[Webkit-unassigned] [Bug 150253] New: WTFCrash loading Mozilla layout test mozilla/layout/mathml/crashtests/443089-1.xhtml
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 16 13:49:25 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150253
Bug ID: 150253
Summary: WTFCrash loading Mozilla layout test
mozilla/layout/mathml/crashtests/443089-1.xhtml
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: HasReduction, NeedsRadar
Severity: Normal
Priority: P2
Component: MathML
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jhoneycutt at apple.com
Created attachment 263322
--> https://bugs.webkit.org/attachment.cgi?id=263322&action=review
crashing test
WTFCrash loading Mozilla layout test mozilla/layout/mathml/crashtests/443089-1.xhtml.
Stack trace:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
VM Regions Near 0xbbadbeef:
-->
__TEXT 0000000106eae000-0000000106f48000 [ 616K] r-x/rwx SM=COW /Users/USER/*
Application Specific Information:
CRASHING TEST: mozilla/layout/mathml/crashtests/443089-1.xhtml
================================================================
==34156==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010805a870 bp 0x7fff58d4e4c0 sp 0x7fff58d4e4b0 T0)
#0 0x10805a86f in WTFCrash Assertions.cpp:321
#1 0x10e4b919c in WTF::VectorBufferBase<WebCore::RenderTableSection::RowStruct>::allocateBuffer(unsigned long) Vector.h:266
#2 0x10e4b90c3 in WTF::Vector<WebCore::RenderTableSection::RowStruct, 0ul, WTF::CrashOnOverflow, 16ul>::reserveCapacity(unsigned long) Vector.h:1094
#3 0x10e4b66c4 in WTF::Vector<WebCore::RenderTableSection::RowStruct, 0ul, WTF::CrashOnOverflow, 16ul>::grow(unsigned long) Vector.h:1035
#4 0x10e4aad72 in WebCore::RenderTableSection::ensureRows(unsigned int) RenderTableSection.cpp:188
#5 0x10e4ab1c6 in WebCore::RenderTableSection::addCell(WebCore::RenderTableCell*, WebCore::RenderTableRow*) RenderTableSection.cpp:220
#6 0x10e4a967b in WebCore::RenderTableRow::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderTableRow.cpp:150
#7 0x10e245f92 in WebCore::RenderElement::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderElement.cpp:517
#8 0x10e142e7e in WebCore::RenderBlock::addChildIgnoringContinuation(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlock.cpp:492
#9 0x10e8a51b4 in WebCore::Style::createRendererIfNeeded(WebCore::Element&, WebCore::RenderStyle&, WebCore::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) StyleResolveTree.cpp:220
#10 0x10e8a4076 in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) StyleResolveTree.cpp:517
#11 0x10e8a57e0 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::RenderStyle&, WebCore::RenderTreePosition&) StyleResolveTree.cpp:356
#12 0x10e8a4187 in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) StyleResolveTree.cpp:534
#13 0x10e8a57e0 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::RenderStyle&, WebCore::RenderTreePosition&) StyleResolveTree.cpp:356
#14 0x10e8a4187 in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) StyleResolveTree.cpp:534
#15 0x10e8a30c0 in WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::RenderTreePosition&, WebCore::Style::Change) StyleResolveTree.cpp:685
#16 0x10e8a1c97 in WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::RenderTreePosition&, WebCore::Style::Change) StyleResolveTree.cpp:911
#17 0x10e8a1a5b in WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) StyleResolveTree.cpp:971
#18 0x10cc6dc97 in WebCore::Document::recalcStyle(WebCore::Style::Change) Document.cpp:1841
#19 0x10cc688d9 in WebCore::Document::styleResolverChanged(WebCore::StyleResolverUpdateFlag) Document.cpp:3624
#20 0x10ece0b1e in WebCore::XMLDocumentParser::end() XMLDocumentParser.cpp:195
#21 0x10cd1295c in WebCore::DocumentWriter::end() DocumentWriter.cpp:247
#22 0x10ccdab67 in WebCore::DocumentLoader::finishedLoading(double) DocumentLoader.cpp:437
#23 0x10c839ca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297
#24 0x10c834ff9 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) CachedRawResource.cpp:103
#25 0x10e8c2588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372
#26 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850)
#27 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765)
#28 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a)
#29 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491)
#30 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976)
#31 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2)
#32 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd)
#33 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527)
#34 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63)
#35 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420)
#36 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1)
#37 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3)
#38 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
#39 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
#40 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
#41 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
#42 0x106ed098d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
#43 0x106ecff39 in runTestingServerLoop() DumpRenderTree.mm:1180
#44 0x106ecf267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
#45 0x106ed12b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
#46 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#47 0x1 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV Assertions.cpp:321 WTFCrash
abort() called
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151016/872258e1/attachment-0001.html>
More information about the webkit-unassigned
mailing list