[Webkit-unassigned] [Bug 121682] New: ASSERTION FAILED: object->style()->overflowX() == object->style()->overflowY() in WebCore::SVGRenderSupport::isOverflowHidden
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 20 07:47:52 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=121682
Summary: ASSERTION FAILED: object->style()->overflowX() ==
object->style()->overflowY() in
WebCore::SVGRenderSupport::isOverflowHidden
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: reni at webkit.org
Blocks: 116980
Created an attachment (id=212164)
--> (https://bugs.webkit.org/attachment.cgi?id=212164&action=review)
Test case
The test:
<svg>
<svg style="overflow-y: auto;">
<rect width='10' height='10'/>
</svg>
</svg>
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56dafad in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
342 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff56dafad in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
#1 0x00007ffff4be0c99 in WebCore::SVGRenderSupport::isOverflowHidden (object=0x8ed018)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:302
#2 0x00007ffff4bd7ff6 in WebCore::RenderSVGViewportContainer::applyViewportClip (this=0x8ed018, paintInfo=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGViewportContainer.cpp:55
#3 0x00007ffff4bafb39 in WebCore::RenderSVGContainer::paint (this=0x8ed018, paintInfo=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGContainer.cpp:129
#4 0x00007ffff4bd8a1d in WebCore::RenderSVGViewportContainer::paint (this=0x8ed018, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGViewportContainer.cpp:160
#5 0x00007ffff4870594 in WebCore::RenderBox::paint (this=0x8c0018, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBox.cpp:1104
#6 0x00007ffff4bd04df in WebCore::RenderSVGRoot::paintReplaced (this=0x8c0018, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGRoot.cpp:308
#7 0x00007ffff497d0c0 in WebCore::RenderReplaced::paint (this=0x8c0018, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderReplaced.cpp:158
#8 0x00007ffff47e36cf in WebCore::InlineBox::paint (this=0x8d6928, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineBox.cpp:237
#9 0x00007ffff47ebce3 in WebCore::InlineFlowBox::paint (this=0x8c0228, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineFlowBox.cpp:1170
#10 0x00007ffff49d9938 in WebCore::RootInlineBox::paint (this=0x8c0228, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RootInlineBox.cpp:212
#11 0x00007ffff49437dd in WebCore::RenderLineBoxList::paint (this=0x8bcd40, renderer=0x8bcca8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLineBoxList.cpp:262
#12 0x00007ffff4813eff in WebCore::RenderBlock::paintContents (this=0x8bcca8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3206
#13 0x00007ffff4814a48 in WebCore::RenderBlock::paintObject (this=0x8bcca8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3323
#14 0x00007ffff48126cf in WebCore::RenderBlock::paint (this=0x8bcca8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3019
#15 0x00007ffff4814407 in WebCore::RenderBlock::paintChild (this=0x79c1d8, child=0x8bcca8, paintInfo=..., paintOffset=..., paintInfoForChild=...,
usePrintRect=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3256
#16 0x00007ffff481403d in WebCore::RenderBlock::paintChildren (this=0x79c1d8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3226
#17 0x00007ffff4813fe1 in WebCore::RenderBlock::paintContents (this=0x79c1d8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3219
#18 0x00007ffff4814a48 in WebCore::RenderBlock::paintObject (this=0x79c1d8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3323
#19 0x00007ffff48126cf in WebCore::RenderBlock::paint (this=0x79c1d8, paintInfo=..., paintOffset=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3019
#20 0x00007ffff4911185 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=0x7d2468, phase=WebCore::PaintPhaseForeground, layerFragments=...,
context=0x7fffffffb940, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:4175
#21 0x00007ffff4910e8a in WebCore::RenderLayer::paintForegroundForFragments (this=0x7d2468, layerFragments=..., context=0x7fffffffb940,
transparencyLayerContext=0x7fffffffb940, transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0,
subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:4151
#22 0x00007ffff490f7b4 in WebCore::RenderLayer::paintLayerContents (this=0x7d2468, context=0x7fffffffb940, paintingInfo=..., paintFlags=224)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3882
#23 0x00007ffff490e694 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x7d2468, context=0x7fffffffb940, paintingInfo=..., paintFlags=224)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3646
#24 0x00007ffff490e589 in WebCore::RenderLayer::paintLayer (this=0x7d2468, context=0x7fffffffb940, paintingInfo=..., paintFlags=224)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3628
#25 0x00007ffff490fe45 in WebCore::RenderLayer::paintList (this=0x799018, list=0x8dd480, context=0x7fffffffb940, paintingInfo=..., paintFlags=224)
---Type <return> to continue, or q <return> to quit---
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3968
#26 0x00007ffff490f873 in WebCore::RenderLayer::paintLayerContents (this=0x799018, context=0x7fffffffb940, paintingInfo=..., paintFlags=224)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3893
#27 0x00007ffff490e694 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x799018, context=0x7fffffffb940, paintingInfo=..., paintFlags=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3646
#28 0x00007ffff490e589 in WebCore::RenderLayer::paintLayer (this=0x799018, context=0x7fffffffb940, paintingInfo=..., paintFlags=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3628
#29 0x00007ffff490d84c in WebCore::RenderLayer::paint (this=0x799018, context=0x7fffffffb940, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=
0x0, paintFlags=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderLayer.cpp:3438
#30 0x00007ffff4671fba in WebCore::FrameView::paintContents (this=0x7d3d10, p=0x7fffffffb940, rect=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:3564
#31 0x00007ffff3b97e0a in QWebFrameAdapter::renderRelativeCoords (this=0x79c350, painter=0x7fffffffbaa0, layers=255, clip=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WebCoreSupport/QWebFrameAdapter.cpp:541
#32 0x00007ffff7baa7a0 in QWebFrame::render (this=0x79c450, painter=0x7fffffffbaa0, layer=..., clip=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WidgetApi/qwebframe.cpp:644
#33 0x00007ffff7baa870 in QWebFrame::render (this=0x79c450, painter=0x7fffffffbaa0, clip=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WidgetApi/qwebframe.cpp:654
#34 0x00007ffff7bb9492 in QWebView::paintEvent (this=0x7aaf50, ev=0x7fffffffc280)
at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WidgetApi/qwebview.cpp:829
#35 0x00007ffff3064848 in QWidget::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#36 0x00007ffff7bb923b in QWebView::event (this=0x7aaf50, e=0x7fffffffc280) at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WidgetApi/qwebview.cpp:733
#37 0x00007ffff302ddbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#38 0x00007ffff3031075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#39 0x00007ffff21c1dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#40 0x00007ffff3061705 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#41 0x00007ffff306217b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#42 0x00007ffff3061256 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#43 0x00007ffff306217b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#44 0x00007ffff3061fd1 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#45 0x00007ffff3061fd1 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#46 0x00007ffff3061256 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#47 0x00007ffff303709f in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#48 0x00007ffff3037839 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#49 0x00007ffff3082bc3 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#50 0x00007ffff302ddbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#51 0x00007ffff3031075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#52 0x00007ffff21c1dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#53 0x00007ffff26983a7 in QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent*) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#54 0x00007ffff269f53d in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#55 0x00007ffff268ea68 in QWindowSystemInterface::sendWindowSystemEventsImplementation(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#56 0x00007fffe80776b0 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/plugins/platforms/libxcb.so
#57 0x00007fffee34a3c6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.7/./glib/gmain.c:3065
#58 g_main_context_dispatch (context=context at entry=0x6632f0) at /build/buildd/glib2.0-2.37.7/./glib/gmain.c:3641
---Type <return> to continue, or q <return> to quit---
#59 0x00007fffee34a718 in g_main_context_iterate (context=context at entry=0x6632f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
at /build/buildd/glib2.0-2.37.7/./glib/gmain.c:3712
#60 0x00007fffee34a7bc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.7/./glib/gmain.c:3773
#61 0x00007ffff22094bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#62 0x00007ffff21c0d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#63 0x00007ffff21c4120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#64 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#65 0x0000000000423680 in main (argc=2, argv=0x7fffffffdb18) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list