[Webkit-unassigned] [Bug 155646] New: ASSERTION FAILED: areEssentiallyEqual(rendererMappedResult, result) in WebCore::RenderGeometryMap::mapToContainer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 18 09:49:47 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=155646
Bug ID: 155646
Summary: ASSERTION FAILED:
areEssentiallyEqual(rendererMappedResult, result) in
WebCore::RenderGeometryMap::mapToContainer
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rhodovan.u-szeged at partner.samsung.com
CC: achristensen at apple.com, jer.noble at apple.com,
simon.fraser at apple.com
Blocks: 116980
Created attachment 274423
--> https://bugs.webkit.org/attachment.cgi?id=274423&action=review
Test case
Load the attached test with minibrowser:
<!DOCTYPE html>
<style>
:invalid {
height: 6933px
}
:valid {
position: fixed;
}
</style>
<input size="33921569" required="true">
<input src="chrome://" autofocus="true">
<object vspace="2327064000"></object>
<pre>
<textarea></textarea>
</pre>
OS: Mac OS X 10.11.1 (x86_64), x86_64
Checked build: ASAN debug
Checked version: 5e169ea
Backtrace:
ASSERTION FAILED: areEssentiallyEqual(rendererMappedResult, result)
/Users/reni/work/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp(119) : WebCore::FloatPoint WebCore::RenderGeometryMap::mapToContainer(const WebCore::FloatPoint &, const WebCore::RenderLayerModelObject *) const
1 0x10f3250d4 WTFCrash
2 0x117bef16a WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatPoint const&, WebCore::RenderLayerModelObject const*) const
3 0x117d0f498 WebCore::RenderGeometryMap::absolutePoint(WebCore::FloatPoint const&) const
4 0x117c92434 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int)
5 0x117c93277 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int)
6 0x117c93277 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int)
7 0x117c920e7 WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, unsigned int)
8 0x114be6717 WebCore::FrameView::layout(bool)
9 0x114c08406 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive()
10 0x1076167ab WebKit::WebPage::layoutIfNeeded()
11 0x107122469 WebKit::TiledCoreAnimationDrawingArea::flushLayers()
12 0x107123b2c non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers()
13 0x116ebeade WebCore::LayerFlushScheduler::layerFlushCallback()
14 0x116ec230f WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const
15 0x116ec222d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_
16 0x116ec21cc std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()()
17 0x1131001eb std::__1::function<void ()>::operator()() const
18 0x118479273 WebCore::RunLoopObserver::runLoopObserverFired()
19 0x1184791f0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*)
20 0x7fff88849097 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
21 0x7fff88849007 __CFRunLoopDoObservers
22 0x7fff88827fe8 CFRunLoopRunSpecific
23 0x7fff86540d55 RunCurrentEventLoopInMode
24 0x7fff86540b8f ReceiveNextEventCommon
25 0x7fff865409cf _BlockUntilNextEventMatchingListInModeWithFilter
26 0x7fff97bc6d96 _DPSNextEvent
27 0x7fff97bc61c5 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
28 0x7fff97bbad28 -[NSApplication run]
29 0x7fff97b83fbe NSApplicationMain
30 0x7fff9408b4f2 _xpc_objc_main
31 0x7fff94089f1e xpc_main
ASAN:SIGSEGV
=================================================================
==43767==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010f32510c bp 0x7fff599a53b0 sp 0x7fff599a53a0 T0)
#0 0x10f32510b in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b2110b)
#1 0x117bef169 in WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatPoint const&, WebCore::RenderLayerModelObject const*) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4bce169)
#2 0x117d0f497 in WebCore::RenderGeometryMap::absolutePoint(WebCore::FloatPoint const&) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4cee497)
#3 0x117c92433 in WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c71433)
#4 0x117c93276 in WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c72276)
#5 0x117c93276 in WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c72276)
#6 0x117c920e6 in WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4c710e6)
#7 0x114be6716 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bc5716)
#8 0x114c08405 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1be7405)
#9 0x1076167aa in WebKit::WebPage::layoutIfNeeded() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13ac7aa)
#10 0x107122468 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xeb8468)
#11 0x107123b2b in non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xeb9b2b)
#12 0x116ebeadd in WebCore::LayerFlushScheduler::layerFlushCallback() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3e9dadd)
#13 0x116ec230e in WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ea130e)
#14 0x116ec222c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ea122c)
#15 0x116ec21cb in std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ea11cb)
#16 0x1131001ea in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0xdf1ea)
#17 0x118479272 in WebCore::RunLoopObserver::runLoopObserverFired() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5458272)
#18 0x1184791ef in WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54581ef)
#19 0x7fff88849096 in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa096)
#20 0x7fff88849006 in __CFRunLoopDoObservers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa006)
#21 0x7fff88827fe7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fe7)
#22 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54)
#23 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e)
#24 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce)
#25 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95)
#26 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4)
#27 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27)
#28 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd)
#29 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1)
#30 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d)
#31 0x1062591cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb)
#32 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#33 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash
==43767==ABORTING
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160318/73cf9faa/attachment-0001.html>
More information about the webkit-unassigned
mailing list