[Webkit-unassigned] [Bug 127345] New: ASSERTION FAILED: textRenderer->parent() in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 21 06:55:05 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=127345

           Summary: ASSERTION FAILED: textRenderer->parent() in
                    WebCore::SVGTextLayoutEngineBaseline::dominantBaseline
                    ToAlignmentBaseline
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
                CC: zimmermann at kde.org, krit at webkit.org, pdr at google.com,
                    fmalita at chromium.org
            Blocks: 116980


Created an attachment (id=221740)
 --> (https://bugs.webkit.org/attachment.cgi?id=221740&action=review)
Test case

The failing test:

<html>
    <style>
        *{
         dominant-baseline:reset-size;
        } 
    </style>

    <svg>
        <text>foo</text>
    </svg>
</html>    


The backtrace:

ASSERTION FAILED: textRenderer->parent()
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp(66) : WebCore::EAlignmentBaseline WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, const WebCore::RenderObject*) const
1   0x7ffff5c172a1 WTFCrash
2   0x7ffff1457b1f WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const
3   0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const
4   0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const
5   0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const
6   0x7ffff1457be2 WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline(bool, WebCore::RenderObject const*) const
7   0x7ffff1457d31 WebCore::SVGTextLayoutEngineBaseline::calculateAlignmentBaselineShift(bool, WebCore::RenderObject const*) const
8   0x7ffff1455e41 WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath(WebCore::SVGInlineTextBox*, WebCore::RenderSVGInlineText*, WebCore::RenderStyle const*)
9   0x7ffff14554f8 WebCore::SVGTextLayoutEngine::layoutInlineTextBox(WebCore::SVGInlineTextBox*)
10  0x7ffff144bd4f WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes(WebCore::InlineFlowBox*, WebCore::SVGTextLayoutEngine&)
11  0x7ffff144bc0c WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation()
12  0x7ffff120be95 WebCore::RenderBlockFlow::createLineBoxesFromBidiRuns(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::LineInfo&, WebCore::VerticalPositionCache&, WebCore::BidiRun*, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&)
13  0x7ffff120df27 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int)
14  0x7ffff120c435 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool)
15  0x7ffff120fc8c WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
16  0x7ffff11f3162 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17  0x7ffff143002b WebCore::RenderSVGText::layout()
18  0x7ffff143c4ac WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement&, bool)
19  0x7ffff1428187 WebCore::RenderSVGRoot::layout()
20  0x7ffff118d863 WebCore::RenderElement::layoutIfNeeded()
21  0x7ffff120fc4a WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
22  0x7ffff11f3162 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
23  0x7ffff11f2461 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
24  0x7ffff11c15fb WebCore::RenderBlock::layout()
25  0x7ffff11f354e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
26  0x7ffff11f3067 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
27  0x7ffff11f2485 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
28  0x7ffff11c15fb WebCore::RenderBlock::layout()
29  0x7ffff11f354e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
30  0x7ffff11f3067 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
31  0x7ffff11f2485 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff1457b1f in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, textRenderer=
    0x6f2900) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:66
#2  0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, 
    textRenderer=0x11b6ef0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85
#3  0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, 
    textRenderer=0x11ad350) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85
#4  0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, 
    textRenderer=0x12025f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85
#5  0x00007ffff1457be2 in WebCore::SVGTextLayoutEngineBaseline::dominantBaselineToAlignmentBaseline (this=0x7fffffff94b0, isVerticalText=false, 
    textRenderer=0x1210060) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:85
#6  0x00007ffff1457d31 in WebCore::SVGTextLayoutEngineBaseline::calculateAlignmentBaselineShift (this=0x7fffffff94b0, isVerticalText=false, 
    textRenderer=0x11f8f30) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngineBaseline.cpp:118
#7  0x00007ffff1455e41 in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath (this=0x7fffffff9820, textBox=0x11ecb00, text=0x11f8f30, style=0x11de440)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp:452
#8  0x00007ffff14554f8 in WebCore::SVGTextLayoutEngine::layoutInlineTextBox (this=0x7fffffff9820, textBox=0x11ecb00)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGTextLayoutEngine.cpp:246
#9  0x00007ffff144bd4f in WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes (this=0x1206b60, start=0x1206b60, characterLayout=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:111
#10 0x00007ffff144bc0c in WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation (this=0x1206b60)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRootInlineBox.cpp:92
#11 0x00007ffff120be95 in WebCore::RenderBlockFlow::createLineBoxesFromBidiRuns (this=0x1210060, bidiRuns=..., end=..., lineInfo=..., 
    verticalPositionCache=..., trailingSpaceRun=0x0, wordMeasurements=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1015
#12 0x00007ffff120df27 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x1210060, layoutState=..., resolver=..., cleanLineStart=..., 
    cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1392
#13 0x00007ffff120c435 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x1210060, layoutState=..., hasInlineChild=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1101
#14 0x00007ffff120fc8c in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x1210060, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1697
#15 0x00007ffff11f3162 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x1210060, relayoutChildren=true, repaintLogicalTop=..., 
    repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:547
#16 0x00007ffff143002b in WebCore::RenderSVGText::layout (this=0x1210060)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGText.cpp:426
#17 0x00007ffff143c4ac in WebCore::SVGRenderSupport::layoutChildren (start=..., selfNeedsLayout=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:272
#18 0x00007ffff1428187 in WebCore::RenderSVGRoot::layout (this=0x12025f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/svg/RenderSVGRoot.cpp:211
#19 0x00007ffff118d863 in WebCore::RenderElement::layoutIfNeeded (this=0x12025f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderElement.h:99
#20 0x00007ffff120fc4a in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x11ad350, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1695
#21 0x00007ffff11f3162 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x11ad350, relayoutChildren=true, repaintLogicalTop=..., 
    repaintLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:547
#22 0x00007ffff11f2461 in WebCore::RenderBlockFlow::layoutBlock (this=0x11ad350, relayoutChildren=true, pageLogicalHeight=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:373
#23 0x00007ffff11c15fb in WebCore::RenderBlock::layout (this=0x11ad350) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
#24 0x00007ffff11f354e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x11b6ef0, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608
#25 0x00007ffff11f3067 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x11b6ef0, relayoutChildren=true, maxFloatLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527
#26 0x00007ffff11f2485 in WebCore::RenderBlockFlow::layoutBlock (this=0x11b6ef0, relayoutChildren=true, pageLogicalHeight=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375
#27 0x00007ffff11c15fb in WebCore::RenderBlock::layout (this=0x11b6ef0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
---Type <return> to continue, or q <return> to quit---
#28 0x00007ffff11f354e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x6f2900, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:608
#29 0x00007ffff11f3067 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x6f2900, relayoutChildren=true, maxFloatLogicalBottom=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:527
#30 0x00007ffff11f2485 in WebCore::RenderBlockFlow::layoutBlock (this=0x6f2900, relayoutChildren=true, pageLogicalHeight=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:375
#31 0x00007ffff11c15fb in WebCore::RenderBlock::layout (this=0x6f2900) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1314
#32 0x00007ffff138e927 in WebCore::RenderView::layoutContent (this=0x6f2900, state=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:158
#33 0x00007ffff138f5df in WebCore::RenderView::layout (this=0x6f2900) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:342
#34 0x00007ffff0f1db9b in WebCore::FrameView::layout (this=0x6f8450, allowSubtree=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1322
#35 0x00007ffff097042a in WebCore::Document::implicitClose (this=0x11c8210) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2462
#36 0x00007ffff0df788d in WebCore::FrameLoader::checkCallImplicitClose (this=0x723198)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:898
#37 0x00007ffff0df75fe in WebCore::FrameLoader::checkCompleted (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:841
#38 0x00007ffff0df7333 in WebCore::FrameLoader::finishedParsing (this=0x723198) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:762
#39 0x00007ffff0977865 in WebCore::Document::finishedParsing (this=0x11c8210) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4454
#40 0x00007ffff0c6c485 in WebCore::HTMLConstructionSite::finishedParsing (this=0x725208)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:337
#41 0x00007ffff0ca5952 in WebCore::HTMLTreeBuilder::finished (this=0x7251f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3046
#42 0x00007ffff0c73750 in WebCore::HTMLDocumentParser::end (this=0x6f2200)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#43 0x00007ffff0c73839 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x6f2200)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#44 0x00007ffff0c72481 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x6f2200)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#45 0x00007ffff0c7387e in WebCore::HTMLDocumentParser::attemptToEnd (this=0x6f2200)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#46 0x00007ffff0c73937 in WebCore::HTMLDocumentParser::finish (this=0x6f2200)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#47 0x00007ffff0de942d in WebCore::DocumentWriter::end (this=0x11363d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248
#48 0x00007ffff0dd4a7f in WebCore::DocumentLoader::finishedLoading (this=0x1136330, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440
#49 0x00007ffff0dd47e8 in WebCore::DocumentLoader::notifyFinished (this=0x1136330, resource=0x114d290)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374
#50 0x00007ffff0e79d94 in WebCore::CachedResource::checkNotify (this=0x114d290)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336
#51 0x00007ffff0e79e72 in WebCore::CachedResource::finishLoading (this=0x114d290)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:352
#52 0x00007ffff0e768fe in WebCore::CachedRawResource::finishLoading (this=0x114d290, data=0x10ba1c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#53 0x00007ffff0e33049 in WebCore::SubresourceLoader::didFinishLoading (this=0x114d7c0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:309
#54 0x00007ffff0e2f375 in WebCore::ResourceLoader::didFinishLoading (this=0x114d7c0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:517
#55 0x00007ffff1ba90fd in WebCore::readCallback (asyncResult=0x11511c0, data=0x10ad9c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1336
#56 0x00007fffe79f0bc9 in async_ready_callback_wrapper (source_object=0x877c00, res=0x11511c0, user_data=0x10ad9c0) at ginputstream.c:530
#57 0x00007fffe7a12ccb in g_task_return_now (task=0x11511c0) at gtask.c:1105
#58 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114
#59 0x00007fffed10d473 in g_main_dispatch (context=0x1150cb0) at gmain.c:3054
#60 g_main_context_dispatch (context=0x1150cb0) at gmain.c:3630
---Type <return> to continue, or q <return> to quit---
#61 0x00007ffff7581aee in _ecore_glib_select__locked (ecore_timeout=0x1150cb0, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1, 
    ctx=<optimized out>) at ecore_glib.c:171
#62 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x1150cb0) at ecore_glib.c:205
#63 0x00007ffff757bcb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#64 0x00007ffff757c789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860
#65 0x00007ffff757cb47 in ecore_main_loop_begin () at ecore_main.c:956
#66 0x0000000000406c88 in main (argc=2, argv=0x7fffffffde08) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1026

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list