[Webkit-unassigned] [Bug 244580] ASSERTION FAILED: isPlaced() /home/fuzzer/temp/webkit/webkitgtk-2.36.0/Source/WebCore/rendering/FloatingObjects.h(71) : const WebCore::LayoutRect &WebCore::FloatingObject::frameRect() const
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 19 00:06:29 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=244580
--- Comment #6 from Frédéric Wang (:fredw) <fred.wang at free.fr> ---
Created attachment 463077
--> https://bugs.webkit.org/attachment.cgi?id=463077&action=review
Slightly reduced
Based on comment 5:
- I tweaked my Python script to convert data URLs of images into data URLs of blank SVG images of same size. This makes the size goes down from 6.24MB to 2.8MB.
- I also added a scalar parameter α for the setTimeout functions, which one can tweak to reduce the runtime. For example on Linux GTK non-ASAN debug build the time to hit an assertion goes down from ~40s to ~20s with α=0.1.
These change don't seem to affect the reproducibility of debug assertions (although I'm still not able to reproduce the original one from the report). This is still not optimal, but hopefully this will help further testcase reduction.
Incidentally, I just hit another one in macOS ASAN debug build:
ASSERTION FAILED: LayoutPoint(IntPoint(paintOffset.x(), paintOffset.y())) == paintOffset
rendering/RenderView.cpp(327) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)
and with Linux GTK non-ASAN debug build, I also hit the one from comment 4.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221019/68a81ce0/attachment.htm>
More information about the webkit-unassigned
mailing list