[Webkit-unassigned] [Bug 120469] New: ASSERT_NOT_REACHED is touched in WebCore::CSSPrimitiveValue::computeLengthDouble

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 29 07:07:53 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=120469

           Summary: ASSERT_NOT_REACHED is touched in
                    WebCore::CSSPrimitiveValue::computeLengthDouble
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
            Blocks: 116980


Created an attachment (id=209974)
 --> (https://bugs.webkit.org/attachment.cgi?id=209974&action=review)
Test case

The failing test:

<a style="outline-offset: 1%"></a>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56ece51 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
342        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff56ece51 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ffff40b458d in WebCore::CSSPrimitiveValue::computeLengthDouble (this=0x8af0b0, style=0x8a1120, rootStyle=0x7d9ed0, multiplier=1, 
    computingFontSize=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/CSSPrimitiveValue.cpp:604
#2  0x00007ffff40b408c in WebCore::CSSPrimitiveValue::computeLength<int> (this=0x8af0b0, style=0x8a1120, rootStyle=0x7d9ed0, multiplier=1, 
    computingFontSize=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/CSSPrimitiveValue.cpp:513
#3  0x00007ffff40fed43 in WebCore::ApplyPropertyComputeLength<int, &(WebCore::RenderStyle::outlineOffset() const), &WebCore::RenderStyle::setOutlineOffset, &WebCore::RenderStyle::initialOutlineOffset, (WebCore::ComputeLengthNormal)0, (WebCore::ComputeLengthThickness)0, (WebCore::ComputeLengthSVGZoom)0>::applyValue (
    styleResolver=0x7d3720, value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:610
#4  0x00007ffff4158261 in WebCore::PropertyHandler::applyValue (this=0x72fbd8, propertyID=WebCore::CSSPropertyOutlineOffset, styleResolver=0x7d3720, 
    value=0x8af0b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:48
#5  0x00007ffff4160c17 in WebCore::StyleResolver::applyProperty (this=0x7d3720, id=WebCore::CSSPropertyOutlineOffset, value=0x8af0b0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2112
#6  0x00007ffff416f7a1 in WebCore::StyleResolver::applyProperties<(WebCore::StyleResolver::StyleApplicationPass)1> (this=0x7d3720, properties=0x8aeb80, 
    rule=0x0, isImportant=false, inheritedOnly=false, propertyWhitelistType=WebCore::PropertyWhitelistNone)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1574
#7  0x00007ffff416ac10 in WebCore::StyleResolver::applyMatchedProperties<(WebCore::StyleResolver::StyleApplicationPass)1> (this=0x7d3720, matchResult=..., 
    isImportant=false, startIndex=0, endIndex=0, inheritedOnly=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1603
#8  0x00007ffff415fd5d in WebCore::StyleResolver::applyMatchedProperties (this=0x7d3720, matchResult=..., element=0x795f20)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1769
#9  0x00007ffff415c158 in WebCore::StyleResolver::styleForElement (this=0x7d3720, element=0x795f20, defaultParent=0x0, 
    sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:851
#10 0x00007ffff421001d in WebCore::Element::styleForRenderer (this=0x795f20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1430
#11 0x00007ffff42643b6 in WebCore::NodeRenderingContext::createRendererForElementIfNeeded (this=0x7fffffffc650)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/NodeRenderingContext.cpp:250
#12 0x00007ffff4a42437 in WebCore::Style::createRendererIfNeeded (element=0x795f20, context=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:109
#13 0x00007ffff4a4322c in WebCore::Style::attachRenderTree (current=0x795f20, context=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:344
#14 0x00007ffff44124c9 in WebCore::executeTask (task=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:104
#15 0x00007ffff4412855 in WebCore::HTMLConstructionSite::executeQueuedTasks (this=0x71f8d8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:150
#16 0x00007ffff443bcdc in WebCore::HTMLTreeBuilder::constructTree (this=0x71f8c0, token=0x7fffffffc7e0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:368
#17 0x00007ffff441a92e in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7d1ea0, rawToken=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:597
#18 0x00007ffff441a563 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7d1ea0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:551
#19 0x00007ffff4419d2b in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7d1ea0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235
#20 0x00007ffff441aeca in WebCore::HTMLDocumentParser::append (this=0x7d1ea0, inputSource=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:747
#21 0x00007ffff41aa5e3 in WebCore::DecodedDataDocumentParser::flush (this=0x7d1ea0, writer=0x694230)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#22 0x00007ffff45b548f in WebCore::DocumentWriter::end (this=0x694230) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:241
#23 0x00007ffff45a7f7f in WebCore::DocumentLoader::finishedLoading (this=0x694190, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:407
#24 0x00007ffff45a7ce8 in WebCore::DocumentLoader::notifyFinished (this=0x694190, resource=0x7cc3d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#25 0x00007ffff458ef1c in WebCore::CachedResource::checkNotify (this=0x7cc3d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369
#26 0x00007ffff458eff2 in WebCore::CachedResource::finishLoading (this=0x7cc3d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385
---Type <return> to continue, or q <return> to quit---
#27 0x00007ffff458b744 in WebCore::CachedRawResource::finishLoading (this=0x7cc3d0, data=0x7b9af0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#28 0x00007ffff45f1e11 in WebCore::SubresourceLoader::didFinishLoading (this=0x7aff30, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282
#29 0x00007ffff45e8737 in WebCore::ResourceLoader::didFinishLoading (this=0x7aff30, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488
#30 0x00007ffff4aa1a1d in WebCore::QNetworkReplyHandler::finish (this=0x76d1c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#31 0x00007ffff4aa073c in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x76d1f8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#32 0x00007ffff4aa0439 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x76d1f8, 
    method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4aa1862 <WebCore::QNetworkReplyHandler::finish()>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#33 0x00007ffff4aa1386 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x76d2b0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#34 0x00007ffff4aa3d18 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x76d2b0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffce30)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176
#35 0x00007ffff22055cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#36 0x00007ffff220684e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#37 0x00007ffff304cdbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#38 0x00007ffff3050075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#39 0x00007ffff21e0dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#40 0x00007ffff21e2a76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#41 0x00007ffff2228333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#42 0x00007fffee3692d6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3065
#43 g_main_context_dispatch (context=context at entry=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3641
#44 0x00007fffee369628 in g_main_context_iterate (context=context at entry=0x6632f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3712
#45 0x00007fffee3696cc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3773
#46 0x00007ffff22284bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#47 0x00007ffff21dfd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#48 0x00007ffff21e3120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#49 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#50 0x0000000000423680 in main (argc=2, argv=0x7fffffffdb08) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list