[Webkit-unassigned] [Bug 178863] New: ASSERTION FAILED: !lastQuote in WebCore::RenderTreeUpdater::GeneratedContent::updateQuotesUpTo

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 26 06:19:38 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=178863

            Bug ID: 178863
           Summary: ASSERTION FAILED: !lastQuote in
                    WebCore::RenderTreeUpdater::GeneratedContent::updateQu
                    otesUpTo
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: hodovan at inf.u-szeged.hu
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 325002

  --> https://bugs.webkit.org/attachment.cgi?id=325002&action=review

Test

Load the attached test with debug WebKitTestRunner:

<ruby>
    <rb>
        <q/>
    </rb>
    <rt/>
    <q/>
</ruby>

Checked version: 9e82982
OS: macOS Sierra (10.12.5)

Backtrace:

ASSERTION FAILED: !lastQuote
WebKit/Source/WebCore/style/RenderTreeUpdaterGeneratedContent.cpp(69) : void WebCore::RenderTreeUpdater::GeneratedContent::updateQuotesUpTo(WebCore::RenderQuote *)
1   0x136075321 WTFCrash
2   0x118ea614b WebCore::RenderTreeUpdater::GeneratedContent::updateQuotesUpTo(WebCore::RenderQuote*)
3   0x118ea7411 WebCore::RenderTreeUpdater::GeneratedContent::updatePseudoElement(WebCore::Element&, std::optional<WebCore::Style::ElementUpdate> const&, WebCore::PseudoId)
4   0x118e84461 WebCore::RenderTreeUpdater::updateBeforeDescendants(WebCore::Element&, WebCore::Style::ElementUpdates const*)
5   0x118e84226 WebCore::RenderTreeUpdater::pushParent(WebCore::Element&, WebCore::Style::ElementUpdates const*)
6   0x118e828a4 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&)
7   0x118e81261 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >)
8   0x11d5ebfeb WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
9   0x11d5eebf3 WebCore::Document::updateStyleIfNeeded()
10  0x11d621693 WebCore::Document::finishedParsing()
11  0x1174bb236 WebCore::HTMLConstructionSite::finishedParsing()
12  0x1178872c9 WebCore::HTMLTreeBuilder::finished()
13  0x117543ead WebCore::HTMLDocumentParser::end()
14  0x11753dfe9 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
15  0x11753db0a WebCore::HTMLDocumentParser::prepareToStopParsing()
16  0x11753f78d WebCore::HTMLDocumentParser::endIfDelayed()
17  0x117544db7 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution()
18  0x1175454d1 WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&)
19  0x11754559c non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&)
20  0x11d86f07c WebCore::PendingScript::notifyClientFinished()
21  0x11d86f149 WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&)
22  0x11d7c8f5a WebCore::LoadableScript::notifyClientFinished()
23  0x11d7c8ab6 WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&)
24  0x11d7c905c non-virtual thunk to WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&)
25  0x11e28eee9 WebCore::CachedResource::checkNotify()
26  0x11e2871d4 WebCore::CachedResource::error(WebCore::CachedResource::Status)
27  0x11e1be686 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&)
28  0x10a855b6a WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&)
29  0x10a8627c0 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::__1::integer_sequence<unsigned long, 0ul>)
30  0x10a8623d9 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&))
31  0x10a85f178 void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&))
ASAN:DEADLYSIGNAL
=================================================================
==84198==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000136075359 bp 0x7fff5776a610 sp 0x7fff5776a600 T0)
==84198==The signal is caused by a WRITE memory access.
==84198==WARNING: invalid path to external symbolizer!
==84198==WARNING: Failed to use and restart external symbolizer!
    #0 0x136075358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358)
    #1 0x118ea614a in WebCore::RenderTreeUpdater::GeneratedContent::updateQuotesUpTo(WebCore::RenderQuote*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b8d14a)
    #2 0x118ea7410 in WebCore::RenderTreeUpdater::GeneratedContent::updatePseudoElement(WebCore::Element&, std::optional<WebCore::Style::ElementUpdate> const&, WebCore::PseudoId) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b8e410)
    #3 0x118e84460 in WebCore::RenderTreeUpdater::updateBeforeDescendants(WebCore::Element&, WebCore::Style::ElementUpdates const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6b460)
    #4 0x118e84225 in WebCore::RenderTreeUpdater::pushParent(WebCore::Element&, WebCore::Style::ElementUpdates const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6b225)
    #5 0x118e828a3 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b698a3)
    #6 0x118e81260 in WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b68260)
    #7 0x11d5ebfea in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d2fea)
    #8 0x11d5eebf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2)
    #9 0x11d621692 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7308692)
    #10 0x1174bb235 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x11a2235)
    #11 0x1178872c8 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x156e2c8)
    #12 0x117543eac in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122aeac)
    #13 0x11753dfe8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224fe8)
    #14 0x11753db09 in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224b09)
    #15 0x11753f78c in WebCore::HTMLDocumentParser::endIfDelayed() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122678c)
    #16 0x117544db6 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122bdb6)
    #17 0x1175454d0 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122c4d0)
    #18 0x11754559b in non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122c59b)
    #19 0x11d86f07b in WebCore::PendingScript::notifyClientFinished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x755607b)
    #20 0x11d86f148 in WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7556148)
    #21 0x11d7c8f59 in WebCore::LoadableScript::notifyClientFinished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74aff59)
    #22 0x11d7c8ab5 in WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74afab5)
    #23 0x11d7c905b in non-virtual thunk to WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74b005b)
    #24 0x11e28eee8 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f75ee8)
    #25 0x11e2871d3 in WebCore::CachedResource::error(WebCore::CachedResource::Status) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6e1d3)
    #26 0x11e1be685 in WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea5685)
    #27 0x10a855b69 in WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a7b69)
    #28 0x10a8627bf in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b47bf)
    #29 0x10a8623d8 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b43d8)
    #30 0x10a85f177 in void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b1177)
    #31 0x10a85cd1d in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23aed1d)
    #32 0x108e55571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571)
    #33 0x1087d088a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a)
    #34 0x1087b4198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198)
    #35 0x1087d15b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7)
    #36 0x1088104bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc)
    #37 0x1088103e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8)
    #38 0x13610f7e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2)
    #39 0x136166cec in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefcec)
    #40 0x136167d78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78)
    #41 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320)
    #42 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c)
    #43 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715)
    #44 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
    #45 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
    #46 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
    #47 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
    #48 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
    #49 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
    #50 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
    #51 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
    #52 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
    #53 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
    #54 0x10848ddc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0)
    #55 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)

==84198==Register values:
rax = 0x00000000bbadbeef  rbx = 0x00007fff5776a6c0  rcx = 0x00000000bbadbeef  rdx = 0x0000000000000000  
rdi = 0x00001fffeaeed478  rsi = 0x0000000000000000  rbp = 0x00007fff5776a610  rsp = 0x00007fff5776a600  
 r8 = 0x0000000000000118   r9 = 0x0000200000000000  r10 = 0x0000000000000000  r11 = 0xffffffffffffffff  
r12 = 0x00007fff5776a900  r13 = 0x00007fff5776a920  r14 = 0x00007fff5776a6a0  r15 = 0x00001c040002b5ea  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash
==84198==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 84198)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171026/43962bbf/attachment-0001.html>

More information about the webkit-unassigned mailing list