[Webkit-unassigned] [Bug 146646] New: Crash: LayoutState root's container is nullptr when the layout root is detached.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 6 10:55:56 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=146646
Bug ID: 146646
Summary: Crash: LayoutState root's container is nullptr when
the layout root is detached.
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: zalan at apple.com
0 WebCore 0x0000000196cb5f74 WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const&, unsigned int, bool*) const + 64 (RenderObject.cpp:1587)
1 WebCore 0x0000000196b0b0d0 WebCore::LayoutState::LayoutState(WebCore::RenderObject&) + 96 (LayoutState.cpp:140)
2 WebCore 0x0000000196b0b0d0 WebCore::LayoutState::LayoutState(WebCore::RenderObject&) + 96 (LayoutState.cpp:140)
3 WebCore 0x0000000196d1a074 WebCore::RenderView::pushLayoutState(WebCore::RenderObject&) + 40 (StdLibExtras.h:337)
4 WebCore 0x00000001961b181c WebCore::FrameView::layout(bool) + 716 (FrameView.cpp:1307)
5 WebCore 0x00000001962550e8 WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) + 204 (RenderFrameBase.cpp:63)
6 WebCore 0x000000019624a324 WebCore::RenderIFrame::layout() + 76 (RenderIFrame.cpp:105)
7 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
8 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
9 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
10 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
11 WebCore 0x0000000196c28fcc WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 948 (RenderElement.h:134)
12 WebCore 0x0000000196c145a0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 936 (RenderBlockFlow.cpp:651)
13 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
14 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
15 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
16 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
17 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
18 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
19 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
20 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
21 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
22 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
23 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
24 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
25 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
26 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
27 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
28 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
29 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
30 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
31 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
32 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
33 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
34 WebCore 0x0000000196c16228 WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) + 280 (RenderElement.h:134)
35 WebCore 0x0000000196b17b24 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) + 448 (LineBreaker.cpp:69)
36 WebCore 0x0000000196b17ce8 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) + 204 (LineBreaker.cpp:90)
37 WebCore 0x0000000196c26f58 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 572 (RenderBlockLineLayout.cpp:1248)
38 WebCore 0x0000000196c25b94 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 800 (RenderBlockLineLayout.cpp:1202)
39 WebCore 0x0000000196c29414 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 2044 (RenderBlockLineLayout.cpp:1612)
40 WebCore 0x0000000196c145a0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 936 (RenderBlockFlow.cpp:651)
41 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
42 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
43 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
44 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
45 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
46 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
47 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
48 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
49 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
50 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
51 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
52 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
53 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
54 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
55 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
56 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
57 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
58 WebCore 0x00000001961b3ad8 WebCore::RenderView::layout() + 924 (RenderView.cpp:232)
59 WebCore 0x00000001961b20bc WebCore::FrameView::layout(bool) + 2924 (FrameView.cpp:1319)
60 WebCore 0x00000001964a15f8 WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element&, WebCore::DimensionsCheck) + 1360 (Document.cpp:1997)
61 WebCore 0x000000019621ba38 WebCore::Element::offsetWidth() + 36 (Element.cpp:747)
62 WebCore 0x00000001968570a4 WebCore::jsElementOffsetWidth(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) + 44 (JSElement.cpp:856)
63 JavaScriptCore 0x00000001858214bc llint_slow_path_get_by_id + 2072 (PropertySlot.h:256)
64 JavaScriptCore 0x0000000185c3696c llint_entry + 9884
65 JavaScriptCore 0x0000000185c39e38 llint_entry + 23400
66 JavaScriptCore 0x0000000185c39e9c llint_entry + 23500
67 JavaScriptCore 0x0000000185c39e9c llint_entry + 23500
68 ??? 0x000000017d55b9bc 0 + 6397737404
69 ??? 0x000000017cb32218 0 + 6387081752
70 JavaScriptCore 0x0000000185c340b4 vmEntryToJavaScript + 308
71 JavaScriptCore 0x0000000185b6b63c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 188 (JITCode.cpp:77)
72 JavaScriptCore 0x000000018582d1b4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 396 (Interpreter.cpp:962)
73 JavaScriptCore 0x0000000185934f40 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 76 (CallData.cpp:39)
74 WebCore 0x00000001962a4ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 860 (JSMainThreadExecState.h:56)
75 WebCore 0x0000000196562b54 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 748 (EventTarget.cpp:256)
76 WebCore 0x00000001961a83bc WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 324 (EventTarget.cpp:208)
77 WebCore 0x00000001961c6350 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 292 (DOMWindow.cpp:1901)
78 WebCore 0x00000001961caf7c WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 656 (FrameLoader.cpp:451)
79 WebCore 0x00000001965d0618 WebCore::FrameLoader::detachFromParent() + 128 (FrameLoader.cpp:535)
80 WebCore 0x00000001961a1ba8 WebCore::FrameLoader::detachChildren() + 192 (FrameLoader.cpp:2396)
81 WebCore 0x00000001961a1a4c WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader*) + 44 (FrameLoader.cpp:1658)
82 WebCore 0x00000001965cfd64 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 236 (FrameLoader.cpp:1883)
83 WebCore 0x00000001961a0f74 WebCore::FrameLoader::commitProvisionalLoad() + 444 (FrameLoader.cpp:1770)
84 WebCore 0x00000001961ca6c8 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:356)
85 WebCore 0x00000001961be780 WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient*) + 792 (CachedRawResource.cpp:146)
86 WebCore 0x000000019613354c WebCore::ThreadTimers::sharedTimerFiredInternal() + 144 (ThreadTimers.cpp:132)
87 WebCore 0x000000019613348c WebCore::timerFired(__CFRunLoopTimer*, void*) + 32 (SharedTimerCF.cpp:82)
88 CoreFoundation 0x0000000184194720 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 24 (CFRunLoop.c:1632)
89 CoreFoundation 0x00000001841943c4 __CFRunLoopDoTimer + 880 (CFRunLoop.c:2171)
90 CoreFoundation 0x0000000184191aac __CFRunLoopRun + 1516 (CFRunLoop.c:2310)
91 CoreFoundation 0x00000001840bd0bc CFRunLoopRunSpecific + 380 (CFRunLoop.c:2818)
92 Foundation 0x0000000185058e8c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:366)
93 Foundation 0x00000001850ae724 -[NSRunLoop(NSRunLoop) run] + 84 (NSRunLoop.m:388)
94 libxpc.dylib 0x0000000199c4d298 _xpc_objc_main + 656 (main.m:176)
95 libxpc.dylib 0x0000000199c4efa8 xpc_main + 196 (init.c:1424)
96 com.apple.WebKit.WebContent 0x0000000100017920 main + 52 (XPCServiceMain.mm:89)
97 libdyld.dylib 0x0000000199a329e4 start + 0 (start_glue.s:78)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150706/dc1663b0/attachment-0001.html>
More information about the webkit-unassigned
mailing list