[Webkit-unassigned] [Bug 159148] New: [GTK] [2.12.3] NULL pointer in markFixedPositionObjectForLayoutIfNeeded

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 27 07:21:55 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=159148

            Bug ID: 159148
           Summary: [GTK] [2.12.3] NULL pointer in
                    markFixedPositionObjectForLayoutIfNeeded
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: berto at igalia.com
                CC: bugs-noreply at webkitgtk.org

This happens all the time lately. I can reproduce it easily in Facebook.

Thread 1 "WebKitWebProces" received signal SIGSEGV, Segmentation fault.
WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded (this=this at entry=0x7fdfdcd920b8, child=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1280
1280        if (o->style().position() != AbsolutePosition)
(gdb) print o
$1 = (WebCore::RenderElement *) 0x0
(gdb) bt
#0  0x00007fe05e239585 in WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded(WebCore::RenderObject&) (this=this at entry=0x7fdfdcd920b8, child=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1280
#1  0x00007fe05e240b26 in WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) (this=0x7fdfdcd920b8, r=..., relayoutChildren=<optimized out>, fixedPositionObjectsOnly=<optimized out>)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1320
#2  0x00007fe05e23ad06 in WebCore::RenderBlock::layoutPositionedObjects(bool, bool) (this=this at entry=0x7fdfdcd920b8, relayoutChildren=<optimized out>, fixedPositionObjectsOnly=fixedPositionObjectsOnly at entry=false)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1379
#3  0x00007fe05e25edfe in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fdfdcd920b8, relayoutChildren=true, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:524
#4  0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fdfdcd920b8)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#5  0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this at entry=0x7fdfdcdf3228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#6  0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this at entry=0x7fdfdcdf3228, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#7  0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fdfdcdf3228, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#8  0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fdfdcdf3228)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#9  0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this at entry=0x7fdfdcdf3170, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#10 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this at entry=0x7fdfdcdf3170, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#11 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fdfdcdf3170, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#12 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fdfdcdf3170)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#13 0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this at entry=0x7fe04ab8a398, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#14 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this at entry=0x7fe04ab8a398, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#15 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fe04ab8a398, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#16 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fe04ab8a398)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#17 0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this at entry=0x7fe04ab91480, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#18 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this at entry=0x7fe04ab91480, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#19 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fe04ab91480, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#20 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=this at entry=0x7fe04ab91480)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#21 0x00007fe05e3d6a99 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (this=0x7fe04ab91480, state=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderView.cpp:256
#22 0x00007fe05e3d6f97 in WebCore::RenderView::layout() (this=0x7fe04ab91480)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderView.cpp:381
#23 0x00007fe05e06aaa6 in WebCore::FrameView::layout(bool) (this=this at entry=0x7fe0407f0480, allowSubtree=allowSubtree at entry=true)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/page/FrameView.cpp:1406
#24 0x00007fe05e06bf0d in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7fe0407f0480)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/page/FrameView.cpp:4192
#25 0x00007fe05d8150b9 in WebKit::WebPage::layoutIfNeeded() (this=<optimized out>)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1249
#26 0x00007fe05d8e0f13 in WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) (this=this at entry=0x55a74d623bb0, updateInfo=...)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:629
#27 0x00007fe05d8e2982 in WebKit::DrawingAreaImpl::display() (this=0x55a74d623bb0)
    at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:590
#28 0x00007fe05a9c1c8a in  () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#29 0x00007fe05add005a in g_main_context_dispatch (context=0x55a74cbf1290) at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:3154
#30 0x00007fe05add005a in g_main_context_dispatch (context=context at entry=0x55a74cbf1290) at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:3769
#31 0x00007fe05add0400 in g_main_context_iterate (context=0x55a74cbf1290, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:3840
#32 0x00007fe05add0722 in g_main_loop_run (loop=0x55a74d5fc1e0) at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:4034
#33 0x00007fe05a9c2260 in WTF::RunLoop::run() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#34 0x00007fe05d8e6cf9 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7fff6cc669c8) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#35 0x00007fe05ce015f0 in __libc_start_main (main=
    0x55a74ca50870 <main(int, char**)>, argc=2, argv=0x7fff6cc669c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff6cc669b8) at libc-start.c:291
#36 0x000055a74ca508c9 in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160627/bf58f2a9/attachment-0001.html>

More information about the webkit-unassigned mailing list