[Webkit-unassigned] [Bug 196035] New: [iOS] Crash in WebCore::Node::renderRect

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 20 14:58:26 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=196035

            Bug ID: 196035
           Summary: [iOS] Crash in WebCore::Node::renderRect
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: UI Events
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dino at apple.com

Since https://trac.webkit.org/changeset/242757/webkit

fast/images/imagemap-in-shadow-tree.html
http/tests/download/area-download.html


ASSERTION FAILED: hitRenderer
./dom/Node.cpp(798) : WebCore::LayoutRect WebCore::Node::renderRect(bool *)
1   0x2c641f649 WTFCrash
2   0x2ca4eda7b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x2cc6f207e WebCore::Node::renderRect(bool*)
4   0x105ac91b9 WebKit::ViewGestureGeometryCollector::computeZoomInformationForNode(WebCore::Node&, WebCore::FloatPoint&, WebCore::FloatRect&, bool&, double&, double&)
5   0x1057acf6b WebKit::WebPage::potentialTapAtPosition(unsigned long long, WebCore::FloatPoint const&, bool)
6   0x105c10e37 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long, WebCore::FloatPoint const&, bool), std::__1::tuple<unsigned long long, WebCore::FloatPoint, bool>, 0ul, 1ul, 2ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long, WebCore::FloatPoint const&, bool), std::__1::tuple<unsigned long long, WebCore::FloatPoint, bool>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul>)
7   0x105c10d10 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long, WebCore::FloatPoint const&, bool), std::__1::tuple<unsigned long long, WebCore::FloatPoint, bool>, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul> >(std::__1::tuple<unsigned long long, WebCore::FloatPoint, bool>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long, WebCore::FloatPoint const&, bool))
8   0x105bf26d6 void IPC::handleMessage<Messages::WebPage::PotentialTapAtPosition, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long, WebCore::FloatPoint const&, bool)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long, WebCore::FloatPoint const&, bool))
9   0x105be8512 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)
10  0x105b918ae WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
11  0x104b1cf6a IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
12  0x1057f3afd WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
13  0x104ad029c IPC::Connection::dispatchMessage(IPC::Decoder&)
14  0x104ac2881 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
15  0x104ad1067 IPC::Connection::dispatchOneIncomingMessage()
16  0x104af1cf8 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()()
17  0x104af1c09 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call()
18  0x2c6449add WTF::Function<void ()>::operator()() const
19  0x2c64a9233 WTF::RunLoop::performWork()
20  0x2c64a9bc4 WTF::RunLoop::performWork(void*)
21  0x2c0b9a721 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
22  0x2c0b99f93 __CFRunLoopDoSources0
23  0x2c0b9463f __CFRunLoopRun
24  0x2c0b93e11 CFRunLoopRunSpecific
25  0x104508322 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
26  0x104508492 -[NSRunLoop(NSRunLoop) run]
27  0x2c22f7812 _xpc_objc_main
28  0x2c22f9cbd xpc_main
29  0x104f6d427 WebKit::XPCServiceMain(int, char const**)
30  0x104e83a6b WKXPCServiceMain
31  0x10444da8e main
LEAK: 1 WebPageProxy


-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190320/ae3ddff3/attachment.html>

More information about the webkit-unassigned mailing list