[Webkit-unassigned] [Bug 244580] ASSERTION FAILED: isPlaced() /home/fuzzer/temp/webkit/webkitgtk-2.36.0/Source/WebCore/rendering/FloatingObjects.h(71) : const WebCore::LayoutRect &WebCore::FloatingObject::frameRect() const
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 19 09:33:54 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=244580
--- Comment #11 from Frédéric Wang (:fredw) <fred.wang at free.fr> ---
(In reply to Frédéric Wang (:fredw) from comment #5)
> Created attachment 463055 [details]
> Python script to extract data: URLs
>
> When trying to reduce the testcase I'm also seeing bug 244465 on macOS.
>
> For now I haven't been very successful reducing the tests. Some observation:
>
> - The end of the file contains many rdfuzz-script doing JS mutations via
> setTimeout of increasing duration. This is making the test very slow. It's
> possible to speed up things a bit by dividing that duration by a constant.
>
> - Several images are inserted as data URL, which makes the HTML large. The
> attached Python script helps to extract these data URL as external resources.
I did more attempt today. I noticed that assertions are sometimes flaky with the original test and the more you reduce the file's size, the more flaky it becomes. My guess is that it is due to the setTimeout calls at the end of the file (performing DOM mutations) which are not guaranteed to execute. Adding testRunner.waitUntilDone/notifyDone() before/after helps the reduction.
I've attached a few more reduced testcases for different assertions. Will try to do more tomorrow for other assertions I found from the original testcase.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221019/a677572a/attachment.htm>
More information about the webkit-unassigned
mailing list