[Webkit-unassigned] [Bug 69275] Crash in IsolateTracker::addFakeRunIfNecessary(), preceded by assertion failure (m_nestedIsolateCount >= 1) in IsolateTracker::exitIsolate()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 3 12:07:29 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=69275


mitz at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Assertion failure           |Crash in
                   |(m_nestedIsolateCount >= 1) |IsolateTracker::addFakeRunI
                   |in                          |fNecessary(), preceded by
                   |IsolateTracker::exitIsolate |assertion failure
                   |()                          |(m_nestedIsolateCount >= 1)
                   |                            |in
                   |                            |IsolateTracker::exitIsolate
                   |                            |()
           Priority|P2                          |P1




--- Comment #2 from mitz at webkit.org  2011-10-03 12:07:29 PST ---
In release builds, this ends up crashing in IsolateTracker::addFakeRunIfNecessary():

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010

0   com.apple.WebCore                 0x0000000107adc69d WebCore::IsolateTracker::addFakeRunIfNecessary(WebCore::RenderObject*, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&) + 113
1   com.apple.WebCore                 0x00000001071a7536 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::appendRun() + 724
2   com.apple.WebCore                 0x00000001071a701e WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine(WebCore::InlineIterator const&, WebCore::VisualDirectionOverride, bool) + 3626
3   com.apple.WebCore                 0x0000000107adae75 WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 1271
4   com.apple.WebCore                 0x0000000107adbdde WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1238
5   com.apple.WebCore                 0x00000001071a1391 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 425
6   com.apple.WebCore                 0x0000000107ad25d7 WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) + 1655
7   com.apple.WebCore                 0x000000010719cab8 WebCore::RenderBlock::layout() + 42
8   com.apple.WebCore                 0x000000010719f5f2 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 838
9   com.apple.WebCore                 0x000000010719e60a WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 668
10  com.apple.WebCore                 0x0000000107ad25f5 WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) + 1685
11  com.apple.WebCore                 0x000000010719cab8 WebCore::RenderBlock::layout() + 42
12  com.apple.WebCore                 0x000000010719f5f2 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 838
13  com.apple.WebCore                 0x000000010719e60a WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 668
14  com.apple.WebCore                 0x0000000107ad25f5 WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) + 1685
15  com.apple.WebCore                 0x000000010719cab8 WebCore::RenderBlock::layout() + 42
16  com.apple.WebCore                 0x000000010719ca1f WebCore::RenderView::layout() + 579

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list