[Webkit-unassigned] [Bug 127035] New: ASSERTION FAILED: !m_beforePseudoElement || !pseudoElement in WebCore::ElementRareData::setBeforePseudoElement
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 15 01:39:23 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127035
Summary: ASSERTION FAILED: !m_beforePseudoElement ||
!pseudoElement in
WebCore::ElementRareData::setBeforePseudoElement
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: reni at webkit.org
Blocks: 116980
Created an attachment (id=221242)
--> (https://bugs.webkit.org/attachment.cgi?id=221242&action=review)
Test case
Test case to reproduce the assertion failure:
<u>
<div>
<div>
<style></style>
<link rel="stylesheet" href="foo">
<q>
<script src="foo"></script>
</q>
</u>
Backtrace:
ASSERTION FAILED: !m_beforePseudoElement || !pseudoElement
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ElementRareData.h(206) : void WebCore::ElementRareData::setBeforePseudoElement(WTF::PassRefPtr<WebCore::PseudoElement>)
1 0x7ffff5c35e44 WTFCrash
2 0x7ffff0f72772 WebCore::ElementRareData::setBeforePseudoElement(WTF::PassRefPtr<WebCore::PseudoElement>)
3 0x7ffff0f6d3c2 WebCore::Element::setBeforePseudoElement(WTF::PassRefPtr<WebCore::PseudoElement>)
4 0x7ffff1a1d1a9
5 0x7ffff1a1d3ad
6 0x7ffff1a1d4f2
7 0x7ffff1a1d038
8 0x7ffff1a1d564
9 0x7ffff1a1dc7d
10 0x7ffff1a1e241
11 0x7ffff1a1e3f4
12 0x7ffff1a1e3f4
13 0x7ffff1a1e3f4
14 0x7ffff1a1e6c9 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change)
15 0x7ffff0f12551 WebCore::Document::recalcStyle(WebCore::Style::Change)
16 0x7ffff0f17411 WebCore::Document::styleResolverChanged(WebCore::StyleResolverUpdateFlag)
17 0x7ffff0f15c35 WebCore::Document::didRemoveAllPendingStylesheet()
18 0x7ffff0ef7741 WebCore::Document::notifyRemovePendingSheetIfNeeded()
19 0x7ffff0ef80d1 WebCore::ChildNodeRemovalNotifier::notify(WebCore::Node&)
20 0x7ffff0efc478 WebCore::Private::NodeRemovalDispatcher<WebCore::Node, WebCore::ContainerNode, true>::dispatch(WebCore::Node&, WebCore::ContainerNode&)
21 0x7ffff0efb575 void WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode>(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode&)
22 0x7ffff0ef9474 void WebCore::removeDetachedChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode&)
23 0x7ffff0ef2b1d WebCore::ContainerNode::removeDetachedChildren()
24 0x7ffff0ef2cc7 WebCore::ContainerNode::takeAllChildrenFrom(WebCore::ContainerNode*)
25 0x7ffff1247195 WebCore::HTMLTreeBuilder::callTheAdoptionAgency(WebCore::AtomicHTMLToken*)
26 0x7ffff124917e WebCore::HTMLTreeBuilder::processEndTagForInBody(WebCore::AtomicHTMLToken*)
27 0x7ffff1249dd2 WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken*)
28 0x7ffff1240b68 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken*)
29 0x7ffff124097a WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken*)
30 0x7ffff121b228 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&)
31 0x7ffff121ae93 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1 0x00007ffff0f72772 in WebCore::ElementRareData::setBeforePseudoElement (this=0x11aff70, pseudoElement=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ElementRareData.h:206
#2 0x00007ffff0f6d3c2 in WebCore::Element::setBeforePseudoElement (this=0x11ffb70, element=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:2335
#3 0x00007ffff1a1d1a9 in WebCore::Style::setBeforeOrAfterPseudoElement (current=..., pseudoElement=..., pseudoId=WebCore::BEFORE)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:498
#4 0x00007ffff1a1d3ad in WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded (current=..., pseudoId=WebCore::BEFORE)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:532
#5 0x00007ffff1a1d4f2 in WebCore::Style::attachRenderTree (current=..., resolvedStyle=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:549
#6 0x00007ffff1a1d038 in WebCore::Style::attachChildren (current=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:469
#7 0x00007ffff1a1d564 in WebCore::Style::attachRenderTree (current=..., resolvedStyle=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:560
#8 0x00007ffff1a1dc7d in WebCore::Style::resolveLocal (current=..., inheritedChange=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:684
#9 0x00007ffff1a1e241 in WebCore::Style::resolveTree (current=..., change=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:838
#10 0x00007ffff1a1e3f4 in WebCore::Style::resolveTree (current=..., change=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:870
#11 0x00007ffff1a1e3f4 in WebCore::Style::resolveTree (current=..., change=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:870
#12 0x00007ffff1a1e3f4 in WebCore::Style::resolveTree (current=..., change=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:870
#13 0x00007ffff1a1e6c9 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:912
#14 0x00007ffff0f12551 in WebCore::Document::recalcStyle (this=0x11c8040, change=WebCore::Style::Force)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1750
#15 0x00007ffff0f17411 in WebCore::Document::styleResolverChanged (this=0x11c8040, updateFlag=WebCore::RecalcStyleIfNeeded)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:3241
#16 0x00007ffff0f15c35 in WebCore::Document::didRemoveAllPendingStylesheet (this=0x11c8040)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2794
#17 0x00007ffff0ef7741 in WebCore::Document::notifyRemovePendingSheetIfNeeded (this=0x11c8040)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.h:1651
#18 0x00007ffff0ef80d1 in WebCore::ChildNodeRemovalNotifier::notify (this=0x7fffffffbd70, node=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNodeAlgorithms.h:260
#19 0x00007ffff0efc478 in WebCore::Private::NodeRemovalDispatcher<WebCore::Node, WebCore::ContainerNode, true>::dispatch (node=..., container=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNodeAlgorithms.h:145
#20 0x00007ffff0efb575 in WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode> (head=@0x7fffffffbdf0: 0x0,
tail=@0x7fffffffbdf8: 0x0, container=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNodeAlgorithms.h:188
#21 0x00007ffff0ef9474 in WebCore::removeDetachedChildrenInContainer<WebCore::Node, WebCore::ContainerNode> (container=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNodeAlgorithms.h:90
#22 0x00007ffff0ef2b1d in WebCore::ContainerNode::removeDetachedChildren (this=0x7f8cf0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:104
#23 0x00007ffff0ef2cc7 in WebCore::ContainerNode::takeAllChildrenFrom (this=0x11b1150, oldParent=0x7f8cf0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:134
#24 0x00007ffff1247195 in WebCore::HTMLTreeBuilder::callTheAdoptionAgency (this=0x8c1410, token=0x7fffffffc2f0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1629
#25 0x00007ffff124917e in WebCore::HTMLTreeBuilder::processEndTagForInBody (this=0x8c1410, token=0x7fffffffc2f0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1951
#26 0x00007ffff1249dd2 in WebCore::HTMLTreeBuilder::processEndTag (this=0x8c1410, token=0x7fffffffc2f0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2101
#27 0x00007ffff1240b68 in WebCore::HTMLTreeBuilder::processToken (this=0x8c1410, token=0x7fffffffc2f0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:405
---Type <return> to continue, or q <return> to quit---
#28 0x00007ffff124097a in WebCore::HTMLTreeBuilder::constructTree (this=0x8c1410, token=0x7fffffffc2f0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:373
#29 0x00007ffff121b228 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x6a8a80, rawToken=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:586
#30 0x00007ffff121ae93 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x6a8a80, mode=WebCore::HTMLDocumentParser::AllowYield)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:543
#31 0x00007ffff121a683 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x6a8a80, mode=WebCore::HTMLDocumentParser::AllowYield)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:227
#32 0x00007ffff121bc29 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x6a8a80)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:879
#33 0x00007ffff121beaf in WebCore::HTMLDocumentParser::notifyFinished (this=0x6a8a80, cachedResource=0x11fe160)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:919
#34 0x00007ffff142849c in WebCore::CachedResource::checkNotify (this=0x11fe160)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336
#35 0x00007ffff1428613 in WebCore::CachedResource::error (this=0x11fe160, status=WebCore::CachedResource::LoadError)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:362
#36 0x00007ffff13e11b1 in WebCore::SubresourceLoader::didFail (this=0x1208070, error=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:337
#37 0x00007ffff13dd2a3 in WebCore::ResourceLoader::didFail (this=0x1208070, error=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:524
#38 0x00007ffff215b679 in WebCore::sendRequestCallback (result=0x1151b60, data=0x11ace50)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:663
#39 0x00007fffe810accb in g_task_return_now (task=0x1151b60) at gtask.c:1105
#40 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114
#41 0x00007fffed805473 in g_main_dispatch (context=0x11511f0) at gmain.c:3054
#42 g_main_context_dispatch (context=0x11511f0) at gmain.c:3630
#43 0x00007ffff758aaee in _ecore_glib_select__locked (ecore_timeout=0x11511f0, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1,
ctx=<optimized out>) at ecore_glib.c:171
#44 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x11511f0) at ecore_glib.c:205
#45 0x00007ffff7584cb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#46 0x00007ffff7585845 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1894
#47 0x00007ffff7585b47 in ecore_main_loop_begin () at ecore_main.c:956
#48 0x0000000000406d21 in main (argc=2, argv=0x7fffffffdd48) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1032
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list