[Webkit-unassigned] [Bug 125781] New: ASSERT_NOT_REACHED() is touched in WebCore::minimumValueForLength

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 16 07:40:25 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=125781

           Summary: ASSERT_NOT_REACHED() is touched in
                    WebCore::minimumValueForLength
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
            Blocks: 116980


Created an attachment (id=219318)
 --> (https://bugs.webkit.org/attachment.cgi?id=219318&action=review)
Test case

Minimalized test case:

<table style="-webkit-writing-mode: vertical-rl;">
    <tr style="width: -webkit-min-content;"></tr> 
</table>


Backtrace:

SHOULD NEVER BE REACHED
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/LengthFunctions.cpp(85) : WebCore::LayoutUnit WebCore::minimumValueForLength(const WebCore::Length&, WebCore::LayoutUnit, WebCore::RenderView*, bool)
1   0x7ffff5c61178 WTFCrash
2   0x7ffff0fe313f WebCore::minimumValueForLength(WebCore::Length const&, WebCore::LayoutUnit, WebCore::RenderView*, bool)
3   0x7ffff18b43dd WebCore::RenderElement::minimumValueForLength(WebCore::Length const&, WebCore::LayoutUnit, bool) const
4   0x7ffff1a3f3d8 WebCore::RenderTableSection::calcRowLogicalHeight()
5   0x7ffff1a2b862 WebCore::RenderTable::layout()
6   0x7ffff18ceba9 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
7   0x7ffff18ce6a0 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
8   0x7ffff18cdaf7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
9   0x7ffff189cb05 WebCore::RenderBlock::layout()
10  0x7ffff18ceba9 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
11  0x7ffff18ce6a0 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
12  0x7ffff18cdaf7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
13  0x7ffff189cb05 WebCore::RenderBlock::layout()
14  0x7ffff18ceba9 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
15  0x7ffff18ce6a0 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
16  0x7ffff18cdaf7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
17  0x7ffff189cb05 WebCore::RenderBlock::layout()
18  0x7ffff1a6ed75 WebCore::RenderView::layoutContent(WebCore::LayoutState const&)
19  0x7ffff1a6f9f1 WebCore::RenderView::layout()
20  0x7ffff1618686 WebCore::FrameView::layout(bool)
21  0x7ffff108ca23 WebCore::Document::implicitClose()
22  0x7ffff1502357 WebCore::FrameLoader::checkCallImplicitClose()
23  0x7ffff15020eb WebCore::FrameLoader::checkCompleted()
24  0x7ffff1501e46 WebCore::FrameLoader::finishedParsing()
25  0x7ffff109410d WebCore::Document::finishedParsing()
26  0x7ffff137ad91 WebCore::HTMLConstructionSite::finishedParsing()
27  0x7ffff13b365a WebCore::HTMLTreeBuilder::finished()
28  0x7ffff13820a6 WebCore::HTMLDocumentParser::end()
29  0x7ffff1382191 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
30  0x7ffff1380dd9 WebCore::HTMLDocumentParser::prepareToStopParsing()
31  0x7ffff13821d6 WebCore::HTMLDocumentParser::attemptToEnd()

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c6117d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:341
341        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5c6117d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:341
#1  0x00007ffff0fe313f in WebCore::minimumValueForLength (length=..., maximumValue=..., renderView=0x959fc0, roundPercentages=false)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/LengthFunctions.cpp:85
#2  0x00007ffff18b43dd in WebCore::RenderElement::minimumValueForLength (this=0x1244250, length=..., maximumValue=..., roundPercentages=false)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderElement.h:246
#3  0x00007ffff1a3f3d8 in WebCore::RenderTableSection::calcRowLogicalHeight (this=0x1244250)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTableSection.cpp:296
#4  0x00007ffff1a2b862 in WebCore::RenderTable::layout (this=0x11f57f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:457
#5  0x00007ffff18ceba9 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11eeab0, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:597
#6  0x00007ffff18ce6a0 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11eeab0, relayoutChildren=true, maxFloatLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:516
#7  0x00007ffff18cdaf7 in WebCore::RenderBlockFlow::layoutBlock (this=0x11eeab0, relayoutChildren=true, pageLogicalHeight=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:363
#8  0x00007ffff189cb05 in WebCore::RenderBlock::layout (this=0x11eeab0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1323
#9  0x00007ffff18ceba9 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11ecdf0, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:597
#10 0x00007ffff18ce6a0 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11ecdf0, relayoutChildren=true, maxFloatLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:516
#11 0x00007ffff18cdaf7 in WebCore::RenderBlockFlow::layoutBlock (this=0x11ecdf0, relayoutChildren=true, pageLogicalHeight=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:363
#12 0x00007ffff189cb05 in WebCore::RenderBlock::layout (this=0x11ecdf0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1323
#13 0x00007ffff18ceba9 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x959fc0, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:597
#14 0x00007ffff18ce6a0 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x959fc0, relayoutChildren=true, maxFloatLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:516
#15 0x00007ffff18cdaf7 in WebCore::RenderBlockFlow::layoutBlock (this=0x959fc0, relayoutChildren=true, pageLogicalHeight=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:363
#16 0x00007ffff189cb05 in WebCore::RenderBlock::layout (this=0x959fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1323
#17 0x00007ffff1a6ed75 in WebCore::RenderView::layoutContent (this=0x959fc0, state=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:158
#18 0x00007ffff1a6f9f1 in WebCore::RenderView::layout (this=0x959fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:342
#19 0x00007ffff1618686 in WebCore::FrameView::layout (this=0x90fbb0, allowSubtree=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1261
#20 0x00007ffff108ca23 in WebCore::Document::implicitClose (this=0x12088b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2389
#21 0x00007ffff1502357 in WebCore::FrameLoader::checkCallImplicitClose (this=0x9538b8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:849
#22 0x00007ffff15020eb in WebCore::FrameLoader::checkCompleted (this=0x9538b8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:792
#23 0x00007ffff1501e46 in WebCore::FrameLoader::finishedParsing (this=0x9538b8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:725
#24 0x00007ffff109410d in WebCore::Document::finishedParsing (this=0x12088b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4375
#25 0x00007ffff137ad91 in WebCore::HTMLConstructionSite::finishedParsing (this=0x953278)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:347
#26 0x00007ffff13b365a in WebCore::HTMLTreeBuilder::finished (this=0x953260)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2933
#27 0x00007ffff13820a6 in WebCore::HTMLDocumentParser::end (this=0x10db0c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:749
#28 0x00007ffff1382191 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x10db0c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:760
#29 0x00007ffff1380dd9 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x10db0c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:203
#30 0x00007ffff13821d6 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x10db0c0)
---Type <return> to continue, or q <return> to quit---
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:772
#31 0x00007ffff138228f in WebCore::HTMLDocumentParser::finish (this=0x10db0c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:821
#32 0x00007ffff14f4c74 in WebCore::DocumentWriter::end (this=0x117b6d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245
#33 0x00007ffff14e1d42 in WebCore::DocumentLoader::finishedLoading (this=0x117b630, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:408
#34 0x00007ffff14e1ab0 in WebCore::DocumentLoader::notifyFinished (this=0x117b630, resource=0x11918c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:345
#35 0x00007ffff157b92a in WebCore::CachedResource::checkNotify (this=0x11918c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369
#36 0x00007ffff157ba04 in WebCore::CachedResource::finishLoading (this=0x11918c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385
#37 0x00007ffff1578506 in WebCore::CachedRawResource::finishLoading (this=0x11918c0, data=0x924690)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#38 0x00007ffff1535cb5 in WebCore::SubresourceLoader::didFinishLoading (this=0x1191e30, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:279
#39 0x00007ffff1531f89 in WebCore::ResourceLoader::didFinishLoading (this=0x1191e30, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:487
#40 0x00007ffff226a582 in WebCore::readCallback (asyncResult=0x11971b0, data=0x118a200)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1345
#41 0x00007fffe846bbc9 in async_ready_callback_wrapper (source_object=0x69f180, res=0x11971b0, user_data=0x118a200) at ginputstream.c:530
#42 0x00007fffe848dccb in g_task_return_now (task=0x11971b0) at gtask.c:1105
#43 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114
#44 0x00007fffedb7b473 in g_main_dispatch (context=0x1196980) at gmain.c:3054
#45 g_main_context_dispatch (context=0x1196980) at gmain.c:3630
#46 0x00007ffff7575aee in _ecore_glib_select__locked (ecore_timeout=0x7fffffffcc30, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, 
    ecore_fds=11, ctx=<optimized out>) at ecore_glib.c:171
#47 _ecore_glib_select (ecore_fds=11, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x7fffffffcc30) at ecore_glib.c:205
#48 0x00007ffff756fcb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#49 0x00007ffff7570789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860
#50 0x00007ffff7570b47 in ecore_main_loop_begin () at ecore_main.c:956
#51 0x0000000000406dfa in main (argc=2, argv=0x7fffffffde48) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1044

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list