[Webkit-unassigned] [Bug 81177] New: REGRESSION(r110593?): svg/custom/delete-text-crash.html asserts ("crashes") on Lion Intel Debug WebKit testers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 14 18:05:36 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=81177
Summary: REGRESSION(r110593?):
svg/custom/delete-text-crash.html asserts ("crashes")
on Lion Intel Debug WebKit testers
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://build.webkit.org/results/Lion%20Intel%20Debug%2
0(WebKit2%20Tests)/r110783%20(4924)/svg/filters/feComp
osite-arithmetic-invalid-rgba-crash-log.txt
OS/Version: Unspecified
Status: NEW
Keywords: LayoutTestFailure, MakingBotsRed, NeedsRadar,
Regression
Severity: Normal
Priority: P2
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jberlin at webkit.org
CC: ap at webkit.org, zimmermann at kde.org, pdr at google.com,
webkit-bug-importer at group.apple.com,
timothy_horton at apple.com, schenney at chromium.org
Do not be fooled by the link - NRWT is not good at associating tests with their crashes. I can easily reproduce this on my Lion machine by:
run-webkit-tests -2 LayoutTests/svg/custom/delete-text-crash.html
The assertion failure is
ASSERTION FAILED: 0 <= textEndOffset && textEndOffset <= static_cast<int>(m_text.length())
void TextIterator::emitText(Node* textNode, RenderObject* renderObject, int textStartOffset, int textEndOffset)
{
RenderText* renderer = toRenderText(renderObject);
m_text = m_emitsOriginalText ? renderer->originalText() : (m_emitsTextWithoutTranscoding ? renderer->textWithoutTranscoding() : renderer->text());
ASSERT(m_text.characters());
ASSERT(0 <= textStartOffset && textStartOffset < static_cast<int>(m_text.length()));
ASSERT(0 <= textEndOffset && textEndOffset <= static_cast<int>(m_text.length()));
ASSERT(textStartOffset <= textEndOffset);
m_positionNode = textNode;
m_positionOffsetBaseNode = 0;
m_positionStartOffset = textStartOffset;
m_positionEndOffset = textEndOffset;
m_textCharacters = m_text.characters() + textStartOffset;
m_textLength = textEndOffset - textStartOffset;
m_lastCharacter = m_text[textEndOffset - 1];
m_lastTextNodeEndedWithCollapsedSpace = false;
m_hasEmitted = true;
}
This test was added in http://trac.webkit.org/changeset/110593. These assertion failures probably started then, but were hidden by the other crashes on mac (the tests didn't get to SVG before they bailed with 20+ crashes).
http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r110783%20(4924)/svg/filters/feComposite-arithmetic-invalid-rgba-crash-log.txt
Process: WebProcess [80402]
Path: /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier: com.apple.WebProcess
Version: 536+ (536.3+)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Date/Time: 2012-03-14 17:25:41.783 -0700
OS Version: Mac OS X 10.7.2 (11C74)
Report Version: 9
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
VM Regions Near 0xbbadbeef:
-->
__TEXT 000000010cf4c000-000000010cf4d000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Application Specific Information:
objc[80402]: garbage collection is OFF
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00000001102315e4 WebCore::TextIterator::emitText(WebCore::Node*, WebCore::RenderObject*, int, int) + 660 (TextIterator.cpp:997)
1 com.apple.WebCore 0x0000000110230060 WebCore::TextIterator::handleTextBox() + 2032 (TextIterator.cpp:581)
2 com.apple.WebCore 0x0000000110230a99 WebCore::TextIterator::handleTextNode() + 1785 (TextIterator.cpp:520)
3 com.apple.WebCore 0x000000011022f451 WebCore::TextIterator::advance() + 561 (TextIterator.cpp:394)
4 com.apple.WebCore 0x000000011022efa8 WebCore::TextIterator::TextIterator(WebCore::Range const*, WebCore::TextIteratorBehavior) + 744 (TextIterator.cpp:336)
5 com.apple.WebCore 0x000000011022ecb3 WebCore::TextIterator::TextIterator(WebCore::Range const*, WebCore::TextIteratorBehavior) + 35 (TextIterator.cpp:336)
6 com.apple.WebCore 0x000000011027f597 _ZN7WebCoreL12nextBoundaryERKNS_15VisiblePositionEPFjPKtjjNS_33BoundarySearchContextAvailabilityERbE + 1095 (visible_units.cpp:171)
7 com.apple.WebCore 0x000000011027f092 WebCore::endOfWord(WebCore::VisiblePosition const&, WebCore::EWordSide) + 290 (visible_units.cpp:279)
8 com.apple.WebCore 0x000000010f0a88f4 WebCore::Editor::updateMarkersForWordsAffectedByEditing(bool) + 484 (Editor.cpp:2185)
9 com.apple.WebCore 0x000000010f0a86c9 WebCore::Editor::respondToChangedContents(WebCore::VisibleSelection const&) + 201 (Editor.cpp:498)
10 com.apple.WebCore 0x000000010f0aac20 WebCore::Editor::appliedEditing(WTF::PassRefPtr<WebCore::CompositeEditCommand>) + 720 (Editor.cpp:805)
11 com.apple.WebCore 0x0000000110274457 WebCore::TypingCommand::typingAddedToOpenCommand(WebCore::TypingCommand::ETypingCommand) + 135 (TypingCommand.cpp:343)
12 com.apple.WebCore 0x0000000110271a89 WebCore::TypingCommand::deleteKeyPressed(WebCore::TextGranularity, bool) + 3609 (TypingCommand.cpp:541)
13 com.apple.WebCore 0x0000000110270a95 WebCore::TypingCommand::deleteKeyPressed(WebCore::Document*, unsigned int, WebCore::TextGranularity) + 325 (TypingCommand.cpp:106)
14 com.apple.WebCore 0x000000010f0be242 _ZN7WebCoreL13executeDeleteEPNS_5FrameEPNS_5EventENS_19EditorCommandSourceERKN3WTF6StringE + 194 (EditorCommand.cpp:334)
15 com.apple.WebCore 0x000000010f0bd1b0 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 208 (EditorCommand.cpp:1690)
16 com.apple.WebCore 0x000000010eedfc3d WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 93 (Document.cpp:4221)
17 com.apple.WebCore 0x000000010f61ba9b WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) + 1227 (JSDocument.cpp:2424)
18 ??? 0x00000001143db258 0 + 4634554968
19 com.apple.JavaScriptCore 0x000000010e071649 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:127)
20 com.apple.JavaScriptCore 0x000000010e06e108 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1752 (Interpreter.cpp:1270)
21 com.apple.JavaScriptCore 0x000000010df28d9b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 315 (CallData.cpp:39)
22 com.apple.WebCore 0x000000010f589a73 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 179 (JSMainThreadExecState.h:56)
23 com.apple.WebCore 0x000000010f6cb53f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1407 (JSEventListener.cpp:132)
24 com.apple.WebCore 0x000000010f10cae9 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 393 (EventTarget.cpp:232)
25 com.apple.WebCore 0x000000010f10c92b WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 331 (EventTarget.cpp:200)
26 com.apple.WebCore 0x000000010f0669e7 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 359 (DOMWindow.cpp:1652)
27 com.apple.WebCore 0x000000010f06dfcb WebCore::DOMWindow::dispatchLoadEvent() + 395 (DOMWindow.cpp:1626)
28 com.apple.WebCore 0x000000010eed81d2 WebCore::Document::dispatchWindowLoadEvent() + 146 (Document.cpp:3737)
29 com.apple.WebCore 0x000000010eed4ebf WebCore::Document::implicitClose() + 511 (Document.cpp:2300)
30 com.apple.WebCore 0x000000010f1a48cb WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:800)
31 com.apple.WebCore 0x000000010f1a46b5 WebCore::FrameLoader::checkCompleted() + 341 (FrameLoader.cpp:747)
32 com.apple.WebCore 0x000000010f1a33a3 WebCore::FrameLoader::finishedParsing() + 179 (FrameLoader.cpp:680)
33 com.apple.WebCore 0x000000010eee0edf WebCore::Document::finishedParsing() + 591 (Document.cpp:4483)
34 com.apple.WebCore 0x000000010f39a9a4 WebCore::HTMLTreeBuilder::finished() + 148 (HTMLTreeBuilder.cpp:2819)
35 com.apple.WebCore 0x000000010f2c4303 WebCore::HTMLDocumentParser::end() + 227 (HTMLDocumentParser.cpp:382)
36 com.apple.WebCore 0x000000010f2c3226 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 278 (HTMLDocumentParser.cpp:391)
37 com.apple.WebCore 0x000000010f2c2ffc WebCore::HTMLDocumentParser::prepareToStopParsing() + 268 (HTMLDocumentParser.cpp:154)
38 com.apple.WebCore 0x000000010f2c4353 WebCore::HTMLDocumentParser::attemptToEnd() + 67 (HTMLDocumentParser.cpp:403)
39 com.apple.WebCore 0x000000010f2c43a8 WebCore::HTMLDocumentParser::finish() + 72 (HTMLDocumentParser.cpp:430)
40 com.apple.WebCore 0x000000010ef3ceb1 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 289 (DocumentWriter.cpp:250)
41 com.apple.WebCore 0x000000010ef3c410 WebCore::DocumentWriter::end() + 48 (DocumentWriter.cpp:225)
42 com.apple.WebCore 0x000000010ef1acbb WebCore::DocumentLoader::finishedLoading() + 91 (DocumentLoader.cpp:296)
43 com.apple.WebCore 0x000000010f1adcc1 WebCore::FrameLoader::finishedLoading() + 81 (FrameLoader.cpp:2075)
44 com.apple.WebCore 0x000000010fb4ca7e WebCore::MainResourceLoader::didFinishLoading(double) + 318 (MainResourceLoader.cpp:485)
45 com.apple.WebCore 0x000000010ff59cc6 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 198 (ResourceLoader.cpp:453)
46 com.apple.WebCore 0x000000010ff56515 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 261 (ResourceHandleMac.mm:887)
47 com.apple.Foundation 0x00007fff80faa712 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 122
48 com.apple.Foundation 0x00007fff80faa692 _NSURLConnectionDidFinishLoading + 81
49 com.apple.CFNetwork 0x00007fff8a1ceee2 URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 296
50 com.apple.CFNetwork 0x00007fff8a27ed0e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 862
51 com.apple.CFNetwork 0x00007fff8a27eefa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354
52 com.apple.CFNetwork 0x00007fff8a1a9dfd URLConnectionClient::processEvents() + 185
53 com.apple.CFNetwork 0x00007fff8a1a9ca2 MultiplexerSource::perform() + 212
54 com.apple.CoreFoundation 0x00007fff875e2b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
55 com.apple.CoreFoundation 0x00007fff875e23bd __CFRunLoopDoSources0 + 253
56 com.apple.CoreFoundation 0x00007fff876091a9 __CFRunLoopRun + 905
57 com.apple.CoreFoundation 0x00007fff87608ae6 CFRunLoopRunSpecific + 230
58 com.apple.HIToolbox 0x00007fff878c23d3 RunCurrentEventLoopInMode + 277
59 com.apple.HIToolbox 0x00007fff878c963d ReceiveNextEventCommon + 355
60 com.apple.HIToolbox 0x00007fff878c94ca BlockUntilNextEventMatchingListInMode + 62
61 com.apple.AppKit 0x00007fff8b2de3f1 _DPSNextEvent + 659
62 com.apple.AppKit 0x00007fff8b2ddcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
63 com.apple.AppKit 0x00007fff8b2da62d -[NSApplication run] + 470
64 com.apple.WebCore 0x000000010ff7fbdc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:101)
65 com.apple.WebKit2 0x000000010d297f44 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3556 (WebProcessMainMac.mm:176)
66 com.apple.WebKit2 0x000000010d1a37cf _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50)
67 com.apple.WebKit2 0x000000010d1a36b2 WebKitMain + 178 (WebKitMain.cpp:74)
68 com.apple.WebProcess 0x000000010cf4cd82 main + 290
69 com.apple.WebProcess 0x000000010cf4cc54 start + 52
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list