[Webkit-unassigned] [Bug 155653] New: ASSERTION FAILED: !needsLayout() in WebCore::RenderRubyRun::getOverhang

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 18 11:03:02 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=155653

            Bug ID: 155653
           Summary: ASSERTION FAILED: !needsLayout() in
                    WebCore::RenderRubyRun::getOverhang
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: mmaxfield at apple.com, simon.fraser at apple.com
            Blocks: 116980

Created attachment 274432
  --> https://bugs.webkit.org/attachment.cgi?id=274432&action=review
Test case

Load the attached test with minibrowser:

<!DOCTYPE html>
<style>
    * {
        min-height: 16006%;
    }
</style>
<ruby>
    <select autofocus>
        <script src="modem:foo.bar"></script>
    </select>
    <rt></rt>
</select>


OS: Mac OS X 10.11.1 (x86_64), x86_64
Checked build: ASAN debug
Checked version: 5e169ea


Backtrace:

ASSERTION FAILED: !needsLayout()
/Users/reni/work/WebKit/Source/WebCore/rendering/RenderRubyRun.cpp(314) : void WebCore::RenderRubyRun::getOverhang(bool, WebCore::RenderObject *, WebCore::RenderObject *, float &, float &) const
1   0x111cb80d4 WTFCrash
2   0x11a8f2abe WebCore::RenderRubyRun::getOverhang(bool, WebCore::RenderObject*, WebCore::RenderObject*, float&, float&) const
3   0x1198f5e22 WebCore::LineWidth::applyOverhang(WebCore::RenderRubyRun*, WebCore::RenderObject*, WebCore::RenderObject*)
4   0x1198a6111 WebCore::BreakingContext::handleReplaced()
5   0x11989e1a3 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&)
6   0x11a338544 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int)
7   0x11a335162 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool)
8   0x11a340d74 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
9   0x11a2b9725 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
10  0x11a2b639c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
11  0x11a20cbd8 WebCore::RenderBlock::layout()
12  0x11a2c1793 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
13  0x11a2b9eff WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
14  0x11a2b6415 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
15  0x11a20cbd8 WebCore::RenderBlock::layout()
16  0x11a2c1793 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17  0x11a2b9eff WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
18  0x11a2b6415 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
19  0x11a20cbd8 WebCore::RenderBlock::layout()
20  0x11ac115a6 WebCore::RenderView::layoutContent(WebCore::LayoutState const&)
21  0x11ac13669 WebCore::RenderView::layout()
22  0x11757a1f9 WebCore::FrameView::layout(bool)
23  0x116ac46b6 WebCore::Document::implicitClose()
24  0x1174e3669 WebCore::FrameLoader::checkCallImplicitClose()
25  0x1174e314c WebCore::FrameLoader::checkCompleted()
26  0x1174e3265 WebCore::FrameLoader::loadDone()
27  0x116000826 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool)
28  0x11b68a6aa WebCore::SubresourceLoader::notifyDone()
29  0x11b68ae39 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&)
30  0x10a70a404 WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&)
31  0x10a71edae void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::index_sequence<0ul>)
ASAN:SIGSEGV
=================================================================
==59437==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000111cb810c bp 0x7fff570193d0 sp 0x7fff570193c0 T0)
    #0 0x111cb810b in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b2110b)
    #1 0x11a8f2abd in WebCore::RenderRubyRun::getOverhang(bool, WebCore::RenderObject*, WebCore::RenderObject*, float&, float&) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4f3dabd)
    #2 0x1198f5e21 in WebCore::LineWidth::applyOverhang(WebCore::RenderRubyRun*, WebCore::RenderObject*, WebCore::RenderObject*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3f40e21)
    #3 0x1198a6110 in WebCore::BreakingContext::handleReplaced() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ef1110)
    #4 0x11989e1a2 in WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x3ee91a2)
    #5 0x11a338543 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4983543)
    #6 0x11a335161 in WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4980161)
    #7 0x11a340d73 in WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x498bd73)
    #8 0x11a2b9724 in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4904724)
    #9 0x11a2b639b in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x490139b)
    #10 0x11a20cbd7 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4857bd7)
    #11 0x11a2c1792 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x490c792)
    #12 0x11a2b9efe in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4904efe)
    #13 0x11a2b6414 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4901414)
    #14 0x11a20cbd7 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4857bd7)
    #15 0x11a2c1792 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x490c792)
    #16 0x11a2b9efe in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4904efe)
    #17 0x11a2b6414 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4901414)
    #18 0x11a20cbd7 in WebCore::RenderBlock::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4857bd7)
    #19 0x11ac115a5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x525c5a5)
    #20 0x11ac13668 in WebCore::RenderView::layout() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x525e668)
    #21 0x11757a1f8 in WebCore::FrameView::layout(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bc51f8)
    #22 0x116ac46b5 in WebCore::Document::implicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x110f6b5)
    #23 0x1174e3668 in WebCore::FrameLoader::checkCallImplicitClose() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e668)
    #24 0x1174e314b in WebCore::FrameLoader::checkCompleted() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e14b)
    #25 0x1174e3264 in WebCore::FrameLoader::loadDone() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e264)
    #26 0x116000825 in WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x64b825)
    #27 0x11b68a6a9 in WebCore::SubresourceLoader::notifyDone() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cd56a9)
    #28 0x11b68ae38 in WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cd5e38)
    #29 0x10a70a403 in WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b13403)
    #30 0x10a71edad in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::index_sequence<0ul>) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b27dad)
    #31 0x10a71e991 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::make_index_sequence<1ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b27991)
    #32 0x10a71aa89 in void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b23a89)
    #33 0x10a717b9e in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b20b9e)
    #34 0x10948d4f2 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x8964f2)
    #35 0x108dcafa0 in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d3fa0)
    #36 0x108db2501 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1bb501)
    #37 0x108dcbd90 in IPC::Connection::dispatchOneMessage() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d4d90)
    #38 0x108dfb4dc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2044dc)
    #39 0x108dfb4ac in void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2044ac)
    #40 0x108dfb2cb in std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2042cb)
    #41 0x110af09fa in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x19599fa)
    #42 0x111d928dd in WTF::RunLoop::performWork() (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bfb8dd)
    #43 0x111d93849 in WTF::RunLoop::performWork(void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bfc849)
    #44 0x7fff888498b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
    #45 0x7fff888290ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
    #46 0x7fff888285ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
    #47 0x7fff88827fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
    #48 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54)
    #49 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e)
    #50 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce)
    #51 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95)
    #52 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4)
    #53 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27)
    #54 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd)
    #55 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1)
    #56 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d)
    #57 0x108bdb1cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb)
    #58 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
    #59 0x0  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash
==59437==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 59437)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160318/188c9ea8/attachment-0001.html>


More information about the webkit-unassigned mailing list