[Webkit-unassigned] [Bug 159412] New: Using dpi in sizes attribute fails an assertion

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 5 00:51:07 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=159412

            Bug ID: 159412
           Summary: Using dpi in sizes attribute fails an assertion
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

Using dpi in sizes attribute fails an assertion

BuildBot of Gtk port, Debug build fails

https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/9952

> imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html [ Crash ]

Log:

> ASSERTION FAILED: m_ptr
> ../../Source/WTF/wtf/RefPtr.h(68) : WTF::Ref<T> WTF::RefPtr<T>::releaseNonNull() [with T = WebCore::CSSValue]

Callstack:

> #0  0x00007f1db87451e1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:323
> #1  0x00007f1dbef02f3c in WTF::RefPtr<WebCore::CSSValue>::releaseNonNull (this=0x7fff894f7d90) at ../../Source/WTF/wtf/RefPtr.h:68
> #2  0x00007f1dbefa9022 in (anonymous namespace)::CSSParser::sourceSize(<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0xd3361>, (anonymous namespace)::CSSParserValue &) (this=0x7fff894fa4e0, expression=<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0xd3361>, parserValue=...) at ../../Source/WebCore/css/CSSParser.cpp:1560
> #3  0x00007f1dc02eea7c in cssyyparse (parser=0x7fff894fa4e0) at /home/fujii/work/webkit/w1/WebKitBuild/Debug/DerivedSources/WebCore/CSSGrammar.y:451
> #4  0x00007f1dbefa8d7e in (anonymous namespace)::CSSParser::parseSizesAttribute (this=0x7fff894fa4e0, string=...) at ../../Source/WebCore/css/CSSParser.cpp:1522
> #5  0x00007f1dbf088830 in (anonymous namespace)::parseSizesAttribute (document=..., sizesAttribute=...) at ../../Source/WebCore/css/SourceSizeList.cpp:77
> #6  0x00007f1dbf3eaa9e in (anonymous namespace)::HTMLImageElement::selectImageSource (this=0x7f1d4e5bae40) at ../../Source/WebCore/html/HTMLImageElement.cpp:193
> #7  0x00007f1dbf3eac82 in (anonymous namespace)::HTMLImageElement::parseAttribute (this=0x7f1d4e5bae40, name=..., value=...) at ../../Source/WebCore/html/HTMLImageElement.cpp:206
> #8  0x00007f1dbf1af5a2 in (anonymous namespace)::Element::attributeChanged (this=0x7f1d4e5bae40, name=..., oldValue=..., newValue=...) at ../../Source/WebCore/dom/Element.cpp:1276
> #9  0x00007f1dbf263f8c in (anonymous namespace)::StyledElement::attributeChanged (this=0x7f1d4e5bae40, name=..., oldValue=..., newValue=..., reason=(anonymous namespace)::Element::ModifiedDirectly) at ../../Source/WebCore/dom/StyledElement.cpp:164
> #10 0x00007f1dbf1b000e in (anonymous namespace)::Element::parserSetAttributes (this=0x7f1d4e5bae40, attributeVector=...) at ../../Source/WebCore/dom/Element.cpp:1450
> #11 0x00007f1dbf4fe3f5 in (anonymous namespace)::setAttributes (element=..., attributes=..., parserContentPolicy=(anonymous namespace)::AllowScriptingContent) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:60
> #12 0x00007f1dbf4fe42c in (anonymous namespace)::setAttributes (element=..., token=..., parserContentPolicy=(anonymous namespace)::AllowScriptingContent) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:65
> #13 0x00007f1dbf501a7a in (anonymous namespace)::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface (this=0x7f1da0893800, token=..., customElementInterface=0x0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:692
> #14 0x00007f1dbf501b4a in (anonymous namespace)::HTMLConstructionSite::createHTMLElement (this=0x7f1da0893800, token=...) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:699
> #15 0x00007f1dbf500a4a in (anonymous namespace)::HTMLConstructionSite::insertSelfClosingHTMLElement (this=0x7f1da0893800, token=...) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:509
> #16 0x00007f1dbf532a25 in (anonymous namespace)::HTMLTreeBuilder::processStartTagForInBody (this=0x7f1da08937e0, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:780
> #17 0x00007f1dbf53494c in (anonymous namespace)::HTMLTreeBuilder::processStartTag (this=0x7f1da08937e0, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1141
> #18 0x00007f1dbf53042b in (anonymous namespace)::HTMLTreeBuilder::processToken (this=0x7f1da08937e0, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:381
> #19 0x00007f1dbf530283 in (anonymous namespace)::HTMLTreeBuilder::constructTree (this=0x7f1da08937e0, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:351
> #20 0x00007f1dbf507f09 in (anonymous namespace)::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7f1d4fdda100, rawToken=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:324
> #21 0x00007f1dbf507acb in (anonymous namespace)::HTMLDocumentParser::pumpTokenizerLoop (this=0x7f1d4fdda100, mode=(anonymous namespace)::HTMLDocumentParser::AllowYield, parsingFragment=false, session=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:264
> #22 0x00007f1dbf507c73 in (anonymous namespace)::HTMLDocumentParser::pumpTokenizer (this=0x7f1d4fdda100, mode=(anonymous namespace)::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:282
> #23 0x00007f1dbf50750d in (anonymous namespace)::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7f1d4fdda100, mode=(anonymous namespace)::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:168
> #24 0x00007f1dbf50840e in (anonymous namespace)::HTMLDocumentParser::append(<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x3f043>) (this=0x7f1d4fdda100, inputSource=<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x3f043>) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:394
> #25 0x00007f1dbf135d23 in (anonymous namespace)::DecodedDataDocumentParser::appendBytes (this=0x7f1d4fdda100, writer=..., data=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:50
> #26 0x00007f1dbf67084d in (anonymous namespace)::DocumentWriter::addData (this=0x7f1d4fdef0a0, bytes=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebCore/loader/DocumentWriter.cpp:249
> #27 0x00007f1dbf65d60b in (anonymous namespace)::DocumentLoader::commitData (this=0x7f1d4fdef000, bytes=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebCore/loader/DocumentLoader.cpp:927
> #28 0x00007f1dbe7eb73a in (anonymous namespace)::WebFrameLoaderClient::committedLoad (this=0x1d58350, loader=0x7f1d4fdef000, data=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:932
> #29 0x00007f1dbf65d1e0 in (anonymous namespace)::DocumentLoader::commitLoad (this=0x7f1d4fdef000, data=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebCore/loader/DocumentLoader.cpp:843
> #30 0x00007f1dbf65d861 in (anonymous namespace)::DocumentLoader::dataReceived (this=0x7f1d4fdef000, resource=0x7f1da08f6700, data=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebCore/loader/DocumentLoader.cpp:955
> #31 0x00007f1dbf718630 in (anonymous namespace)::CachedRawResource::notifyClientsDataWasReceived (this=0x7f1da08f6700, data=0x7f1d4fdb5200 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:119
> #32 0x00007f1dbf718304 in (anonymous namespace)::CachedRawResource::addDataBuffer (this=0x7f1da08f6700, data=...) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:69
> #33 0x00007f1dbf6cb432 in (anonymous namespace)::SubresourceLoader::didReceiveDataOrBuffer(const char *, int, <unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x5b13d>, long long, (anonymous namespace)::DataPayloadType) (this=0x7f1d5cbe4b80, data=0x7f1d4fdd3450 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192, prpBuffer=<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x5b13d>, encodedDataLength=8192, dataPayloadType=(anonymous namespace)::DataPayloadBytes) at ../../Source/WebCore/loader/SubresourceLoader.cpp:333
> #34 0x00007f1dbf6cb18e in (anonymous namespace)::SubresourceLoader::didReceiveData (this=0x7f1d5cbe4b80, data=0x7f1d4fdd3450 "es='(}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e76 50w, /images/green-16x16.png?e76 51w' sizes='not (}) 100vw, 1px'>\n<img srcset='/images/green-1x1.png?e77 50w, /images/green-16x16.png?e77 51"..., length=8192, encodedDataLength=8192, dataPayloadType=(anonymous namespace)::DataPayloadBytes) at ../../Source/WebCore/loader/SubresourceLoader.cpp:309
> #35 0x00007f1dbe7482aa in (anonymous namespace)::WebResourceLoader::didReceiveData (this=0x7f1da08ae6f0, data=..., encodedDataLength=8192) at ../../Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp:144
> #36 0x00007f1dbea7a0a0 in IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>, 0ul, 1ul>((anonymous namespace)::WebResourceLoader *, void ((anonymous namespace)::WebResourceLoader::*)((anonymous namespace)::WebResourceLoader * const, const IPC::DataReference &, long), <unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x31fc2>, std::index_sequence) (object=0x7f1da08ae6f0, function=(void ((anonymous namespace)::WebResourceLoader::*)((anonymous namespace)::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f1dbe7481c4 <(anonymous namespace)::WebResourceLoader::didReceiveData(IPC::DataReference const&, int64_t)>, args=<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x31fc2>) at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:16
> #37 0x00007f1dbea799c0 in IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long> >(<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x31fc2>, (anonymous namespace)::WebResourceLoader *, void ((anonymous namespace)::WebResourceLoader::*)((anonymous namespace)::WebResourceLoader * const, const IPC::DataReference &, long)) (args=<unknown type in /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x31fc2>, object=0x7f1da08ae6f0, function=(void ((anonymous namespace)::WebResourceLoader::*)((anonymous namespace)::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f1dbe7481c4 <(anonymous namespace)::WebResourceLoader::didReceiveData(IPC::DataReference const&, int64_t)>) at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:22
> #38 0x00007f1dbea793a2 in IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)> (decoder=..., object=0x7f1da08ae6f0, function=(void ((anonymous namespace)::WebResourceLoader::*)((anonymous namespace)::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f1dbe7481c4 <(anonymous namespace)::WebResourceLoader::didReceiveData(IPC::DataReference const&, int64_t)>) at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:92
> #39 0x00007f1dbea78bdd in (anonymous namespace)::WebResourceLoader::didReceiveWebResourceLoaderMessage (this=0x7f1da08ae6f0, connection=..., decoder=...) at DerivedSources/WebKit2/WebResourceLoaderMessageReceiver.cpp:58
> #40 0x00007f1dbe73b768 in (anonymous namespace)::NetworkProcessConnection::didReceiveMessage (this=0x7f1da09eb120, connection=..., decoder=...) at ../../Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp:58
> #41 0x00007f1dbe432162 in IPC::Connection::dispatchMessage (this=0x7f1da09e71c0, decoder=...) at ../../Source/WebKit2/Platform/IPC/Connection.cpp:887
> #42 0x00007f1dbe4322c6 in IPC::Connection::dispatchMessage (this=0x7f1da09e71c0, message=std::unique_ptr<IPC::MessageDecoder> containing 0x7f1da09e2cc0) at ../../Source/WebKit2/Platform/IPC/Connection.cpp:918
> #43 0x00007f1dbe4324a4 in IPC::Connection::dispatchOneMessage (this=0x7f1da09e71c0) at ../../Source/WebKit2/Platform/IPC/Connection.cpp:949
> #44 0x00007f1dbe432002 in IPC::Connection::<lambda()>::operator()(void) (__closure=0x7f1da094f108) at ../../Source/WebKit2/Platform/IPC/Connection.cpp:881
> #45 0x00007f1dbe436fd6 in WTF::Function<void()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder>)::<lambda()> >::call(void) (this=0x7f1da094f100) at ../../Source/WTF/wtf/Function.h:89
> #46 0x00007f1dbe401317 in WTF::Function<void()>::operator()(void) const (this=0x7fff894fc910) at ../../Source/WTF/wtf/Function.h:50
> #47 0x00007f1db87606ba in WTF::RunLoop::performWork (this=0x7f1da09f9180) at ../../Source/WTF/wtf/RunLoop.cpp:122
> #48 0x00007f1db879b2c2 in WTF::RunLoop::<lambda(gpointer)>::operator()(gpointer) const (__closure=0x0, userData=0x7f1da09f9180) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:66
> #49 0x00007f1db879b2e6 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:68
> #50 0x00007f1db879b262 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::operator()(GSource *, GSourceFunc, gpointer) const (__closure=0x0, source=0x2167510, callback=0x7f1db879b2c9 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>, userData=0x7f1da09f9180) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:44
> #51 0x00007f1db879b291 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
> #52 0x00007f1db19fb5f7 in g_main_dispatch () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #53 0x00007f1db19fc42e in g_main_context_dispatch () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #54 0x00007f1db19fc612 in g_main_context_iterate () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #55 0x00007f1db19fca38 in g_main_loop_run () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #56 0x00007f1db879b842 in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:94
> #57 0x00007f1dbe9e4309 in (anonymous namespace)::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fff894fcd48) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
> #58 0x00007f1dbe9e4170 in (anonymous namespace)::WebProcessMainUnix (argc=2, argv=0x7fff894fcd48) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:78
> #59 0x0000000000400c5a in main (argc=2, argv=0x7fff894fcd48) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160705/859ee9c1/attachment-0001.html>

More information about the webkit-unassigned mailing list