Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in WebCore::SimpleLineLayout::RunResolver::Run::rect #38

Open
renatahodovan opened this issue Dec 12, 2013 · 0 comments
Open

Crash in WebCore::SimpleLineLayout::RunResolver::Run::rect #38

renatahodovan opened this issue Dec 12, 2013 · 0 comments

Comments

@renatahodovan
Copy link

Crash happens with the following test case both in release and debug NIX builds (the crash doesn't appear in trunk WebKit):

<html> 
<head>
<style>

    *{
        padding:83881vh;
        display:run-in;
    }

</style>
</head>
    <body> 
        <div>
            <header>
                <div></div>
            </header>
        </div> 
    </body>
</html>

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffa697b700 (LWP 13370)]
0x00007ffff3a5e95b in WebCore::SimpleLineLayout::RunResolver::Run::rect (this=0x7fffffffbf70)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/SimpleLineLayoutResolver.h:169
warning: Source file is more recent than executable.
169     float baselinePosition = resolver.m_lineHeight * m_iterator.lineIndex() + resolver.m_baseline;
(gdb) bt
#0  0x00007ffff3a5e95b in WebCore::SimpleLineLayout::RunResolver::Run::rect (this=0x7fffffffbf70)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/SimpleLineLayoutResolver.h:169
#1  0x00007ffff3a7dcc0 in WebCore::SimpleLineLayout::paintFlow (flow=..., layout=..., paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/SimpleLineLayoutFunctions.cpp:91
#2  0x00007ffff38cf87c in WebCore::RenderBlockFlow::paintInlineChildren (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlockFlow.cpp:3083
#3  0x00007ffff3896466 in WebCore::RenderBlock::paintContents (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2380
#4  0x00007ffff3896f86 in WebCore::RenderBlock::paintObject (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2498
#5  0x00007ffff3894dac in WebCore::RenderBlock::paint (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2193
#6  0x00007ffff3896980 in WebCore::RenderBlock::paintChild (this=0x75d780, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=false) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2430
#7  0x00007ffff38965ab in WebCore::RenderBlock::paintChildren (this=0x75d780, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2400
#8  0x00007ffff389654e in WebCore::RenderBlock::paintContents (this=0x75d780, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2393
#9  0x00007ffff3896f86 in WebCore::RenderBlock::paintObject (this=0x75d780, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2498
#10 0x00007ffff3894dac in WebCore::RenderBlock::paint (this=0x75d780, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2193
#11 0x00007ffff3896980 in WebCore::RenderBlock::paintChild (this=0x8175a0, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=false) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2430
#12 0x00007ffff38965ab in WebCore::RenderBlock::paintChildren (this=0x8175a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2400
#13 0x00007ffff389654e in WebCore::RenderBlock::paintContents (this=0x8175a0, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2393
#14 0x00007ffff3896f86 in WebCore::RenderBlock::paintObject (this=0x8175a0, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2498
#15 0x00007ffff3894dac in WebCore::RenderBlock::paint (this=0x8175a0, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2193
#16 0x00007ffff399d7e5 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=0x817670, phase=WebCore::PaintPhaseForeground, 
    layerFragments=..., context=0x75b150, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:4243
#17 0x00007ffff399d50e in WebCore::RenderLayer::paintForegroundForFragments (this=0x817670, layerFragments=..., context=0x75b150, 
    transparencyLayerContext=0x75b150, transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0, 
    subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:4219
#18 0x00007ffff399bf01 in WebCore::RenderLayer::paintLayerContents (this=0x817670, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3946
#19 0x00007ffff399ad5e in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x817670, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3670
#20 0x00007ffff399ac4d in WebCore::RenderLayer::paintLayer (this=0x817670, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3652
#21 0x00007ffff399c551 in WebCore::RenderLayer::paintList (this=0x7620c0, list=0x6cf140, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:4036
#22 0x00007ffff399bfb2 in WebCore::RenderLayer::paintLayerContents (this=0x7620c0, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3957
#23 0x00007ffff39be70c in WebCore::RenderLayerBacking::paintIntoLayer (this=0x78f320, graphicsLayer=0x78cfa0, context=0x75b150, paintDirtyRect=..., 
    paintBehavior=0, paintingPhase=7) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayerBacking.cpp:2045
#24 0x00007ffff39beac0 in WebCore::RenderLayerBacking::paintContents (this=0x78f320, graphicsLayer=0x78cfa0, context=..., paintingPhase=7, clip=...)
---Type <return> to continue, or q <return> to quit---
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayerBacking.cpp:2090
#25 0x00007ffff372f98c in WebCore::GraphicsLayer::paintGraphicsLayerContents (this=0x78cfa0, context=..., clip=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/GraphicsLayer.cpp:335
#26 0x00007ffff37a61cd in WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint (this=0x78cfa0, context=0x75b150, rect=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:905
#27 0x00007ffff37c33f9 in WebCore::CoordinatedTile::paintToSurfaceContext (this=0x6cf530, context=0x75b150)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedTile.cpp:104
#28 0x00007ffff37c3e20 in WebCore::UpdateAtlasSurfaceClient::paintToSurfaceContext (this=0x7fffffffd4b0, context=0x75b150)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:50
#29 0x00007ffff47a77f6 in WebKit::WebCoordinatedSurface::paintToSurface (this=0x81d8c0, rect=..., client=0x7fffffffd4b0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/Shared/CoordinatedGraphics/WebCoordinatedSurface.cpp:189
#30 0x00007ffff37c3ca7 in WebCore::UpdateAtlas::paintOnAvailableBuffer (this=0x819cc0, size=..., atlasID=@0x7fffffffd5e4: 1, offset=..., client=0x6cf540)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:110
#31 0x00007ffff379350b in WebCore::CompositingCoordinator::paintToSurface (this=0x7ea410, size=..., flags=0, atlasID=@0x7fffffffd5e4: 1, offset=..., 
    client=0x6cf540) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:387
#32 0x00007ffff37a6810 in WebCore::CoordinatedGraphicsLayer::paintToSurface (this=0x78cfa0, size=..., atlas=@0x7fffffffd5e4: 1, offset=..., client=0x6cf540)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:965
#33 0x00007ffff37c315c in WebCore::CoordinatedTile::updateBackBuffer (this=0x6cf530)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedTile.cpp:77
#34 0x00007ffff374fe5b in WebCore::TiledBackingStore::updateTileBuffers (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:132
#35 0x00007ffff3750dbd in WebCore::TiledBackingStore::createTiles (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:329
#36 0x00007ffff374f988 in WebCore::TiledBackingStore::coverWithTilesIfNeeded (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:78
#37 0x00007ffff37503e5 in WebCore::TiledBackingStore::commitScaleChange (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:193
#38 0x00007ffff3750394 in WebCore::TiledBackingStore::setContentsScale (this=0x6cf3e0, scale=0.000277196988)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:185
#39 0x00007ffff37a6182 in WebCore::CoordinatedGraphicsLayer::createBackingStore (this=0x78cfa0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:898
#40 0x00007ffff37a6c49 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x78cfa0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1030
#41 0x00007ffff37a6b42 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x78cfa0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1008
#42 0x00007ffff37a6b7a in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x83b0a0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1011
#43 0x00007ffff37a6b7a in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7ea670)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1011
#44 0x00007ffff37923a4 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7ea410)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:102
#45 0x00007ffff493f24f in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7ea300)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:314
#46 0x00007ffff493f2fc in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7ea300)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:329
#47 0x00007ffff4943060 in WebCore::Timer<WebKit::CoordinatedLayerTreeHost>::fired (this=0x7ea370)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/Timer.h:115
#48 0x00007ffff36bc4e9 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x815970)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/ThreadTimers.cpp:127
#49 0x00007ffff36bc3fd in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/ThreadTimers.cpp:103
#50 0x00007ffff41621a2 in WebCore::timeoutCallback () at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/nix/SharedTimerNix.cpp:49
#51 0x00007ffff02da07b in g_timeout_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4413
---Type <return> to continue, or q <return> to quit---
#52 0x00007ffff02d9473 in g_main_dispatch (context=0x611920) at gmain.c:3054
#53 g_main_context_dispatch (context=0x611920) at gmain.c:3630
#54 0x00007ffff02d97b8 in g_main_context_iterate (dispatch=1, block=<optimized out>, context=0x611920, self=<optimized out>) at gmain.c:3701
#55 g_main_context_iterate (context=0x611920, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3638
#56 0x00007ffff02d9bfa in g_main_loop_run (loop=0x611a80) at gmain.c:3895
#57 0x00007ffff49fe332 in WTF::RunLoop::run () at /home/reni/Data/REPOS/webkitnix/Source/WTF/wtf/nix/RunLoopNix.cpp:60
#58 0x00007ffff4956b9c in WebKit::WebProcessMainNix (argc=2, argv=0x7fffffffde28)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/WebProcess/nix/WebProcessMainNix.cpp:84
#59 0x00000000004007b4 in main (argc=2, argv=0x7fffffffde28) at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/nix/MainNix.cpp:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@renatahodovan