[Webkit-unassigned] [Bug 187421] New: ASSERTION FAILED: length.isCalculated() under WebCore::valueForImageSliceSide

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 6 16:06:17 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=187421

            Bug ID: 187421
           Summary: ASSERTION FAILED: length.isCalculated() under
                    WebCore::valueForImageSliceSide
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ryanhaddad at apple.com

Created attachment 344476

  --> https://bugs.webkit.org/attachment.cgi?id=344476&action=review

Crash log

The following was seen in the "Other Crashes" section of https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r233586%20(4002)/results.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore            0x000000019779d150 WTFCrash + 16 (Assertions.cpp:267)
1   com.apple.WebCore                   0x0000000189b1d1da WebCore::valueForImageSliceSide(WebCore::Length const&) + 218 (CSSComputedStyleDeclaration.cpp:502)
2   com.apple.WebCore                   0x0000000189b0baf2 WebCore::valueForNinePieceImageSlice(WebCore::NinePieceImage const&) + 66 (CSSComputedStyleDeclaration.cpp:510)
3   com.apple.WebCore                   0x0000000189aff6a2 WebCore::ComputedStyleExtractor::valueForPropertyinStyle(WebCore::RenderStyle const&, WebCore::CSSPropertyID, WebCore::RenderElement*) + 33778 (CSSComputedStyleDeclaration.cpp:3662)
4   com.apple.WebCore                   0x0000000189af5dd0 WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) + 992 (CSSComputedStyleDeclaration.cpp:2707)
5   com.apple.WebCore                   0x0000000189af59d5 WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const + 117 (CSSComputedStyleDeclaration.cpp:2415)
6   com.apple.WebCore                   0x0000000189b0fe9a WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal(WebCore::CSSPropertyID) + 58 (CSSComputedStyleDeclaration.cpp:4295)
7   com.apple.WebCore                   0x0000000189bb1c52 WebCore::CSSStyleDeclaration::namedItem(WTF::AtomicString const&) + 114 (CSSStyleDeclaration.cpp:264)
8   com.apple.WebCore                   0x00000001883da508 std::optional<WTF::Variant<WTF::String, double> > WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0::operator()<WebCore::JSCSSStyleDeclaration, JSC::PropertyName>(WebCore::JSCSSStyleDeclaration&, JSC::PropertyName) const + 88 (JSCSSStyleDeclaration.cpp:196)
9   com.apple.WebCore                   0x00000001883cd8c3 decltype(fp2(fp0fp1)) WebCore::accessVisibleNamedProperty<(WebCore::OverrideBuiltins)0, WebCore::JSCSSStyleDeclaration, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&>(JSC::ExecState&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&&&) + 115 (JSDOMAbstractOperations.h:97)
10  com.apple.WebCore                   0x00000001883cc8ee WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 670 (JSCSSStyleDeclaration.cpp:201)
11  com.apple.JavaScriptCore            0x00000001978beea2 JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 690 (JSObjectInlines.h:150)
12  com.apple.JavaScriptCore            0x00000001978be356 bool JSC::JSObject::getPropertySlot<false>(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 246 (JSObject.h:1422)
13  com.apple.JavaScriptCore            0x0000000198105032 JSC::JSValue::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 594 (JSCJSValueInlines.h:866)
14  com.apple.JavaScriptCore            0x00000001980ecb42 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 162 (JSCJSValueInlines.h:820)
15  com.apple.JavaScriptCore            0x00000001980e414d JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName) const + 93 (JSCJSValueInlines.h:814)
16  com.apple.JavaScriptCore            0x00000001987cb9f6 JSC::LLInt::getByVal(JSC::VM&, JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::JSValue) + 1430 (LLIntSlowPaths.cpp:942)
17  com.apple.JavaScriptCore            0x00000001987cb325 llint_slow_path_get_by_val + 325 (LLIntSlowPaths.cpp:948)
18  com.apple.JavaScriptCore            0x000000019788c772 llint_entry + 16529

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180706/26fe9032/attachment-0001.html>

More information about the webkit-unassigned mailing list