[Webkit-unassigned] [Bug 235574] New: ASSERTION FAILED: outer.contains(inner) ../../Source/WebCore/rendering/style/NinePieceImage.cpp(129)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 25 04:25:52 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=235574

            Bug ID: 235574
           Summary: ASSERTION FAILED: outer.contains(inner)
                    ../../Source/WebCore/rendering/style/NinePieceImage.cp
                    p(129)
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: alset0326 at gmail.com

Created attachment 449915

  --> https://bugs.webkit.org/attachment.cgi?id=449915&action=review

the html trigger crash

1. build a debug webkit
2. open html
3. crash


ASSERTION FAILED: outer.contains(inner)
../../Source/WebCore/rendering/style/NinePieceImage.cpp(129) : static WTF::Vector<WebCore::FloatRect> WebCore::NinePieceImage::computeNineRects(const WebCore::FloatRect&, const LayoutB
oxExtent&, float)
1   0x7fac915b0964 WTFReportBacktrace
2   0x7fac915b0c01 WTFCrash
3   0x7facab0a7ba1 WTF::CrashOnOverflow::overflowed()
4   0x7facb4f34707 WebCore::NinePieceImage::computeNineRects(WebCore::FloatRect const&, WebCore::RectEdges<WebCore::LayoutUnit> const&, float)
5   0x7facb4f379a7 WebCore::NinePieceImage::paint(WebCore::GraphicsContext&, WebCore::RenderElement*, WebCore::RenderStyle const&, WebCore::LayoutRect const&, WebCore::LayoutSize const
&, float, WebCore::CompositeOperator) const
6   0x7facb494f122 WebCore::RenderBoxModelObject::paintNinePieceImage(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::NinePieceImage const&
, WebCore::CompositeOperator)
7   0x7facb49562d6 WebCore::RenderBoxModelObject::paintBorder(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::BackgroundBleedAvoidance, boo
l, bool)
8   0x7facb48fb042 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
9   0x7facb47e921d WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
10  0x7facb47e7563 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
11  0x7facb4b1099c WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsCont
ext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*)
12  0x7facb4b0b541 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFl
ag>)
13  0x7facb4b06b08 WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer:
:PaintLayerFlag>)
14  0x7facb4b06517 WebCore::RenderLayer::paintLayerWithEffects(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLaye
rFlag>)
15  0x7facb4b056f0 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>)
16  0x7facb4b0d7a4 WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::R
enderLayer::PaintLayerFlag>)
17  0x7facb4b0b915 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFl
ag>)
18  0x7facb4b58b0f /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x1e113b0f) [0x7facb4b58b0f]
19  0x7facb4b59539 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>
, WebCore::EventRegionContext*)
20  0x7facb4b5b4d0 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
21  0x7facb4034f37 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
22  0x7facae45a84a /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x17a1584a) [0x7facae45a84a]
23  0x7facae45af58 /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x17a15f58) [0x7facae45af58]
24  0x7facae45ad6e Nicosia::PaintingEngineBasic::paint(WebCore::GraphicsLayer&, WTF::Ref<Nicosia::Buffer, WTF::RawPtrTraits<Nicosia::Buffer> >&&, WebCore::IntRect const&, WebCore::IntR
ect const&, WebCore::IntRect const&, float)
25  0x7facae43378f WebCore::CoordinatedGraphicsLayer::updateContentBuffers()
26  0x7facae4323e2 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220125/8daf49a5/attachment.htm>

More information about the webkit-unassigned mailing list