search

WebKitNix / webkitnix

A WebKit2 port based on POSIX and OpenGL/ES
http://nix.openbossa.org
66 stars 24 forks source link

Crash in WebCore::SimpleLineLayout::RunResolver::Run::rect #38

Open renatahodovan opened 10 years ago

renatahodovan commented 10 years ago

Crash happens with the following test case both in release and debug NIX builds (the crash doesn't appear in trunk WebKit):

<html> 
<head>
<style>

    *{
        padding:83881vh;
        display:run-in;
    }

</style>
</head>
    <body> 
        <div>
            <header>
                <div></div>
            </header>
        </div> 
    </body>
</html>

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffa697b700 (LWP 13370)]
0x00007ffff3a5e95b in WebCore::SimpleLineLayout::RunResolver::Run::rect (this=0x7fffffffbf70)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/SimpleLineLayoutResolver.h:169
warning: Source file is more recent than executable.
169     float baselinePosition = resolver.m_lineHeight * m_iterator.lineIndex() + resolver.m_baseline;
(gdb) bt
#0  0x00007ffff3a5e95b in WebCore::SimpleLineLayout::RunResolver::Run::rect (this=0x7fffffffbf70)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/SimpleLineLayoutResolver.h:169
#1  0x00007ffff3a7dcc0 in WebCore::SimpleLineLayout::paintFlow (flow=..., layout=..., paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/SimpleLineLayoutFunctions.cpp:91
#2  0x00007ffff38cf87c in WebCore::RenderBlockFlow::paintInlineChildren (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlockFlow.cpp:3083
#3  0x00007ffff3896466 in WebCore::RenderBlock::paintContents (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2380
#4  0x00007ffff3896f86 in WebCore::RenderBlock::paintObject (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2498
#5  0x00007ffff3894dac in WebCore::RenderBlock::paint (this=0x658d70, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2193
#6  0x00007ffff3896980 in WebCore::RenderBlock::paintChild (this=0x75d780, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=false) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2430
#7  0x00007ffff38965ab in WebCore::RenderBlock::paintChildren (this=0x75d780, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2400
#8  0x00007ffff389654e in WebCore::RenderBlock::paintContents (this=0x75d780, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2393
#9  0x00007ffff3896f86 in WebCore::RenderBlock::paintObject (this=0x75d780, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2498
#10 0x00007ffff3894dac in WebCore::RenderBlock::paint (this=0x75d780, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2193
#11 0x00007ffff3896980 in WebCore::RenderBlock::paintChild (this=0x8175a0, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=false) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2430
#12 0x00007ffff38965ab in WebCore::RenderBlock::paintChildren (this=0x8175a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2400
#13 0x00007ffff389654e in WebCore::RenderBlock::paintContents (this=0x8175a0, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2393
#14 0x00007ffff3896f86 in WebCore::RenderBlock::paintObject (this=0x8175a0, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2498
#15 0x00007ffff3894dac in WebCore::RenderBlock::paint (this=0x8175a0, paintInfo=..., paintOffset=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderBlock.cpp:2193
#16 0x00007ffff399d7e5 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=0x817670, phase=WebCore::PaintPhaseForeground, 
    layerFragments=..., context=0x75b150, localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:4243
#17 0x00007ffff399d50e in WebCore::RenderLayer::paintForegroundForFragments (this=0x817670, layerFragments=..., context=0x75b150, 
    transparencyLayerContext=0x75b150, transparencyPaintDirtyRect=..., haveTransparency=false, localPaintingInfo=..., paintBehavior=0, 
    subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:4219
#18 0x00007ffff399bf01 in WebCore::RenderLayer::paintLayerContents (this=0x817670, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3946
#19 0x00007ffff399ad5e in WebCore::RenderLayer::paintLayerContentsAndReflection (this=0x817670, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3670
#20 0x00007ffff399ac4d in WebCore::RenderLayer::paintLayer (this=0x817670, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3652
#21 0x00007ffff399c551 in WebCore::RenderLayer::paintList (this=0x7620c0, list=0x6cf140, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:4036
#22 0x00007ffff399bfb2 in WebCore::RenderLayer::paintLayerContents (this=0x7620c0, context=0x75b150, paintingInfo=..., paintFlags=224)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayer.cpp:3957
#23 0x00007ffff39be70c in WebCore::RenderLayerBacking::paintIntoLayer (this=0x78f320, graphicsLayer=0x78cfa0, context=0x75b150, paintDirtyRect=..., 
    paintBehavior=0, paintingPhase=7) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayerBacking.cpp:2045
#24 0x00007ffff39beac0 in WebCore::RenderLayerBacking::paintContents (this=0x78f320, graphicsLayer=0x78cfa0, context=..., paintingPhase=7, clip=...)
---Type <return> to continue, or q <return> to quit---
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/rendering/RenderLayerBacking.cpp:2090
#25 0x00007ffff372f98c in WebCore::GraphicsLayer::paintGraphicsLayerContents (this=0x78cfa0, context=..., clip=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/GraphicsLayer.cpp:335
#26 0x00007ffff37a61cd in WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint (this=0x78cfa0, context=0x75b150, rect=...)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:905
#27 0x00007ffff37c33f9 in WebCore::CoordinatedTile::paintToSurfaceContext (this=0x6cf530, context=0x75b150)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedTile.cpp:104
#28 0x00007ffff37c3e20 in WebCore::UpdateAtlasSurfaceClient::paintToSurfaceContext (this=0x7fffffffd4b0, context=0x75b150)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:50
#29 0x00007ffff47a77f6 in WebKit::WebCoordinatedSurface::paintToSurface (this=0x81d8c0, rect=..., client=0x7fffffffd4b0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/Shared/CoordinatedGraphics/WebCoordinatedSurface.cpp:189
#30 0x00007ffff37c3ca7 in WebCore::UpdateAtlas::paintOnAvailableBuffer (this=0x819cc0, size=..., atlasID=@0x7fffffffd5e4: 1, offset=..., client=0x6cf540)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:110
#31 0x00007ffff379350b in WebCore::CompositingCoordinator::paintToSurface (this=0x7ea410, size=..., flags=0, atlasID=@0x7fffffffd5e4: 1, offset=..., 
    client=0x6cf540) at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:387
#32 0x00007ffff37a6810 in WebCore::CoordinatedGraphicsLayer::paintToSurface (this=0x78cfa0, size=..., atlas=@0x7fffffffd5e4: 1, offset=..., client=0x6cf540)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:965
#33 0x00007ffff37c315c in WebCore::CoordinatedTile::updateBackBuffer (this=0x6cf530)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedTile.cpp:77
#34 0x00007ffff374fe5b in WebCore::TiledBackingStore::updateTileBuffers (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:132
#35 0x00007ffff3750dbd in WebCore::TiledBackingStore::createTiles (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:329
#36 0x00007ffff374f988 in WebCore::TiledBackingStore::coverWithTilesIfNeeded (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:78
#37 0x00007ffff37503e5 in WebCore::TiledBackingStore::commitScaleChange (this=0x6cf3e0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:193
#38 0x00007ffff3750394 in WebCore::TiledBackingStore::setContentsScale (this=0x6cf3e0, scale=0.000277196988)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/TiledBackingStore.cpp:185
#39 0x00007ffff37a6182 in WebCore::CoordinatedGraphicsLayer::createBackingStore (this=0x78cfa0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:898
#40 0x00007ffff37a6c49 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x78cfa0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1030
#41 0x00007ffff37a6b42 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x78cfa0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1008
#42 0x00007ffff37a6b7a in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x83b0a0)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1011
#43 0x00007ffff37a6b7a in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7ea670)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1011
#44 0x00007ffff37923a4 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7ea410)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:102
#45 0x00007ffff493f24f in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7ea300)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:314
#46 0x00007ffff493f2fc in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7ea300)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:329
#47 0x00007ffff4943060 in WebCore::Timer<WebKit::CoordinatedLayerTreeHost>::fired (this=0x7ea370)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/Timer.h:115
#48 0x00007ffff36bc4e9 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x815970)
    at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/ThreadTimers.cpp:127
#49 0x00007ffff36bc3fd in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/ThreadTimers.cpp:103
#50 0x00007ffff41621a2 in WebCore::timeoutCallback () at /home/reni/Data/REPOS/webkitnix/Source/WebCore/platform/nix/SharedTimerNix.cpp:49
#51 0x00007ffff02da07b in g_timeout_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4413
---Type <return> to continue, or q <return> to quit---
#52 0x00007ffff02d9473 in g_main_dispatch (context=0x611920) at gmain.c:3054
#53 g_main_context_dispatch (context=0x611920) at gmain.c:3630
#54 0x00007ffff02d97b8 in g_main_context_iterate (dispatch=1, block=<optimized out>, context=0x611920, self=<optimized out>) at gmain.c:3701
#55 g_main_context_iterate (context=0x611920, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3638
#56 0x00007ffff02d9bfa in g_main_loop_run (loop=0x611a80) at gmain.c:3895
#57 0x00007ffff49fe332 in WTF::RunLoop::run () at /home/reni/Data/REPOS/webkitnix/Source/WTF/wtf/nix/RunLoopNix.cpp:60
#58 0x00007ffff4956b9c in WebKit::WebProcessMainNix (argc=2, argv=0x7fffffffde28)
    at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/WebProcess/nix/WebProcessMainNix.cpp:84
#59 0x00000000004007b4 in main (argc=2, argv=0x7fffffffde28) at /home/reni/Data/REPOS/webkitnix/Source/WebKit2/nix/MainNix.cpp:30