[Webkit-unassigned] [Bug 130341] New: ASSERTION FAILED: !lengthOrPercentageValue.isUndefined() in WebCore::ApplyPropertyTextIndent::applyValue

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 17 09:01:15 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=130341

           Summary: ASSERTION FAILED:
                    !lengthOrPercentageValue.isUndefined() in
                    WebCore::ApplyPropertyTextIndent::applyValue
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rhodovan.u-szeged at partner.samsung.com
            Blocks: 116980


Created an attachment (id=226923)
 --> (https://bugs.webkit.org/attachment.cgi?id=226923&action=review)
Test case

Test case to reproduce:

<title style="text-indent:9.4EX">A</title>

Backtrace:

ASSERTION FAILED: !lengthOrPercentageValue.isUndefined()
/home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp(2326) : static void WebCore::ApplyPropertyTextIndent::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*)
1   0x7ffff5ed5075 WTFCrash
2   0x7ffff0e930fc WebCore::ApplyPropertyTextIndent::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*)
3   0x7ffff0f1a45b WebCore::PropertyHandler::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) const
4   0x7ffff0f1122a WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*)
5   0x7ffff0f17091 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&)
6   0x7ffff0f17206 WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int)
7   0x7ffff0f10307 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache)
8   0x7ffff0f0b7d3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*)
9   0x7ffff0f7c4d2 WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*)
10  0x7ffff0fd92b2 WebCore::Element::computedStyle(WebCore::PseudoId)
11  0x7ffff1203a3a WebCore::HTMLTitleElement::textWithDirection()
12  0x7ffff1203945 WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&)
13  0x7ffff0f5bde9 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource)
14  0x7ffff0f5d6e1 WebCore::ContainerNode::parserAppendChild(WTF::PassRefPtr<WebCore::Node>)
15  0x7ffff1282882
16  0x7ffff12828db
17  0x7ffff1282ae1
18  0x7ffff12851a2 WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode)
19  0x7ffff12ba981 WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&)
20  0x7ffff12ba1ff WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken*)
21  0x7ffff12b01c3 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken*)
22  0x7ffff12affa0 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken*)
23  0x7ffff128b294 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&)
24  0x7ffff128af1b WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
25  0x7ffff128a721 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
26  0x7ffff128b7db WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>)
27  0x7ffff0f73815 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
28  0x7ffff13ed465 WebCore::DocumentWriter::end()
29  0x7ffff13d7e41 WebCore::DocumentLoader::finishedLoading(double)
30  0x7ffff13d7baa WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*)
31  0x7ffff14805a4 WebCore::CachedResource::checkNotify()

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5ed507a in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5ed507a in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff0e930fc in WebCore::ApplyPropertyTextIndent::applyValue (styleResolver=0x987e50, value=0x96ca10)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.cpp:2326
#2  0x00007ffff0f1a45b in WebCore::PropertyHandler::applyValue (this=0x9dce60, propertyID=WebCore::CSSPropertyTextIndent, styleResolver=0x987e50, 
    value=0x96ca10) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/DeprecatedStyleBuilder.h:48
#3  0x00007ffff0f1122a in WebCore::StyleResolver::applyProperty (this=0x987e50, id=WebCore::CSSPropertyTextIndent, value=0x96ca10)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:2150
#4  0x00007ffff0f17091 in WebCore::StyleResolver::CascadedProperties::Property::apply (this=0x7fffffff8d30, resolver=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3909
#5  0x00007ffff0f17206 in WebCore::StyleResolver::applyCascadedProperties (this=0x987e50, cascade=..., firstProperty=20, lastProperty=415)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:3939
#6  0x00007ffff0f10307 in WebCore::StyleResolver::applyMatchedProperties (this=0x987e50, matchResult=..., element=0x858a60, 
    shouldUseMatchedPropertiesCache=WebCore::StyleResolver::UseMatchedPropertiesCache)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:1844
#7  0x00007ffff0f0b7d3 in WebCore::StyleResolver::styleForElement (this=0x987e50, element=0x858a60, defaultParent=0x988830, 
    sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/css/StyleResolver.cpp:803
#8  0x00007ffff0f7c4d2 in WebCore::Document::styleForElementIgnoringPendingStylesheets (this=0x9897c0, element=0x858a60)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1891
#9  0x00007ffff0fd92b2 in WebCore::Element::computedStyle (this=0x858a60, pseudoElementSpecifier=WebCore::NOPSEUDO)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:2050
#10 0x00007ffff1203a3a in WebCore::HTMLTitleElement::textWithDirection (this=0x858a60)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/HTMLTitleElement.cpp:87
#11 0x00007ffff1203945 in WebCore::HTMLTitleElement::childrenChanged (this=0x858a60, change=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/HTMLTitleElement.cpp:70
#12 0x00007ffff0f5bde9 in WebCore::ContainerNode::notifyChildInserted (this=0x858a60, child=..., 
    source=WebCore::ContainerNode::ChildChangeSourceParser) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:353
#13 0x00007ffff0f5d6e1 in WebCore::ContainerNode::parserAppendChild (this=0x858a60, newChild=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:754
#14 0x00007ffff1282882 in WebCore::insert (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:96
#15 0x00007ffff12828db in WebCore::executeInsertTask (task=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:103
#16 0x00007ffff1282ae1 in WebCore::executeTask (task=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:141
#17 0x00007ffff12851a2 in WebCore::HTMLConstructionSite::insertTextNode (this=0x9e29d8, characters=..., whitespaceMode=WebCore::WhitespaceUnknown)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:567
#18 0x00007ffff12ba981 in WebCore::HTMLTreeBuilder::processCharacterBuffer (this=0x9e29c0, buffer=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2523
#19 0x00007ffff12ba1ff in WebCore::HTMLTreeBuilder::processCharacter (this=0x9e29c0, token=0x7fffffffbd90)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2304
#20 0x00007ffff12b01c3 in WebCore::HTMLTreeBuilder::processToken (this=0x9e29c0, token=0x7fffffffbd90)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:393
#21 0x00007ffff12affa0 in WebCore::HTMLTreeBuilder::constructTree (this=0x9e29c0, token=0x7fffffffbd90)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:354
#22 0x00007ffff128b294 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x80a290, rawToken=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:352
#23 0x00007ffff128af1b in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x80a290, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:309
#24 0x00007ffff128a721 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x80a290, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189
#25 0x00007ffff128b7db in WebCore::HTMLDocumentParser::append (this=0x80a290, inputSource=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:428
#26 0x00007ffff0f73815 in WebCore::DecodedDataDocumentParser::flush (this=0x80a290, writer=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#27 0x00007ffff13ed465 in WebCore::DocumentWriter::end (this=0x8ce940)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245
---Type <return> to continue, or q <return> to quit---
#28 0x00007ffff13d7e41 in WebCore::DocumentLoader::finishedLoading (this=0x8ce8a0, finishTime=0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440
#29 0x00007ffff13d7baa in WebCore::DocumentLoader::notifyFinished (this=0x8ce8a0, resource=0x757530)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374
#30 0x00007ffff14805a4 in WebCore::CachedResource::checkNotify (this=0x757530)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:332
#31 0x00007ffff1480682 in WebCore::CachedResource::finishLoading (this=0x757530)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:348
#32 0x00007ffff147d056 in WebCore::CachedRawResource::finishLoading (this=0x757530, data=0x80a1f0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:96
#33 0x00007ffff143873a in WebCore::SubresourceLoader::didFinishLoading (this=0x757a70, finishTime=0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:310
#34 0x00007ffff1434a11 in WebCore::ResourceLoader::didFinishLoading (this=0x757a70, finishTime=0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:508
#35 0x00007ffff1d16a55 in WebCore::readCallback (asyncResult=0x8069c0, data=0x8237b0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1322
#36 0x00007fffe8f3e02a in async_ready_callback_wrapper (source_object=0x91e9e0, res=0x8069c0, user_data=0x8237b0) at ginputstream.c:530
#37 0x00007fffe8f5d5bb in g_task_return_now (task=0x8069c0) at gtask.c:1105
#38 0x00007fffe8f5d5d9 in complete_in_idle_cb (task=0x8069c0) at gtask.c:1114
#39 0x00007fffed2e7f46 in g_main_dispatch (context=0x806730) at gmain.c:3054
#40 g_main_context_dispatch (context=context at entry=0x806730) at gmain.c:3630
#41 0x00007ffff78de6e8 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffc500, rfds=0x7fffffffc480, 
    ecore_fds=10, ctx=<optimized out>) at ecore_glib.c:171
#42 _ecore_glib_select (ecore_fds=10, rfds=0x7fffffffc480, wfds=0x7fffffffc500, efds=<optimized out>, ecore_timeout=<optimized out>)
    at ecore_glib.c:205
#43 0x00007ffff78d8b37 in _ecore_main_select (timeout=timeout at entry=0) at ecore_main.c:1466
#44 0x00007ffff78d962c in _ecore_main_loop_iterate_internal (once_only=once_only at entry=0) at ecore_main.c:1860
#45 0x00007ffff78d99c7 in ecore_main_loop_begin () at ecore_main.c:956
#46 0x0000000000406866 in main (argc=2, argv=0x7fffffffd998) at /home/reni2/data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1002

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list