[Webkit-unassigned] [Bug 127052] New: ASSERTION FAILED: m_pos <= toRenderText(m_renderer)->textLength() in WebCore::InlineIterator::fastIncrementInTextNode
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 15 09:23:58 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127052
Summary: ASSERTION FAILED: m_pos <=
toRenderText(m_renderer)->textLength() in
WebCore::InlineIterator::fastIncrementInTextNode
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: reni at webkit.org
Blocks: 116980
Created an attachment (id=221275)
--> (https://bugs.webkit.org/attachment.cgi?id=221275&action=review)
Test case
The failing test case (with spaces):
<p align="right">
<a>L</a> <br>LOL
The backtrace:
ASSERTION FAILED: m_pos <= toRenderText(m_renderer)->textLength()
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h(320) : void WebCore::InlineIterator::fastIncrementInTextNode()
1 0x7ffff5c35e44 WTFCrash
2 0x7ffff177cd9a WebCore::InlineIterator::fastIncrementInTextNode()
3 0x7ffff177ceb8 WebCore::InlineIterator::increment(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>*)
4 0x7ffff196030c WebCore::checkMidpoints(WebCore::MidpointState<WebCore::InlineIterator>&, WebCore::InlineIterator&)
5 0x7ffff196069d WebCore::BreakingContext::handleEndOfLine()
6 0x7ffff195a3fa WebCore::LineBreaker::nextSegmentBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&)
7 0x7ffff1959c14 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&)
8 0x7ffff17b0d9e WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int)
9 0x7ffff17af6c4 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool)
10 0x7ffff17b2f4e WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
11 0x7ffff1796002 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
12 0x7ffff17952b3 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
13 0x7ffff176411f WebCore::RenderBlock::layout()
14 0x7ffff1796409 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
15 0x7ffff1795f00 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
16 0x7ffff17952d7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
17 0x7ffff176411f WebCore::RenderBlock::layout()
18 0x7ffff1796409 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
19 0x7ffff1795f00 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
20 0x7ffff17952d7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
21 0x7ffff176411f WebCore::RenderBlock::layout()
22 0x7ffff1796409 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
23 0x7ffff1795f00 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
24 0x7ffff17952d7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
25 0x7ffff176411f WebCore::RenderBlock::layout()
26 0x7ffff1935afd WebCore::RenderView::layoutContent(WebCore::LayoutState const&)
27 0x7ffff1936779 WebCore::RenderView::layout()
28 0x7ffff14cc7d9 WebCore::FrameView::layout(bool)
29 0x7ffff0f148f0 WebCore::Document::implicitClose()
30 0x7ffff13a58d7 WebCore::FrameLoader::checkCallImplicitClose()
31 0x7ffff13a566b WebCore::FrameLoader::checkCompleted()
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1 0x00007ffff177cd9a in WebCore::InlineIterator::fastIncrementInTextNode (this=0x7fffffff8f00)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:320
#2 0x00007ffff177ceb8 in WebCore::InlineIterator::increment (this=0x7fffffff8f00, resolver=0x0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:360
#3 0x00007ffff196030c in WebCore::checkMidpoints (lineMidpointState=..., lBreak=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:1078
#4 0x00007ffff196069d in WebCore::BreakingContext::handleEndOfLine (this=0x7fffffff8fd0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:1122
#5 0x00007ffff195a3fa in WebCore::LineBreaker::nextSegmentBreak (this=0x7fffffffa410, resolver=..., lineInfo=..., renderTextInfo=...,
lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/line/LineBreaker.cpp:175
#6 0x00007ffff1959c14 in WebCore::LineBreaker::nextLineBreak (this=0x7fffffffa410, resolver=..., lineInfo=..., renderTextInfo=...,
lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/line/LineBreaker.cpp:89
#7 0x00007ffff17b0d9e in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x11aaa60, layoutState=..., resolver=..., cleanLineStart=...,
cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1318
#8 0x00007ffff17af6c4 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x11aaa60, layoutState=..., hasInlineChild=true)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1075
#9 0x00007ffff17b2f4e in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x11aaa60, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1671
#10 0x00007ffff1796002 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x11aaa60, relayoutChildren=true, repaintLogicalTop=...,
repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:547
#11 0x00007ffff17952b3 in WebCore::RenderBlockFlow::layoutBlock (this=0x11aaa60, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:373
#12 0x00007ffff176411f in WebCore::RenderBlock::layout (this=0x11aaa60) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
#13 0x00007ffff1796409 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11592b0, child=..., marginInfo=..., previousFloatLogicalBottom=...,
maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608
#14 0x00007ffff1795f00 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11592b0, relayoutChildren=true, maxFloatLogicalBottom=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527
#15 0x00007ffff17952d7 in WebCore::RenderBlockFlow::layoutBlock (this=0x11592b0, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375
#16 0x00007ffff176411f in WebCore::RenderBlock::layout (this=0x11592b0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
#17 0x00007ffff1796409 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x1158d50, child=..., marginInfo=..., previousFloatLogicalBottom=...,
maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608
#18 0x00007ffff1795f00 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x1158d50, relayoutChildren=true, maxFloatLogicalBottom=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527
#19 0x00007ffff17952d7 in WebCore::RenderBlockFlow::layoutBlock (this=0x1158d50, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375
#20 0x00007ffff176411f in WebCore::RenderBlock::layout (this=0x1158d50) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
#21 0x00007ffff1796409 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f2060, child=..., marginInfo=..., previousFloatLogicalBottom=...,
maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608
#22 0x00007ffff1795f00 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f2060, relayoutChildren=true, maxFloatLogicalBottom=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527
#23 0x00007ffff17952d7 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f2060, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375
#24 0x00007ffff176411f in WebCore::RenderBlock::layout (this=0x7f2060) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
#25 0x00007ffff1935afd in WebCore::RenderView::layoutContent (this=0x7f2060, state=...)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:158
#26 0x00007ffff1936779 in WebCore::RenderView::layout (this=0x7f2060) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:342
#27 0x00007ffff14cc7d9 in WebCore::FrameView::layout (this=0x6f8450, allowSubtree=true)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1322
#28 0x00007ffff0f148f0 in WebCore::Document::implicitClose (this=0x11c6690) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2457
#29 0x00007ffff13a58d7 in WebCore::FrameLoader::checkCallImplicitClose (this=0x723198)
---Type <return> to continue, or q <return> to quit---
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:899
#30 0x00007ffff13a566b in WebCore::FrameLoader::checkCompleted (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:842
#31 0x00007ffff13a53c6 in WebCore::FrameLoader::finishedParsing (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:763
#32 0x00007ffff0f1bd7b in WebCore::Document::finishedParsing (this=0x11c6690) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4449
#33 0x00007ffff121452f in WebCore::HTMLConstructionSite::finishedParsing (this=0x725208)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:337
#34 0x00007ffff124d882 in WebCore::HTMLTreeBuilder::finished (this=0x7251f0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3046
#35 0x00007ffff121b836 in WebCore::HTMLDocumentParser::end (this=0x109eda0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:749
#36 0x00007ffff121b921 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x109eda0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:760
#37 0x00007ffff121a569 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x109eda0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:203
#38 0x00007ffff121b966 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x109eda0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:772
#39 0x00007ffff121ba1f in WebCore::HTMLDocumentParser::finish (this=0x109eda0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:821
#40 0x00007ffff1398122 in WebCore::DocumentWriter::end (this=0x1136640) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:252
#41 0x00007ffff138383e in WebCore::DocumentLoader::finishedLoading (this=0x11365a0, finishTime=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:441
#42 0x00007ffff13835ac in WebCore::DocumentLoader::notifyFinished (this=0x11365a0, resource=0x114d500)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:375
#43 0x00007ffff142849c in WebCore::CachedResource::checkNotify (this=0x114d500)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336
#44 0x00007ffff142857e in WebCore::CachedResource::finishLoading (this=0x114d500)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:352
#45 0x00007ffff1425092 in WebCore::CachedRawResource::finishLoading (this=0x114d500, data=0x807960)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#46 0x00007ffff13e0f31 in WebCore::SubresourceLoader::didFinishLoading (this=0x114da60, finishTime=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:309
#47 0x00007ffff13dd241 in WebCore::ResourceLoader::didFinishLoading (this=0x114da60, finishTime=0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:517
#48 0x00007ffff215e414 in WebCore::readCallback (asyncResult=0x11519c0, data=0x73f4e0)
at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1336
#49 0x00007fffe80e8bc9 in async_ready_callback_wrapper (source_object=0x877c00, res=0x11519c0, user_data=0x73f4e0) at ginputstream.c:530
#50 0x00007fffe810accb in g_task_return_now (task=0x11519c0) at gtask.c:1105
#51 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114
#52 0x00007fffed805473 in g_main_dispatch (context=0x1151040) at gmain.c:3054
#53 g_main_context_dispatch (context=0x1151040) at gmain.c:3630
#54 0x00007ffff758aaee in _ecore_glib_select__locked (ecore_timeout=0x1151040, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1,
ctx=<optimized out>) at ecore_glib.c:171
#55 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x1151040) at ecore_glib.c:205
#56 0x00007ffff7584cb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#57 0x00007ffff7585789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860
#58 0x00007ffff7585b47 in ecore_main_loop_begin () at ecore_main.c:956
#59 0x0000000000406d21 in main (argc=2, argv=0x7fffffffdd48) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1032
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list