[Webkit-unassigned] [Bug 117981] New: ASSERTION FAILED: foundContainer in WebCore::RenderGeometryMap::mapToContainer

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=117981

           Summary: ASSERTION FAILED: foundContainer in
                    WebCore::RenderGeometryMap::mapToContainer
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
            Blocks: 116980


The following test misses the assertion above:

<html>
    <keygen>
        <body style="z-index: -1; position: absolute;"></body>
    </keygen>
    <acronym> 
        <spacer    style="-webkit-transform:translateZ(0); position:absolute">
    </acronym>
    <textarea autofocus="0">
        <script></script>
    </textarea>
</html>


Backtrace:


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5760ba5 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
339        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5760ba5 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff496ccb6 in WebCore::RenderGeometryMap::mapToContainer (this=0x7fffffffbf20, transformState=..., container=0x791998)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderGeometryMap.cpp:99
#2  0x00007ffff496d0a1 in WebCore::RenderGeometryMap::mapToContainer (this=0x7fffffffbf20, rect=..., container=0x791998)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderGeometryMap.cpp:134
#3  0x00007ffff49002cb in WebCore::RenderBox::outlineBoundsForRepaint (this=0x7d2b88, repaintContainer=0x791998, geometryMap=0x7fffffffbf20)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBox.cpp:541
#4  0x00007ffff498c260 in WebCore::RenderLayer::computeRepaintRects (this=0x8b0c88, repaintContainer=0x791998, geometryMap=0x7fffffffbf20)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:731
#5  0x00007ffff498b53c in WebCore::RenderLayer::updateLayerPositions (this=0x8b0c88, geometryMap=0x7fffffffbf20, flags=13)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:460
#6  0x00007ffff498b2d1 in WebCore::RenderLayer::updateLayerPositionsAfterLayout (this=0x8b0c88, rootLayer=0x78a7d8, flags=13)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:414
#7  0x00007ffff4702796 in WebCore::FrameView::layout (this=0x78a1f0, allowSubtree=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1348
#8  0x00007ffff424230e in WebCore::Document::updateLayout (this=0x861aa0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1885
#9  0x00007ffff42423df in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x861aa0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1917
#10 0x00007ffff4468b18 in WebCore::HTMLTextFormControlElement::setSelectionRange (this=0x8a5740, start=21, end=21, direction=WebCore::SelectionHasNoDirection)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLTextFormControlElement.cpp:313
#11 0x00007ffff4466b8e in WebCore::HTMLTextAreaElement::setValueCommon (this=0x8a5740, newValue=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLTextAreaElement.cpp:394
#12 0x00007ffff4466999 in WebCore::HTMLTextAreaElement::setNonDirtyValue (this=0x8a5740, value=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLTextAreaElement.cpp:365
#13 0x00007ffff4465bf7 in WebCore::HTMLTextAreaElement::childrenChanged (this=0x8a5740, changedByParser=true, beforeChange=0x0, afterChange=0x0, 
    childCountDelta=1) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLTextAreaElement.cpp:137
#14 0x00007ffff42301ce in WebCore::ContainerNode::parserAppendChild (this=0x8a5740, newChild=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:712
#15 0x00007ffff4499ac8 in WebCore::executeTask (task=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:100
#16 0x00007ffff449c220 in WebCore::HTMLConstructionSite::insertTextNode (this=0x7cfb08, characters=..., whitespaceMode=WebCore::WhitespaceUnknown)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:525
#17 0x00007ffff44ca737 in WebCore::HTMLTreeBuilder::processCharacterBuffer (this=0x7cfaf0, buffer=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2465
#18 0x00007ffff44c9f97 in WebCore::HTMLTreeBuilder::processCharacter (this=0x7cfaf0, token=0x7fffffffc9e0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2332
#19 0x00007ffff44c06fb in WebCore::HTMLTreeBuilder::processToken (this=0x7cfaf0, token=0x7fffffffc9e0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:406
#20 0x00007ffff44c04d8 in WebCore::HTMLTreeBuilder::constructTree (this=0x7cfaf0, token=0x7fffffffc9e0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:367
#21 0x00007ffff44a1f0a in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x78cbc0, rawToken=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:594
#22 0x00007ffff44a1ba1 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x78cbc0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:551
#23 0x00007ffff44a1369 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x78cbc0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235
#24 0x00007ffff44a243c in WebCore::HTMLDocumentParser::append (this=0x78cbc0, inputSource=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:740
#25 0x00007ffff4236735 in WebCore::DecodedDataDocumentParser::flush (this=0x78cbc0, writer=0x7e4c60)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#26 0x00007ffff4634e65 in WebCore::DocumentWriter::end (this=0x7e4c60) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245
#27 0x00007ffff4627a74 in WebCore::DocumentLoader::finishedLoading (this=0x7e4bc0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402
---Type <return> to continue, or q <return> to quit---
#28 0x00007ffff46277e2 in WebCore::DocumentLoader::notifyFinished (this=0x7e4bc0, resource=0x721290)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#29 0x00007ffff460ee00 in WebCore::CachedResource::checkNotify (this=0x721290)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:362
#30 0x00007ffff460eed6 in WebCore::CachedResource::finishLoading (this=0x721290)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:378
#31 0x00007ffff460b62e in WebCore::CachedRawResource::finishLoading (this=0x721290, data=0x768800)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#32 0x00007ffff467140d in WebCore::SubresourceLoader::didFinishLoading (this=0x720a00, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:277
#33 0x00007ffff4667e13 in WebCore::ResourceLoader::didFinishLoading (this=0x720a00, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488
#34 0x00007ffff4b069d2 in WebCore::QNetworkReplyHandler::finish (this=0x76f130)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#35 0x00007ffff4b056e6 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x76f168)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#36 0x00007ffff4b053e3 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x76f168, 
    method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4b06816 <WebCore::QNetworkReplyHandler::finish()>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#37 0x00007ffff4b06336 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x71b370)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#38 0x00007ffff4b08cce in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x71b370, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffd030)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176
#39 0x00007ffff229a5cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#40 0x00007ffff229b84e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#41 0x00007ffff30e1dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#42 0x00007ffff30e5075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#43 0x00007ffff2275dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#44 0x00007ffff2277a76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#45 0x00007ffff22bd333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#46 0x00007fffee40bf05 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#47 g_main_context_dispatch (context=context at entry=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#48 0x00007fffee40c248 in g_main_context_iterate (context=context at entry=0x6632f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#49 0x00007fffee40c304 in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#50 0x00007ffff22bd4bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#51 0x00007ffff2274d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#52 0x00007ffff2278120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#53 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#54 0x0000000000423680 in main (argc=2, argv=0x7fffffffdce8) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.