<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: end <= it->end in WebCore::SimpleLineLayout::FlowContents::segmentIndexForRunSlow"
href="https://bugs.webkit.org/show_bug.cgi?id=166817">166817</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: end <= it->end in WebCore::SimpleLineLayout::FlowContents::segmentIndexForRunSlow
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Layout and Rendering
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>hodovan@inf.u-szeged.hu
</td>
</tr>
<tr>
<th>CC</th>
<td>simon.fraser@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Load the attached test with debug WebKitTestRunner:
Checked version: 217d599
OS: Darwin-15.6.0-x86_64-i386-64bit
777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777
<param> <br>
Backtrace:
ASSERTION FAILED: end <= it->end
WebKit/Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp(75) : unsigned int WebCore::SimpleLineLayout::FlowContents::segmentIndexForRunSlow(unsigned int, unsigned int) const
1 0x1153a3c71 WTFCrash
2 0x11fc75dc0 WebCore::SimpleLineLayout::FlowContents::segmentIndexForRunSlow(unsigned int, unsigned int) const
3 0x11fc8810f WebCore::SimpleLineLayout::FlowContents::segmentForRun(unsigned int, unsigned int) const
4 0x11fc82803 WebCore::SimpleLineLayout::RunResolver::Run::text() const
5 0x11fc7901b WebCore::SimpleLineLayout::paintFlow(WebCore::RenderBlockFlow const&, WebCore::SimpleLineLayout::Layout const&, WebCore::PaintInfo&, WebCore::LayoutPoint const&)
6 0x11ed1163b WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
7 0x11ec1dc00 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
8 0x11ec201cb WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
9 0x11ec1d602 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
10 0x11ec1eb21 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType)
11 0x11ec1df6e WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool)
12 0x11ec1de68 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
13 0x11ec201cb WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
14 0x11ec1d602 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
15 0x11ec1eb21 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType)
16 0x11ec1df6e WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool)
17 0x11ec1de68 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
18 0x11ec201cb WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
19 0x11ec1d602 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
20 0x11f0b26c4 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*)
21 0x11f0a8f8e WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool)
22 0x11f09bbff WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
23 0x11f09a3f2 WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
24 0x11f0963bb WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
25 0x11f0a88a6 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
26 0x11f09bd13 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
27 0x11f133d05 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int)
28 0x11f134d86 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&)
29 0x11b71be5d WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&)
30 0x11b7452fb WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&)
31 0x11ea7dabc WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&)
ASAN:DEADLYSIGNAL
=================================================================
==41266==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001153a3ca9 bp 0x7fff545d3190 sp 0x7fff545d3180 T0)
#0 0x1153a3ca8 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2f81ca8)
#1 0x11fc75dbf in WebCore::SimpleLineLayout::FlowContents::segmentIndexForRunSlow(unsigned int, unsigned int) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x62f9dbf)
#2 0x11fc8810e in WebCore::SimpleLineLayout::FlowContents::segmentForRun(unsigned int, unsigned int) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x630c10e)
#3 0x11fc82802 in WebCore::SimpleLineLayout::RunResolver::Run::text() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6306802)
#4 0x11fc7901a in WebCore::SimpleLineLayout::paintFlow(WebCore::RenderBlockFlow const&, WebCore::SimpleLineLayout::Layout const&, WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x62fd01a)
#5 0x11ed1163a in WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x539563a)
#6 0x11ec1dbff in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1bff)
#7 0x11ec201ca in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a41ca)
#8 0x11ec1d601 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1601)
#9 0x11ec1eb20 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a2b20)
#10 0x11ec1df6d in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1f6d)
#11 0x11ec1de67 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1e67)
#12 0x11ec201ca in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a41ca)
#13 0x11ec1d601 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1601)
#14 0x11ec1eb20 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a2b20)
#15 0x11ec1df6d in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1f6d)
#16 0x11ec1de67 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1e67)
#17 0x11ec201ca in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a41ca)
#18 0x11ec1d601 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x52a1601)
#19 0x11f0b26c3 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57366c3)
#20 0x11f0a8f8d in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x572cf8d)
#21 0x11f09bbfe in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x571fbfe)
#22 0x11f09a3f1 in WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x571e3f1)
#23 0x11f0963ba in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x571a3ba)
#24 0x11f0a88a5 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x572c8a5)
#25 0x11f09bd12 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x571fd12)
#26 0x11f133d04 in WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57b7d04)
#27 0x11f134d85 in WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57b8d85)
#28 0x11b71be5c in WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9fe5c)
#29 0x11b7452fa in WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1dc92fa)
#30 0x11ea7dabb in WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5101abb)
#31 0x12052654e in WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6baa54e)
#32 0x120a87adc in -[WebSimpleLayer drawInContext:] (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x710badc)
#33 0x7fff8bf34b18 in CABackingStoreUpdate_ (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x20b18)
#34 0x7fff8bf33d6c in invocation function for block in CA::Layer::display_() (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x1fd6c)
#35 0x7fff8bf33758 in CA::Layer::display_() (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x1f758)
#36 0x120a87638 in -[WebSimpleLayer display] (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x710b638)
#37 0x7fff8bf254a4 in CA::Layer::display_if_needed(CA::Transaction*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x114a4)
#38 0x7fff8bf24fcc in CA::Layer::layout_and_display_if_needed(CA::Transaction*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x10fcc)
#39 0x7fff8bf244a0 in CA::Context::commit_transaction(CA::Transaction*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x104a0)
#40 0x7fff8bf240eb in CA::Transaction::commit() (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x100eb)
#41 0x7fff8bf2f976 in CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) (/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore+0x1b976)
#42 0x7fff94efcfc6 in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9fc6)
#43 0x7fff94efcf36 in __CFRunLoopDoObservers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa9f36)
#44 0x7fff94edbe57 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e57)
#45 0x7fff93297934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
#46 0x7fff9329776e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
#47 0x7fff932975ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
#48 0x7fff98137df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
#49 0x7fff98137225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
#50 0x7fff9812bd7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
#51 0x7fff980f5367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
#52 0x7fff8beec193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
#53 0x7fff8beeabbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
#54 0x10b624f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
#55 0x7fff9ecd85ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#56 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2f81ca8) in WTFCrash
==41266==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 41266)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>