[Webkit-unassigned] [Bug 237251] New: areEssentiallyEqual(rendererMappedResult, result) in WebCore::FloatPoint WebCore::RenderGeometryMap::mapToContainer

Sun Feb 27 06:14:27 PST 2022

https://bugs.webkit.org/show_bug.cgi?id=237251

            Bug ID: 237251
           Summary: areEssentiallyEqual(rendererMappedResult, result) in
                    WebCore::FloatPoint
                    WebCore::RenderGeometryMap::mapToContainer
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: zzzssspro0202 at gmail.com

Created attachment 453338

  --> https://bugs.webkit.org/attachment.cgi?id=453338&action=review

the html to open

build a debug webkit and open the html

ASSERTION FAILED: areEssentiallyEqual(rendererMappedResult, result)
../../Source/WebCore/rendering/RenderGeometryMap.cpp(113) : WebCore::FloatPoint WebCore::RenderGeometryMap::mapToContainer(const WebCore::FloatPoint&, const WebCore::RenderLayerModelObject*) const
1   0x7f1b0b404964 WTFReportBacktrace
2   0x7f1b0b404c01 WTFCrash
3   0x7f1b24efbba1 WTF::CrashOnOverflow::overflowed()
4   0x7f1b2e8cf078 WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatPoint const&, WebCore::RenderLayerModelObject const*) const
5   0x7f1b2e9f7778 WebCore::RenderGeometryMap::absolutePoint(WebCore::FloatPoint const&) const
6   0x7f1b2e940dc1 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
7   0x7f1b2e941f90 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
8   0x7f1b2e941f90 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
9   0x7f1b2e941f90 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
10  0x7f1b2e941f90 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
11  0x7f1b2e941f90 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
12  0x7f1b2e940a6d WebCore::RenderLayer::updateLayerPositionsAfterLayout(bool, bool)
13  0x7f1b2d6d01b7 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::EmptyCounter>)
14  0x7f1b2d704e21 WebCore::FrameViewLayoutContext::layout()
15  0x7f1b2d706458 WebCore::FrameViewLayoutContext::layoutTimerFired()
16  0x7f1b2d7667d8 void std::__invoke_impl<void, void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&>(std::__invoke_memfun_deref, void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&)
17  0x7f1b2d7664ab std::__invoke_result<void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&>::type std::__invoke<void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&>(void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&)
18  0x7f1b2d764d0d void std::_Bind<void (WebCore::FrameViewLayoutContext::*(WebCore::FrameViewLayoutContext*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
19  0x7f1b2d763944 void std::_Bind<void (WebCore::FrameViewLayoutContext::*(WebCore::FrameViewLayoutContext*))()>::operator()<, void>()
20  0x7f1b2d76250c WTF::Detail::CallableWrapper<std::_Bind<void (WebCore::FrameViewLayoutContext::*(WebCore::FrameViewLayoutContext*))()>, void>::call()
21  0x7f1b24ff4e95 WTF::Function<void ()>::operator()() const
22  0x7f1b25f9a01e WebCore::Timer::fired()
23  0x7f1b2db980d4 WebCore::ThreadTimers::sharedTimerFiredInternal()
24  0x7f1b2db96fdd /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x1d2fdfdd) [0x7f1b2db96fdd]
25  0x7f1b2db9d800 /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x1d304800) [0x7f1b2db9d800]
26  0x7f1b24ff4e95 WTF::Function<void ()>::operator()() const
27  0x7f1b2db01457 WebCore::MainThreadSharedTimer::fired()
28  0x7f1b2db1bef6 void std::__invoke_impl<void, void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>(std::__invoke_memfun_deref, void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&)
29  0x7f1b2db1bd73 std::__invoke_result<void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>::type std::__invoke<void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>(void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&)
30  0x7f1b2db1bc9f void std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
31  0x7f1b2db1bb72 void std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>::operator()<, void>()

** (MiniBrowser:635242): WARNING **: 14:33:01.854: WebProcess CRASHED
Terminated

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220227/69f109d8/attachment.htm>