[Webkit-unassigned] [Bug 166822] New: Should never be reached failure in WebCore::StyleBuilderConverter::convertLength
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 8 12:21:17 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=166822
Bug ID: 166822
Summary: Should never be reached failure in
WebCore::StyleBuilderConverter::convertLength
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
Created attachment 298313
--> https://bugs.webkit.org/attachment.cgi?id=298313&action=review
Test
Load the attached test with debug WebKitTestRunner:
Checked version: 2ffa02c
OS: Darwin-16.3.0-x86_64-i386-64bit
<a><style>_, * {
stroke-width: calc( 0 * -2415241 ) ;
{}
</style></a>
Backtrace:
SHOULD NEVER BE REACHED
WebKit/Source/WebCore/css/StyleBuilderConverter.h(193) : static WebCore::Length WebCore::StyleBuilderConverter::convertLength(WebCore::StyleResolver &, const WebCore::CSSValue &)
1 0x11aa5c571 WTFCrash
2 0x1200ef515 WebCore::StyleBuilderConverter::convertLength(WebCore::StyleResolver&, WebCore::CSSValue const&)
3 0x12573cab2 WebCore::StyleBuilderFunctions::applyValueStrokeWidth(WebCore::StyleResolver&, WebCore::CSSValue&)
4 0x12570112e WebCore::StyleBuilder::applyProperty(WebCore::CSSPropertyID, WebCore::StyleResolver&, WebCore::CSSValue&, bool, bool)
5 0x12583e164 WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*, WebCore::SelectorChecker::LinkMatchMask, WebCore::StyleResolver::MatchResult const*)
6 0x125846b59 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&, WebCore::StyleResolver::MatchResult const*)
7 0x125831307 WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int, WebCore::StyleResolver::MatchResult const*)
8 0x12582e01a WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const&, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache)
9 0x125828061 WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*, WebCore::SelectorFilter const*)
10 0x1258cee82 WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&)
11 0x1258cfd52 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&)
12 0x1258d5ceb WebCore::Style::TreeResolver::resolveComposedTree()
13 0x1258d78ba WebCore::Style::TreeResolver::resolve(WebCore::Style::Change)
14 0x1203708a8 WebCore::Document::recalcStyle(WebCore::Style::Change)
15 0x1203563ab WebCore::Document::updateStyleIfNeeded()
16 0x1203a2233 WebCore::Document::finishedParsing()
17 0x1210a5806 WebCore::HTMLConstructionSite::finishedParsing()
18 0x1213b6338 WebCore::HTMLTreeBuilder::finished()
19 0x12111f5bc WebCore::HTMLDocumentParser::end()
20 0x121119ee7 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
21 0x121119a9e WebCore::HTMLDocumentParser::prepareToStopParsing()
22 0x12111f6dc WebCore::HTMLDocumentParser::attemptToEnd()
23 0x12111f814 WebCore::HTMLDocumentParser::finish()
24 0x120573e20 WebCore::DocumentWriter::end()
25 0x1204bb057 WebCore::DocumentLoader::finishedLoading(double)
26 0x1204bab2b WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&)
27 0x11f827a04 WebCore::CachedResource::checkNotify()
28 0x11f828094 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
29 0x11f819ff5 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
30 0x125909b0f WebCore::SubresourceLoader::didFinishLoading(double)
31 0x112d8650a WebKit::WebResourceLoader::didFinishResourceLoad(double)
ASAN:DEADLYSIGNAL
=================================================================
==31194==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011aa5c5a9 bp 0x7fff50663c30 sp 0x7fff50663c20 T0)
#0 0x11aa5c5a8 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x32cc5a8)
#1 0x1200ef514 in WebCore::StyleBuilderConverter::convertLength(WebCore::StyleResolver&, WebCore::CSSValue const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0xefa514)
#2 0x12573cab1 in WebCore::StyleBuilderFunctions::applyValueStrokeWidth(WebCore::StyleResolver&, WebCore::CSSValue&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6547ab1)
#3 0x12570112d in WebCore::StyleBuilder::applyProperty(WebCore::CSSPropertyID, WebCore::StyleResolver&, WebCore::CSSValue&, bool, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x650c12d)
#4 0x12583e163 in WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*, WebCore::SelectorChecker::LinkMatchMask, WebCore::StyleResolver::MatchResult const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6649163)
#5 0x125846b58 in WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&, WebCore::StyleResolver::MatchResult const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6651b58)
#6 0x125831306 in WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int, WebCore::StyleResolver::MatchResult const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x663c306)
#7 0x12582e019 in WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const&, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6639019)
#8 0x125828060 in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*, WebCore::SelectorFilter const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6633060)
#9 0x1258cee81 in WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x66d9e81)
#10 0x1258cfd51 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x66dad51)
#11 0x1258d5cea in WebCore::Style::TreeResolver::resolveComposedTree() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x66e0cea)
#12 0x1258d78b9 in WebCore::Style::TreeResolver::resolve(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x66e28b9)
#13 0x1203708a7 in WebCore::Document::recalcStyle(WebCore::Style::Change) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x117b8a7)
#14 0x1203563aa in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11613aa)
#15 0x1203a2232 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11ad232)
#16 0x1210a5805 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eb0805)
#17 0x1213b6337 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x21c1337)
#18 0x12111f5bb in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f2a5bb)
#19 0x121119ee6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f24ee6)
#20 0x121119a9d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f24a9d)
#21 0x12111f6db in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f2a6db)
#22 0x12111f813 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f2a813)
#23 0x120573e1f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x137ee1f)
#24 0x1204bb056 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12c6056)
#25 0x1204bab2a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12c5b2a)
#26 0x11f827a03 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x632a03)
#27 0x11f828093 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x633093)
#28 0x11f819ff4 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x624ff4)
#29 0x125909b0e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6714b0e)
#30 0x112d86509 in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d69509)
#31 0x112d95c5e in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d78c5e)
#32 0x112d95904 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d78904)
#33 0x112d92e20 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d75e20)
#34 0x112d911e0 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d741e0)
#35 0x1118c6cc9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x8a9cc9)
#36 0x1112063ba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e93ba)
#37 0x1111ea9f4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1cd9f4)
#38 0x1112070a5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ea0a5)
#39 0x111247d4c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x22ad4c)
#40 0x111247c78 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x22ac78)
#41 0x11aad7fe0 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3347fe0)
#42 0x11ab1c580 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x338c580)
#43 0x11ab1d5c1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x338d5c1)
#44 0x7fffb8faa980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980)
#45 0x7fffb8f8ba7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c)
#46 0x7fffb8f8af75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75)
#47 0x7fffb8f8a973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973)
#48 0x7fffb8516acb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30acb)
#49 0x7fffb8516900 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30900)
#50 0x7fffb8516735 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30735)
#51 0x7fffb6abcae3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x46ae3)
#52 0x7fffb723721e in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c121e)
#53 0x7fffb6ab1464 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3b464)
#54 0x7fffb6a7bd7f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x5d7f)
#55 0x7fffce7478c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6)
#56 0x7fffce7462e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3)
#57 0x10f5890a3 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000020a3)
#58 0x7fffce4e3254 in start (/usr/lib/system/libdyld.dylib+0x5254)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x32cc5a8) in WTFCrash
==31194==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 31194)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170108/806c8ca2/attachment-0001.html>
More information about the webkit-unassigned
mailing list