PDT
The test doesn't crash on ToT (tried Chromium Canary build 129708 and local Mac WebKit build @ r129643). Not sure which change fixed it though and if the test should be landed to ensure we don't regress it.
Julien Chaffraix
Comment 2 2013-03-06 10:38:55 PST
It's still not crashing. As the test needs some massaging before being landed and I have no way to reproduce, it's probably better to just ignore it.
Note You need to log in before you can comment on or make changes to this bug.