[Webkit-unassigned] [Bug 169752] New: ASSERTION FAILED: !object || !isRuby(object->parent()) || is<RenderRubyRun>(*object) || (object->isInline() && (object->isBeforeContent() || object->isAfterContent())) || ... in WebCore::isAnonymousRubyInlineBlock
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 16 07:59:53 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=169752
Bug ID: 169752
Summary: ASSERTION FAILED: !object || !isRuby(object->parent())
|| is<RenderRubyRun>(*object) || (object->isInline()
&& (object->isBeforeContent() ||
object->isAfterContent())) || ... in
WebCore::isAnonymousRubyInlineBlock
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
Created attachment 304639
--> https://bugs.webkit.org/attachment.cgi?id=304639&action=review
Test
Load the attached test with debug WebKitTestRunner:
Checked version: c9b0459
OS: macOS Sierra (10.12.3)
<style>
* {
-webkit-column-width: 5em;
-webkit-appearance: square-button
}
</style>
<ruby>
<audio controls></audio>
</ruby>
Backtrace:
ASSERTION FAILED: !object || !isRuby(object->parent()) || is<RenderRubyRun>(*object) || (object->isInline() && (object->isBeforeContent() || object->isAfterContent())) || (object->isAnonymous() && is<RenderBlock>(*object) && object->style().display() == INLINE_BLOCK)
WebKit/Source/WebCore/rendering/RenderRuby.cpp(51) : bool WebCore::isAnonymousRubyInlineBlock(const WebCore::RenderObject *)
1 0x127f97521 WTFCrash
2 0x10f63656d WebCore::isAnonymousRubyInlineBlock(WebCore::RenderObject const*)
3 0x10f637225 WebCore::isRubyBeforeBlock(WebCore::RenderObject const*)
4 0x10f635fa2 WebCore::rubyBeforeBlock(WebCore::RenderElement const*)
5 0x10f6362a5 WebCore::lastRubyRun(WebCore::RenderElement const*)
6 0x10f636f2d WebCore::RenderRubyAsBlock::addChild(WebCore::RenderObject*, WebCore::RenderObject*)
7 0x10f94a843 WebCore::RenderTreePosition::insert(WebCore::RenderObject&)
8 0x10f948f69 WebCore::RenderTreeUpdater::createRenderer(WebCore::Element&, WebCore::RenderStyle&&)
9 0x10f946620 WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate const&)
10 0x10f945b93 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&)
11 0x10f9449bf WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >)
12 0x10a9ca541 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
13 0x10a9af6bb WebCore::Document::updateStyleIfNeeded()
14 0x10a9fbb7d WebCore::Document::finishedParsing()
15 0x10b7b8c06 WebCore::HTMLConstructionSite::finishedParsing()
16 0x10bad9d28 WebCore::HTMLTreeBuilder::finished()
17 0x10b8339ac WebCore::HTMLDocumentParser::end()
18 0x10b82e137 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
19 0x10b82dcee WebCore::HTMLDocumentParser::prepareToStopParsing()
20 0x10b833acc WebCore::HTMLDocumentParser::attemptToEnd()
21 0x10b833c08 WebCore::HTMLDocumentParser::finish()
22 0x10abc9d00 WebCore::DocumentWriter::end()
23 0x10ab10777 WebCore::DocumentLoader::finishedLoading()
24 0x10ab10173 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&)
25 0x109e34274 WebCore::CachedResource::checkNotify()
26 0x109e34904 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
27 0x109e26199 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
28 0x1103ad4ca WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&)
29 0x105c4cac6 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)
30 0x105c5c98a void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>)
31 0x105c5c595 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&))
ASAN:DEADLYSIGNAL
=================================================================
==42167==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000127f97559 bp 0x7fff5e7a3940 sp 0x7fff5e7a3930 T0)
#0 0x127f97558 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x36db558)
#1 0x10f63656c in WebCore::isAnonymousRubyInlineBlock(WebCore::RenderObject const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1a56c)
#2 0x10f637224 in WebCore::isRubyBeforeBlock(WebCore::RenderObject const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1b224)
#3 0x10f635fa1 in WebCore::rubyBeforeBlock(WebCore::RenderElement const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e19fa1)
#4 0x10f6362a4 in WebCore::lastRubyRun(WebCore::RenderElement const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1a2a4)
#5 0x10f636f2c in WebCore::RenderRubyAsBlock::addChild(WebCore::RenderObject*, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1af2c)
#6 0x10f94a842 in WebCore::RenderTreePosition::insert(WebCore::RenderObject&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x612e842)
#7 0x10f948f68 in WebCore::RenderTreeUpdater::createRenderer(WebCore::Element&, WebCore::RenderStyle&&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x612cf68)
#8 0x10f94661f in WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x612a61f)
#9 0x10f945b92 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6129b92)
#10 0x10f9449be in WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61289be)
#11 0x10a9ca540 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11ae540)
#12 0x10a9af6ba in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11936ba)
#13 0x10a9fbb7c in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11dfb7c)
#14 0x10b7b8c05 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1f9cc05)
#15 0x10bad9d27 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x22bdd27)
#16 0x10b8339ab in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x20179ab)
#17 0x10b82e136 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2012136)
#18 0x10b82dced in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2011ced)
#19 0x10b833acb in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2017acb)
#20 0x10b833c07 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2017c07)
#21 0x10abc9cff in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13adcff)
#22 0x10ab10776 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12f4776)
#23 0x10ab10172 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12f4172)
#24 0x109e34273 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x618273)
#25 0x109e34903 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x618903)
#26 0x109e26198 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60a198)
#27 0x1103ad4c9 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6b914c9)
#28 0x105c4cac5 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f14ac5)
#29 0x105c5c989 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f24989)
#30 0x105c5c594 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f24594)
#31 0x105c59648 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f21648)
#32 0x105c577fa in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f1f7fa)
#33 0x104650040 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x918040)
#34 0x103f5356a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x21b56a)
#35 0x103f37b94 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ffb94)
#36 0x103f54255 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x21c255)
#37 0x103f94eac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x25ceac)
#38 0x103f94dd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x25cdd8)
#39 0x12801b470 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x375f470)
#40 0x12806a1a0 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x37ae1a0)
#41 0x12806b1d1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x37af1d1)
#42 0x7fff79d43980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980)
#43 0x7fff79d24a7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c)
#44 0x7fff79d23f75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75)
#45 0x7fff79d23973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973)
#46 0x7fff792afa5b in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30a5b)
#47 0x7fff792af890 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30890)
#48 0x7fff792af6c5 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x306c5)
#49 0x7fff778555b3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x475b3)
#50 0x7fff77fcfd6a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c1d6a)
#51 0x7fff77849f34 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3bf34)
#52 0x7fff7781484f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x684f)
#53 0x7fff8f4df8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6)
#54 0x7fff8f4de2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3)
#55 0x101454fb2 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001fb2)
#56 0x7fff8f27b254 in start (/usr/lib/system/libdyld.dylib+0x5254)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x36db558) in WTFCrash
==42167==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 42167)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170316/7550208c/attachment-0001.html>
More information about the webkit-unassigned
mailing list