[Webkit-unassigned] [Bug 141328] New: ASSERTION FAILED: resolvedInitialPosition <= resolvedFinalPosition in WebCore::GridSpan::GridSpan

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 6 03:28:09 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=141328

            Bug ID: 141328
           Summary: ASSERTION FAILED: resolvedInitialPosition <=
                    resolvedFinalPosition in WebCore::GridSpan::GridSpan
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: jfernandez at igalia.com, rego at igalia.com,
                    svillar at igalia.com
            Blocks: 116980

Created attachment 246157
  --> https://bugs.webkit.org/attachment.cgi?id=246157&action=review
Test case

Load this with debug WK:

<!DOCTYPE html>
<input/><input/><input/>
<style>
* {
    display:-webkit-inline-grid;
    -webkit-grid-row: span 400000;
}
</style>

Note: it's probably the same as crbug.com/422980.


Backtrace:

ASSERTION FAILED: resolvedInitialPosition <= resolvedFinalPosition
../../Source/WebCore/rendering/style/GridCoordinate.h(55) : WebCore::GridSpan::GridSpan(const WebCore::GridResolvedPosition&, const WebCore::GridResolvedPosition&)


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8affd700 (LWP 17567)]
0x00007fffed72b70d in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321        *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fffed72b70d in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff2d34e8d in WebCore::GridSpan::GridSpan (this=0x7fffffffbbd0, resolvedInitialPosition=..., resolvedFinalPosition=...) at ../../Source/WebCore/rendering/style/GridCoordinate.h:55
#2  0x00007ffff3a13afa in WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition (gridContainerStyle=..., gridItem=..., direction=WebCore::ForRows, resolvedInitialPosition=...) at ../../Source/WebCore/rendering/style/GridResolvedPosition.cpp:85
#3  0x00007ffff3895279 in WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid (this=0x7ffff7f33240, gridItem=..., specifiedDirection=WebCore::ForColumns, specifiedPositions=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:814
#4  0x00007ffff3895b41 in WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid (this=0x7ffff7f33240, gridItem=..., autoPlacementCursor=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:894
#5  0x00007ffff38955ce in WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid (this=0x7ffff7f33240, autoGridItems=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:838
#6  0x00007ffff3894d5a in WebCore::RenderGrid::placeItemsOnGrid (this=0x7ffff7f33240) at ../../Source/WebCore/rendering/RenderGrid.cpp:771
#7  0x00007ffff3891703 in WebCore::RenderGrid::computeIntrinsicLogicalWidths (this=0x7ffff7f33240, minLogicalWidth=..., maxLogicalWidth=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:248
#8  0x00007ffff389192e in WebCore::RenderGrid::computePreferredLogicalWidths (this=0x7ffff7f33240) at ../../Source/WebCore/rendering/RenderGrid.cpp:279
#9  0x00007ffff380be26 in WebCore::RenderBox::minPreferredLogicalWidth (this=0x7ffff7f33240) at ../../Source/WebCore/rendering/RenderBox.cpp:999
#10 0x00007ffff3893159 in WebCore::RenderGrid::minContentForChild (this=0x7ffff7e986c0, child=..., direction=WebCore::ForColumns, columnTracks=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:516
#11 0x00007ffff3893ed1 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=..., gridItemWithSpan=..., filterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff38976d4 <WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth() const>, sizingFunction=(WebCore::LayoutUnit (WebCore::RenderGrid::*)(WebCore::RenderGrid * const, WebCore::RenderBox &, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow> &)) 0x7ffff38930ce <WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow>&)>, trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3897c3e <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction=(void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ff
#12 0x00007ffff38937a1 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:598
#13 0x00007ffff3891c9b in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=..., availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:327
#14 0x00007ffff38919fd in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:291
#15 0x00007ffff3895d4a in WebCore::RenderGrid::layoutGridItems (this=0x7ffff7e986c0) at ../../Source/WebCore/rendering/RenderGrid.cpp:923
#16 0x00007ffff3891556 in WebCore::RenderGrid::layoutBlock (this=0x7ffff7e986c0, relayoutChildren=false) at ../../Source/WebCore/rendering/RenderGrid.cpp:220
#17 0x00007ffff37ae24b in WebCore::RenderBlock::layout (this=0x7ffff7e986c0) at ../../Source/WebCore/rendering/RenderBlock.cpp:927
#18 0x00007ffff37d970c in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7ffff7f18b40, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:703
#19 0x00007ffff37d9253 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7ffff7f18b40, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:626
#20 0x00007ffff37d8680 in WebCore::RenderBlockFlow::layoutBlock (this=0x7ffff7f18b40, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:479
#21 0x00007ffff37ae24b in WebCore::RenderBlock::layout (this=0x7ffff7f18b40) at ../../Source/WebCore/rendering/RenderBlock.cpp:927
#22 0x00007ffff39acb11 in WebCore::RenderView::layoutContent (this=0x7ffff7f18b40, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232
#23 0x00007ffff39ad1e1 in WebCore::RenderView::layout (this=0x7ffff7f18b40) at ../../Source/WebCore/rendering/RenderView.cpp:357
#24 0x00007ffff351306c in WebCore::FrameView::layout (this=0x7ffff7ec6b00, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1317
#25 0x00007ffff2eb99ab in WebCore::Document::implicitClose (this=0x7fff5723a000) at ../../Source/WebCore/dom/Document.cpp:2497
#26 0x00007ffff33b7f4b in WebCore::FrameLoader::checkCallImplicitClose (this=0x7ffff7f39a98) at ../../Source/WebCore/loader/FrameLoader.cpp:901
#27 0x00007ffff33b7cb7 in WebCore::FrameLoader::checkCompleted (this=0x7ffff7f39a98) at ../../Source/WebCore/loader/FrameLoader.cpp:847
#28 0x00007ffff33b7a20 in WebCore::FrameLoader::finishedParsing (this=0x7ffff7f39a98) at ../../Source/WebCore/loader/FrameLoader.cpp:767
#29 0x00007ffff2ec28a0 in WebCore::Document::finishedParsing (this=0x7fff5723a000) at ../../Source/WebCore/dom/Document.cpp:4629
#30 0x00007ffff32302b7 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7ffff7f33380) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404
#31 0x00007ffff326cd3e in WebCore::HTMLTreeBuilder::finished (this=0x7ffff7f33360) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2941
#32 0x00007ffff3238c2e in WebCore::HTMLDocumentParser::end (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402
#33 0x00007ffff3238cfc in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411
#34 0x00007ffff32379ac in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132
#35 0x00007ffff3238d33 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423
#36 0x00007ffff3238de1 in WebCore::HTMLDocumentParser::finish (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#37 0x00007ffff33a806f in WebCore::DocumentWriter::end (this=0x7ffff7eba4a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247
#38 0x00007ffff3393699 in WebCore::DocumentLoader::finishedLoading (this=0x7ffff7eba400, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440
#39 0x00007ffff3393402 in WebCore::DocumentLoader::notifyFinished (this=0x7ffff7eba400, resource=0x7ffff7ec6200) at ../../Source/WebCore/loader/DocumentLoader.cpp:374
#40 0x00007ffff3447aa6 in WebCore::CachedResource::checkNotify (this=0x7ffff7ec6200) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293
#41 0x00007ffff3447ba4 in WebCore::CachedResource::finishLoading (this=0x7ffff7ec6200) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309
#42 0x00007ffff3444201 in WebCore::CachedRawResource::finishLoading (this=0x7ffff7ec6200, data=0x7ffff7eb8750) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104
#43 0x00007ffff33f686f in WebCore::SubresourceLoader::didFinishLoading (this=0x7fff41049b00, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:364
#44 0x00007ffff33f21a9 in WebCore::ResourceLoader::didFinishLoading (this=0x7fff41049b00, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:542
#45 0x00007ffff3da6401 in WebCore::readCallback (asyncResult=0x6e4460, data=0x7ffff7e7bb20) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1295
#46 0x00007fffeb2707e6 in async_ready_callback_wrapper (source_object=0x7c7270, res=0x6e4460, user_data=user_data at entry=0x7ffff7e7bb20) at ginputstream.c:523
#47 0x00007fffeb2960e5 in g_task_return_now (task=0x6e4460) at gtask.c:1077
#48 0x00007fffeb296109 in complete_in_idle_cb (task=0x6e4460) at gtask.c:1086
#49 0x00007fffea54ea1d in g_main_dispatch (context=0x478b00) at gmain.c:3064
#50 g_main_context_dispatch (context=context at entry=0x478b00) at gmain.c:3663
#51 0x00007fffea54ed88 in g_main_context_iterate (context=0x478b00, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3734
#52 0x00007fffea54f04a in g_main_loop_run (loop=0x901bd0) at gmain.c:3928
#53 0x00007ffff44a7fb0 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#54 0x00007ffff29946cc in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd988) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#55 0x00007ffff2994531 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd988) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77
#56 0x00000000004008d1 in main (argc=2, argv=0x7fffffffd988) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150206/8a13c2c8/attachment-0002.html>

More information about the webkit-unassigned mailing list