[Webkit-unassigned] [Bug 166010] New: ASSERTION FAILED: !parent->renderer()->isEmbeddedObject() in WebCore::HTMLEmbedElement::rendererIsNeeded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Dec 18 03:36:35 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=166010
Bug ID: 166010
Summary: ASSERTION FAILED:
!parent->renderer()->isEmbeddedObject() in
WebCore::HTMLEmbedElement::rendererIsNeeded
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
CC: cdumez at apple.com
Load the attached test with debug WebKitTestRunner:
Checked version: f368f1d
OS: Darwin-15.6.0-x86_64-i386-64bit
<object><embed src><LINK REL="stylesheet"href=.>
Backtrace:
ASSERTION FAILED: !parent->renderer()->isEmbeddedObject()
WebKit/Source/WebCore/html/HTMLEmbedElement.cpp(199) : virtual bool WebCore::HTMLEmbedElement::rendererIsNeeded(const WebCore::RenderStyle &)
1 0x11980bf31 WTFCrash
2 0x11fc2f78b WebCore::HTMLEmbedElement::rendererIsNeeded(WebCore::RenderStyle const&)
3 0x1242a4d28 WebCore::Style::affectsRenderedSubtree(WebCore::Element&, WebCore::RenderStyle const&)
4 0x1242a3524 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&)
5 0x1242a6d40 WebCore::Style::TreeResolver::resolveComposedTree()
6 0x1242a887a WebCore::Style::TreeResolver::resolve(WebCore::Style::Change)
7 0x11ee814a3 WebCore::Document::recalcStyle(WebCore::Style::Change)
8 0x11ee6c10b WebCore::Document::updateStyleIfNeeded()
9 0x11f8439e7 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive()
10 0x111086a85 WebKit::WebPage::layoutIfNeeded()
11 0x1109daf58 WebKit::TiledCoreAnimationDrawingArea::flushLayers()
12 0x12244795c WebCore::LayerFlushScheduler::layerFlushCallback()
13 0x12244ad6c WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const
14 0x12244ac8d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_
15 0x12244ac39 std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()()
16 0x11de01445 std::__1::function<void ()>::operator()() const
17 0x123ac355f WebCore::RunLoopObserver::runLoopObserverFired()
18 0x123ac34e0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*)
19 0x7fff927c8fc7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
20 0x7fff927c8f37 __CFRunLoopDoObservers
21 0x7fff927a7e58 CFRunLoopRunSpecific
22 0x7fff90b63935 RunCurrentEventLoopInMode
23 0x7fff90b6376f ReceiveNextEventCommon
24 0x7fff90b635af _BlockUntilNextEventMatchingListInModeWithFilter
25 0x7fff95a03df6 _DPSNextEvent
26 0x7fff95a03226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
27 0x7fff959f7d80 -[NSApplication run]
28 0x7fff959c1368 NSApplicationMain
29 0x7fff897b8194 _xpc_objc_main
30 0x7fff897b6bbe xpc_main
31 0x10fc81f74 main
ASAN:DEADLYSIGNAL
=================================================================
==53912==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011980bf69 bp 0x7fff4ff79a60 sp 0x7fff4ff79a50 T0)
#0 0x11980bf68 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e6ef68)
#1 0x11fc2f78a in WebCore::HTMLEmbedElement::rendererIsNeeded(WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f2578a)
#2 0x1242a4d27 in WebCore::Style::affectsRenderedSubtree(WebCore::Element&, WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659ad27)
#3 0x1242a3523 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6599523)
#4 0x1242a6d3f in WebCore::Style::TreeResolver::resolveComposedTree() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659cd3f)
#5 0x1242a8879 in WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x659e879)
#6 0x11ee814a2 in WebCore::Document::recalcStyle(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11774a2)
#7 0x11ee6c10a in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x116210a)
#8 0x11f8439e6 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b399e6)
#9 0x111086a84 in WebKit::WebPage::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13eda84)
#10 0x1109daf57 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xd41f57)
#11 0x12244795b in WebCore::LayerFlushScheduler::layerFlushCallback() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x473d95b)
#12 0x12244ad6b in WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740d6b)
#13 0x12244ac8c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740c8c)
#14 0x12244ac38 in std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4740c38)
#15 0x11de01444 in std::__1::function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0xf7444)
#16 0x123ac355e in WebCore::RunLoopObserver::runLoopObserverFired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5db955e)
#17 0x123ac34df in WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5db94df)
#18 0x7fff927c8fc6 in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9fc6)
#19 0x7fff927c8f36 in __CFRunLoopDoObservers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9f36)
#20 0x7fff927a7e57 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e57)
#21 0x7fff90b63934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
#22 0x7fff90b6376e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
#23 0x7fff90b635ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
#24 0x7fff95a03df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
#25 0x7fff95a03225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
#26 0x7fff959f7d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
#27 0x7fff959c1367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
#28 0x7fff897b8193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
#29 0x7fff897b6bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
#30 0x10fc81f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
#31 0x7fff9c5a45ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#32 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2e6ef68) in WTFCrash
==53912==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 53912)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161218/25cda88e/attachment-0001.html>
More information about the webkit-unassigned
mailing list