[Webkit-unassigned] [Bug 151028] New: ASSERTION FAILED: !std::isnan(f) in WebCore::clampEdgeValue

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 9 08:48:15 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=151028

            Bug ID: 151028
           Summary: ASSERTION FAILED: !std::isnan(f) in
                    WebCore::clampEdgeValue
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: simon.fraser at apple.com, zan at falconsigh.net
            Blocks: 116980

Created attachment 265055
  --> https://bugs.webkit.org/attachment.cgi?id=265055&action=review
Test

Load the attached test with debug MiniBrowser:

<style>
* {
    transform: perspective(0.1mm) translate(-2461%,0) translateY(0.3vh) skewX(180deg) translate3d( 489%,2892pt,-5596vmax);
    top: -4707rem;
    position: absolute;
}
</style>
<u>
    <i>
        <q>
            <u>
                <textarea></textarea>
            </u>
        </q>
    </i>
</u>


OS: Ubuntu 14.10 x86_64
Checked build: debug EFL
Checked version: 9fa8210


Backtrace:

ASSERTION FAILED: !std::isnan(f)
../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp(682) : float WebCore::clampEdgeValue(float)
1   0x7fddf43e7e17 WTFCrash
2   0x7fddfac4b590
3   0x7fddfac4b7ec WebCore::TransformationMatrix::clampedBoundsOfProjectedQuad(WebCore::FloatQuad const&) const
4   0x7fddfb176548 WebCore::CoordinatedGraphicsLayer::transformedVisibleRect()
5   0x7fddfb176bd4 WebCore::CoordinatedGraphicsLayer::updateContentBuffers()
6   0x7fddfb176a22 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
7   0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
8   0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
9   0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
10  0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
11  0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
12  0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
13  0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
14  0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
15  0x7fddfb176a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
16  0x7fddfb169275 WebCore::CompositingCoordinator::flushPendingLayerChanges()
17  0x7fddfa293d56 WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush()
18  0x7fddfa293e0e WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired()
19  0x7fddfa295657 void std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const
20  0x7fddfa295509 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
21  0x7fddfa295381 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>()
22  0x7fddfa2950da std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&)
23  0x7fddf9cf8ac2 std::function<void ()>::operator()() const
24  0x7fddf9da52da WebCore::Timer::fired()
25  0x7fddfab9ca0d WebCore::ThreadTimers::sharedTimerFiredInternal()
26  0x7fddfab9c5fb
27  0x7fddfab9cc1e
28  0x7fddf9cf8ac2 std::function<void ()>::operator()() const
29  0x7fddfb930063 WebCore::MainThreadSharedTimer::fired()
30  0x7fddfbb3e10e
31  0x7fddf275dfde
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fddf43e7e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fddf43e7e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007fddfac4b590 in WebCore::clampEdgeValue (f=-nan(0x400000)) at ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp:682
#2  0x00007fddfac4b7ec in WebCore::TransformationMatrix::clampedBoundsOfProjectedQuad (this=0x7fdde2450620, q=...) at ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp:703
#3  0x00007fddfb176548 in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect (this=0x7fdde244ff80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:917
#4  0x00007fddfb176bd4 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x7fdde244ff80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:995
#5  0x00007fddfb176a22 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244ff80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:967
#6  0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244f740) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#7  0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244ef00) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#8  0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244e6c0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#9  0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244de80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#10 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde244d640) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#11 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde242f080) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#12 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde242e840) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#13 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde242e000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#14 0x00007fddfb176a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7fdde241d140) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#15 0x00007fddfb169275 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7fdde26e1000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:99
#16 0x00007fddfa293d56 in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7fdde27e0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:212
#17 0x00007fddfa293e0e in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7fdde27e0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:227
#18 0x00007fddfa295657 in std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const (this=0xec8eb0, __object=0x7fdde27e0210) at /usr/include/c++/4.9/functional:569
#19 0x00007fddfa295509 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0xec8eb0, __args=<unknown type in /home/renifuzz/data/REPOS/fuzztargets/webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x10384fe3, DIE 0x104f431c>) at /usr/include/c++/4.9/functional:1264
#20 0x00007fddfa295381 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() (this=0xec8eb0) at /usr/include/c++/4.9/functional:1323
#21 0x00007fddfa2950da in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.9/functional:2039
#22 0x00007fddf9cf8ac2 in std::function<void ()>::operator()() const (this=0x7fdde27e0280) at /usr/include/c++/4.9/functional:2439
#23 0x00007fddf9da52da in WebCore::Timer::fired (this=0x7fdde27e0248) at ../../Source/WebCore/platform/Timer.h:133
#24 0x00007fddfab9ca0d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fdde27d4230) at ../../Source/WebCore/platform/ThreadTimers.cpp:121
#25 0x00007fddfab9c5fb in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0xec7530) at ../../Source/WebCore/platform/ThreadTimers.cpp:73
#26 0x00007fddfab9cc1e in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039
#27 0x00007fddf9cf8ac2 in std::function<void ()>::operator()() const (this=0x7fddffa619e8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at /usr/include/c++/4.9/functional:2439
#28 0x00007fddfb930063 in WebCore::MainThreadSharedTimer::fired (this=0x7fddffa619e0 <WebCore::MainThreadSharedTimer::singleton()::instance>) at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52
#29 0x00007fddfbb3e10e in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44
#30 0x00007fddf275dfde in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336
#31 _ecore_timer_expired_call (when=11169.473828386001) at lib/ecore/ecore_timer.c:733
#32 0x00007fddf275e12b in _ecore_timer_expired_timers_call (when=11169.473828386001) at lib/ecore/ecore_timer.c:686
#33 0x00007fddf2759e01 in _ecore_main_loop_iterate_internal (once_only=once_only at entry=0) at lib/ecore/ecore_main.c:1812
#34 0x00007fddf275a287 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983
#35 0x00007fddf4442d03 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#36 0x00007fddfa298fad in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffd996540c8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#37 0x00007fddfa298bbb in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffd996540c8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#38 0x00000000004008fa in main (argc=2, argv=0x7ffd996540c8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151109/86dc4928/attachment.html>

More information about the webkit-unassigned mailing list