[Webkit-unassigned] [Bug 93564] New: Crash in RenderLayer::setStaticInlinePosition loading this test case
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 8 18:03:31 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=93564
Summary: Crash in RenderLayer::setStaticInlinePosition loading
this test case
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: simon.fraser at apple.com
CC: mitz at webkit.org, bdakin at apple.com
Created an attachment (id=157355)
--> (https://bugs.webkit.org/attachment.cgi?id=157355&action=review)
Testcase
Loading the attached testcase on TOT crashes:
(lldb) p this
(WebCore::RenderLayer *) $0 = 0x0000000000000000
(lldb)
* thread #1: tid = 0x2603, 0x0000000103f7163e WebCore`WebCore::RenderLayer::setStaticInlinePosition(WebCore::FractionalLayoutUnit) + 14 at RenderLayer.h:578, stop reason = EXC_BAD_ACCESS (code=1, address=0xd8)
frame #0: 0x0000000103f7163e WebCore`WebCore::RenderLayer::setStaticInlinePosition(WebCore::FractionalLayoutUnit) + 14 at RenderLayer.h:578
frame #1: 0x0000000103f9d990 WebCore`setStaticPositions + 192 at RenderBlockLineLayout.cpp:888
frame #2: 0x0000000103fa020b WebCore`WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::FloatingObject*, WebCore::LineWidth&) + 187 at RenderBlockLineLayout.cpp:1924
frame #3: 0x0000000103f9a2d0 WebCore`WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, std::__1::pair<WebCore::RenderText*, WebCore::LazyLineBreakIterator>&, WebCore::RenderBlock::FloatingObject*, unsigned int) + 320 at RenderBlockLineLayout.cpp:2137
frame #4: 0x0000000103f9873b WebCore`WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 939 at RenderBlockLineLayout.cpp:1270
frame #5: 0x0000000103f97508 WebCore`WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1224 at RenderBlockLineLayout.cpp:1235
frame #6: 0x0000000103f9e1a9 WebCore`WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1497 at RenderBlockLineLayout.cpp:1530
frame #7: 0x0000000103f40fd2 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1602 at RenderBlock.cpp:1483
frame #8: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346
frame #9: 0x0000000103f4cb7c WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1324 at RenderBlock.cpp:2403
frame #10: 0x0000000103f43b39 WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 1385 at RenderBlock.cpp:2339
frame #11: 0x0000000103f40ff5 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1637 at RenderBlock.cpp:1485
frame #12: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346
frame #13: 0x00000001034365e6 WebCore`WebCore::RenderObject::layoutIfNeeded() + 54 at RenderObject.h:640
frame #14: 0x0000000103f9ad90 WebCore`WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, std::__1::pair<WebCore::RenderText*, WebCore::LazyLineBreakIterator>&, WebCore::RenderBlock::FloatingObject*, unsigned int) + 3072 at RenderBlockLineLayout.cpp:2289
frame #15: 0x0000000103f9873b WebCore`WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 939 at RenderBlockLineLayout.cpp:1270
frame #16: 0x0000000103f97508 WebCore`WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1224 at RenderBlockLineLayout.cpp:1235
frame #17: 0x0000000103f9e1a9 WebCore`WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1497 at RenderBlockLineLayout.cpp:1530
frame #18: 0x0000000103f40fd2 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1602 at RenderBlock.cpp:1483
frame #19: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346
frame #20: 0x0000000103f4cb7c WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1324 at RenderBlock.cpp:2403
frame #21: 0x0000000103f43b39 WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 1385 at RenderBlock.cpp:2339
frame #22: 0x0000000103f40ff5 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1637 at RenderBlock.cpp:1485
frame #23: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346
frame #24: 0x0000000103f4cb7c WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1324 at RenderBlock.cpp:2403
frame #25: 0x0000000103f43b39 WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 1385 at RenderBlock.cpp:2339
frame #26: 0x0000000103f40ff5 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1637 at RenderBlock.cpp:1485
frame #27: 0x0000000103f40385 WebCore`WebCore::RenderBlock::layout() + 117 at RenderBlock.cpp:1346
frame #28: 0x00000001041ba15d WebCore`WebCore::RenderView::layout() + 1021 at RenderView.cpp:156
frame #29: 0x00000001034c145f WebCore`WebCore::FrameView::layout(bool) + 3135 at FrameView.cpp:1117
frame #30: 0x00000001031ace1e WebCore`WebCore::Document::updateLayout() + 270 at Document.cpp:1921
frame #31: 0x00000001031acef5 WebCore`WebCore::Document::updateLayoutIgnorePendingStylesheets() + 197 at Document.cpp:1953
frame #32: 0x000000010334547d WebCore`WebCore::DOMWindow::scrollTo(int, int) const + 61 at DOMWindow.cpp:1417
frame #33: 0x000000010395d382 WebCore`WebCore::jsDOMWindowPrototypeFunctionScrollTo(JSC::ExecState*) + 658 at JSDOMWindow.cpp:12414
frame #34: 0x00004de00a401265
frame #35: 0x00000001021e0024 JavaScriptCore`JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 84 at JITCode.h:133
frame #36: 0x00000001021dcddf JavaScriptCore`JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1727 at Interpreter.cpp:1322
frame #37: 0x000000010208e828 JavaScriptCore`JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 296 at CallData.cpp:39
frame #38: 0x0000000103869b62 WebCore`WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 at JSMainThreadExecState.h:56
frame #39: 0x0000000103996bce WebCore`WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1294 at JSEventListener.cpp:132
frame #40: 0x00000001033ef0d7 WebCore`WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 359 at EventTarget.cpp:231
frame #41: 0x00000001033eef3b WebCore`WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 315 at EventTarget.cpp:198
frame #42: 0x000000010333f840 WebCore`WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 272 at DOMWindow.cpp:1665
frame #43: 0x0000000103346578 WebCore`WebCore::DOMWindow::dispatchLoadEvent() + 296 at DOMWindow.cpp:1639
frame #44: 0x00000001031aef5a WebCore`WebCore::Document::dispatchWindowLoadEvent() + 138 at Document.cpp:4083
frame #45: 0x00000001031ac7a0 WebCore`WebCore::Document::implicitClose() + 480 at Document.cpp:2523
frame #46: 0x00000001034984db WebCore`WebCore::FrameLoader::checkCallImplicitClose() + 155 at FrameLoader.cpp:763
frame #47: 0x00000001034981d3 WebCore`WebCore::FrameLoader::checkCompleted() + 323 at FrameLoader.cpp:709
frame #48: 0x0000000103497173 WebCore`WebCore::FrameLoader::finishedParsing() + 179 at FrameLoader.cpp:642
frame #49: 0x00000001031b7e42 WebCore`WebCore::Document::finishedParsing() + 530 at Document.cpp:4862
frame #50: 0x000000010367192c WebCore`WebCore::HTMLTreeBuilder::finished() + 140 at HTMLTreeBuilder.cpp:2792
frame #51: 0x00000001035ad043 WebCore`WebCore::HTMLDocumentParser::end() + 211 at HTMLDocumentParser.cpp:372
frame #52: 0x00000001035ac1a6 WebCore`WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 262 at HTMLDocumentParser.cpp:381
frame #53: 0x00000001035abfa2 WebCore`WebCore::HTMLDocumentParser::prepareToStopParsing() + 242 at HTMLDocumentParser.cpp:149
frame #54: 0x00000001035ad093 WebCore`WebCore::HTMLDocumentParser::attemptToEnd() + 67 at HTMLDocumentParser.cpp:393
frame #55: 0x00000001035ad0e8 WebCore`WebCore::HTMLDocumentParser::finish() + 72 at HTMLDocumentParser.cpp:420
frame #56: 0x0000000103215d1f WebCore`WebCore::DocumentWriter::end() + 383 at DocumentWriter.cpp:241
frame #57: 0x00000001031f4e7f WebCore`WebCore::DocumentLoader::finishedLoading() + 207 at DocumentLoader.cpp:300
frame #58: 0x0000000103dd026d WebCore`WebCore::MainResourceLoader::didFinishLoading(double) + 445 at MainResourceLoader.cpp:520
frame #59: 0x00000001041e66d5 WebCore`WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 at ResourceLoader.cpp:436
frame #60: 0x00000001041e333a WebCore`-[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 186 at ResourceHandleMac.mm:860
frame #61: 0x00007fff8b6e31e8 Foundation`__65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
frame #62: 0x00007fff8b6e312c Foundation`-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227
frame #63: 0x00007fff8b6e3028 Foundation`-[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63
frame #64: 0x00007fff90c84181 CFNetwork`___delegate_didFinishLoading_block_invoke_0 + 40
frame #65: 0x00007fff90c766fa CFNetwork`___withDelegateAsync_block_invoke_0 + 90
frame #66: 0x00007fff90d065ca CFNetwork`__block_global_1 + 28
frame #67: 0x00007fff94958e44 CoreFoundation`CFArrayApplyFunction + 68
frame #68: 0x00007fff90c67894 CFNetwork`RunloopBlockContext::perform() + 124
frame #69: 0x00007fff90c6776b CFNetwork`MultiplexerSource::perform() + 221
frame #70: 0x00007fff9493a841 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #71: 0x00007fff9493a165 CoreFoundation`__CFRunLoopDoSources0 + 245
frame #72: 0x00007fff9495d4e5 CoreFoundation`__CFRunLoopRun + 789
frame #73: 0x00007fff9495cdd2 CoreFoundation`CFRunLoopRunSpecific + 290
frame #74: 0x00007fff93c96774 HIToolbox`RunCurrentEventLoopInMode + 209
frame #75: 0x00007fff93c96512 HIToolbox`ReceiveNextEventCommon + 356
frame #76: 0x00007fff93c963a3 HIToolbox`BlockUntilNextEventMatchingListInMode + 62
frame #77: 0x00007fff8f22bf73 AppKit`_DPSNextEvent + 685
frame #78: 0x00007fff8f22b832 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
frame #79: 0x00007fff8f222bd3 AppKit`-[NSApplication run] + 517
frame #80: 0x000000010420cedc WebCore`WebCore::RunLoop::run() + 92 at RunLoopMac.mm:36
frame #81: 0x00000001012fed88 WebKit2`WebKit::WebProcessMain(WebKit::CommandLine const&) + 3368 at WebProcessMainMac.mm:183
frame #82: 0x0000000101211ba8 WebKit2`WebKitMain + 200 at WebKitMain.cpp:50
frame #83: 0x0000000101211ac4 WebKit2`WebKitMain + 148 at WebKitMain.cpp:74
frame #84: 0x0000000100000da2 WebProcess`main + 274 at MainMac.cpp:68
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list