[Webkit-unassigned] [Bug 120308] New: ASSERTION FAILED: m_repaintRect == renderer()->clippedOverflowRectForRepaint(renderer()->containerForRepaint()) in WebCore::RenderLayer::updateLayerPositionsAfterScroll
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 26 06:24:58 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=120308
Summary: ASSERTION FAILED: m_repaintRect ==
renderer()->clippedOverflowRectForRepaint(renderer()->
containerForRepaint()) in
WebCore::RenderLayer::updateLayerPositionsAfterScroll
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: reni at webkit.org
Blocks: 116980
The following test hits the above assertion (it's likely related to r147759 and https://bugs.webkit.org/show_bug.cgi?id=103432):
<html>
<table>
<td style="position: fixed;"></td>abcin
<td width="1"/>
TABLE Testing Section This element has a class of zero. This element should have a top padding of half an inch, which will require extra text in order to test. Both the content background and the padding should be aqua (light blue). This element should have a top padding of 25 pixels, which will require extra text in order to test. Both the content background and the padding should be aqua (light blue). This element should have a top padding of 5 em, which will require extra text in order to test. Both the content background and the padding should be aqua (light blue). This element should have a top padding of 25%, which is calculated with respect to the width of the parent element. Both the content background and the padding should be aqua (light blue). This will require extra text in order to test. This element should have no top padding, since negative padding values are not allowed. Both the content background and the normal padding should be aqua (light blue).
<input />
<input autofocus />
<input />
<input type="button" value="[Step 2] Set cell width to 20px (garbage seen)" >
</table>
</html>
The backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56f42bc in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
342 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff56f42bc in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
#1 0x00007ffff4905091 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x7d23e8, geometryMap=0x7fffffffbf30, flags=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:809
#2 0x00007ffff4905155 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x7d1018, geometryMap=0x7fffffffbf30, flags=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:814
#3 0x00007ffff4904dda in WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll (this=0x7d1018)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:760
#4 0x00007ffff4679afc in WebCore::FrameView::repaintFixedElementsAfterScrolling (this=0x794ab0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:2047
#5 0x00007ffff479163d in WebCore::ScrollView::scrollTo (this=0x794ab0, newOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollView.cpp:392
#6 0x00007ffff467d680 in WebCore::FrameView::scrollTo (this=0x794ab0, newOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:3100
#7 0x00007ffff479153e in WebCore::ScrollView::setScrollOffset (this=0x794ab0, offset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollView.cpp:373
#8 0x00007ffff4789428 in WebCore::ScrollableArea::scrollPositionChanged (this=0x794af8, position=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollableArea.cpp:145
#9 0x00007ffff4789715 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x794af8, offset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollableArea.cpp:190
#10 0x00007ffff478b265 in WebCore::ScrollAnimator::notifyPositionChanged (this=0x8dadf0, delta=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollAnimator.cpp:142
#11 0x00007ffff478ac47 in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0x8dadf0, offset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollAnimator.cpp:81
#12 0x00007ffff4789296 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x794af8, offset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollableArea.cpp:124
#13 0x00007ffff4792f1b in WebCore::ScrollView::updateScrollbars (this=0x794ab0, desiredOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollView.cpp:631
#14 0x00007ffff4790f2f in WebCore::ScrollView::setContentsSize (this=0x794ab0, newSize=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ScrollView.cpp:305
#15 0x00007ffff46746bd in WebCore::FrameView::setContentsSize (this=0x794ab0, size=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:595
#16 0x00007ffff46748fa in WebCore::FrameView::adjustViewSize (this=0x794ab0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:624
#17 0x00007ffff4676bae in WebCore::FrameView::layout (this=0x794ab0, allowSubtree=true)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1345
#18 0x00007ffff41af833 in WebCore::Document::implicitClose (this=0x89f9c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2418
#19 0x00007ffff45af90d in WebCore::FrameLoader::checkCallImplicitClose (this=0x7d4018)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:850
#20 0x00007ffff45af67e in WebCore::FrameLoader::checkCompleted (this=0x7d4018) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:793
#21 0x00007ffff45af3b3 in WebCore::FrameLoader::finishedParsing (this=0x7d4018) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:726
#22 0x00007ffff41b67d9 in WebCore::Document::finishedParsing (this=0x89f9c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4393
#23 0x00007ffff4407b0d in WebCore::HTMLConstructionSite::finishedParsing (this=0x815ad8)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348
#24 0x00007ffff443c1a5 in WebCore::HTMLTreeBuilder::finished (this=0x815ac0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926
#25 0x00007ffff440f182 in WebCore::HTMLDocumentParser::end (this=0x7d26d0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763
#26 0x00007ffff440f26d in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7d26d0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774
#27 0x00007ffff440dddc in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7d26d0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211
#28 0x00007ffff440f2b2 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7d26d0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786
#29 0x00007ffff440f36b in WebCore::HTMLDocumentParser::finish (this=0x7d26d0)
---Type <return> to continue, or q <return> to quit---
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835
#30 0x00007ffff45a7213 in WebCore::DocumentWriter::end (this=0x694180) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248
#31 0x00007ffff4599d52 in WebCore::DocumentLoader::finishedLoading (this=0x6940e0, finishTime=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402
#32 0x00007ffff4599ac0 in WebCore::DocumentLoader::notifyFinished (this=0x6940e0, resource=0x76d360)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#33 0x00007ffff4580db6 in WebCore::CachedResource::checkNotify (this=0x76d360)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369
#34 0x00007ffff4580e8c in WebCore::CachedResource::finishLoading (this=0x76d360)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385
#35 0x00007ffff457d5de in WebCore::CachedRawResource::finishLoading (this=0x76d360, data=0x7ab070)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#36 0x00007ffff45e3c41 in WebCore::SubresourceLoader::didFinishLoading (this=0x7bcc40, finishTime=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282
#37 0x00007ffff45da52b in WebCore::ResourceLoader::didFinishLoading (this=0x7bcc40, finishTime=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488
#38 0x00007ffff4a85729 in WebCore::QNetworkReplyHandler::finish (this=0x7ccc30)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#39 0x00007ffff4a84448 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7ccc68)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#40 0x00007ffff4a84145 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7ccc68,
method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a8556e <WebCore::QNetworkReplyHandler::finish()>)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#41 0x00007ffff4a85092 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x775eb0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#42 0x00007ffff4a87a24 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x775eb0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80)
at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176
#43 0x00007ffff220f5cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#44 0x00007ffff221084e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#45 0x00007ffff3056dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#46 0x00007ffff305a075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#47 0x00007ffff21eadbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#48 0x00007ffff21eca76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#49 0x00007ffff2232333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#50 0x00007fffee3732d6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3065
#51 g_main_context_dispatch (context=context at entry=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3641
#52 0x00007fffee373628 in g_main_context_iterate (context=context at entry=0x6632f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3712
#53 0x00007fffee3736cc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3773
#54 0x00007ffff22324bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#55 0x00007ffff21e9d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#56 0x00007ffff21ed120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#57 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#58 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list