<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK] [2.12.3] NULL pointer in markFixedPositionObjectForLayoutIfNeeded"
href="https://bugs.webkit.org/show_bug.cgi?id=159148">159148</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[GTK] [2.12.3] NULL pointer in markFixedPositionObjectForLayoutIfNeeded
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>berto@igalia.com
</td>
</tr>
<tr>
<th>CC</th>
<td>bugs-noreply@webkitgtk.org
</td>
</tr></table>
<p>
<div>
<pre>This happens all the time lately. I can reproduce it easily in Facebook.
Thread 1 "WebKitWebProces" received signal SIGSEGV, Segmentation fault.
WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded (this=this@entry=0x7fdfdcd920b8, child=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1280
1280 if (o->style().position() != AbsolutePosition)
(gdb) print o
$1 = (WebCore::RenderElement *) 0x0
(gdb) bt
#0 0x00007fe05e239585 in WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded(WebCore::RenderObject&) (this=this@entry=0x7fdfdcd920b8, child=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1280
#1 0x00007fe05e240b26 in WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) (this=0x7fdfdcd920b8, r=..., relayoutChildren=<optimized out>, fixedPositionObjectsOnly=<optimized out>)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1320
#2 0x00007fe05e23ad06 in WebCore::RenderBlock::layoutPositionedObjects(bool, bool) (this=this@entry=0x7fdfdcd920b8, relayoutChildren=<optimized out>, fixedPositionObjectsOnly=fixedPositionObjectsOnly@entry=false)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:1379
#3 0x00007fe05e25edfe in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fdfdcd920b8, relayoutChildren=true, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:524
#4 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fdfdcd920b8)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#5 0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this@entry=0x7fdfdcdf3228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#6 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this@entry=0x7fdfdcdf3228, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#7 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fdfdcdf3228, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#8 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fdfdcdf3228)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#9 0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this@entry=0x7fdfdcdf3170, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#10 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this@entry=0x7fdfdcdf3170, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#11 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fdfdcdf3170, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#12 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fdfdcdf3170)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#13 0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this@entry=0x7fe04ab8a398, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#14 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this@entry=0x7fe04ab8a398, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#15 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fe04ab8a398, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#16 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=0x7fe04ab8a398)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#17 0x00007fe05e25960c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=this@entry=0x7fe04ab91480, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:707
#18 0x00007fe05e25a453 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=this@entry=0x7fe04ab91480, relayoutChildren=<optimized out>, maxFloatLogicalBottom=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:630
#19 0x00007fe05e25f08a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fe04ab91480, relayoutChildren=false, pageLogicalHeight=...) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlockFlow.cpp:485
#20 0x00007fe05e238495 in WebCore::RenderBlock::layout() (this=this@entry=0x7fe04ab91480)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderBlock.cpp:943
#21 0x00007fe05e3d6a99 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (this=0x7fe04ab91480, state=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderView.cpp:256
#22 0x00007fe05e3d6f97 in WebCore::RenderView::layout() (this=0x7fe04ab91480)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/rendering/RenderView.cpp:381
#23 0x00007fe05e06aaa6 in WebCore::FrameView::layout(bool) (this=this@entry=0x7fe0407f0480, allowSubtree=allowSubtree@entry=true)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/page/FrameView.cpp:1406
#24 0x00007fe05e06bf0d in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7fe0407f0480)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebCore/page/FrameView.cpp:4192
#25 0x00007fe05d8150b9 in WebKit::WebPage::layoutIfNeeded() (this=<optimized out>)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1249
#26 0x00007fe05d8e0f13 in WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) (this=this@entry=0x55a74d623bb0, updateInfo=...)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:629
#27 0x00007fe05d8e2982 in WebKit::DrawingAreaImpl::display() (this=0x55a74d623bb0)
at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:590
#28 0x00007fe05a9c1c8a in () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#29 0x00007fe05add005a in g_main_context_dispatch (context=0x55a74cbf1290) at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:3154
#30 0x00007fe05add005a in g_main_context_dispatch (context=context@entry=0x55a74cbf1290) at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:3769
#31 0x00007fe05add0400 in g_main_context_iterate (context=0x55a74cbf1290, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:3840
#32 0x00007fe05add0722 in g_main_loop_run (loop=0x55a74d5fc1e0) at /build/glib2.0-wnDt2X/glib2.0-2.48.1/./glib/gmain.c:4034
#33 0x00007fe05a9c2260 in WTF::RunLoop::run() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#34 0x00007fe05d8e6cf9 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7fff6cc669c8) at /build/webkit2gtk-SRoy05/webkit2gtk-2.12.3/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#35 0x00007fe05ce015f0 in __libc_start_main (main=
0x55a74ca50870 <main(int, char**)>, argc=2, argv=0x7fff6cc669c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff6cc669b8) at libc-start.c:291
#36 0x000055a74ca508c9 in _start ()</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>