Bug 141328

Summary: ASSERTION FAILED: resolvedInitialPosition <= resolvedFinalPosition in WebCore::GridSpan::GridSpan
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: Layout and RenderingAssignee: Sergio Villar Senin <svillar>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, darin, dino, esprehn+autocc, glenn, jfernandez, kling, kondapallykalyan, mark.lam, oliver, rego, svillar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case
none
Patch darin: review+

Renata Hodovan
Reported 2015-02-06 03:28:09 PST
Created attachment 246157 [details] Test case Load this with debug WK: <!DOCTYPE html> <input/><input/><input/> <style> * { display:-webkit-inline-grid; -webkit-grid-row: span 400000; } </style> Note: it's probably the same as crbug.com/422980. Backtrace: ASSERTION FAILED: resolvedInitialPosition <= resolvedFinalPosition ../../Source/WebCore/rendering/style/GridCoordinate.h(55) : WebCore::GridSpan::GridSpan(const WebCore::GridResolvedPosition&, const WebCore::GridResolvedPosition&) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff8affd700 (LWP 17567)] 0x00007fffed72b70d in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffed72b70d in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff2d34e8d in WebCore::GridSpan::GridSpan (this=0x7fffffffbbd0, resolvedInitialPosition=..., resolvedFinalPosition=...) at ../../Source/WebCore/rendering/style/GridCoordinate.h:55 #2 0x00007ffff3a13afa in WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition (gridContainerStyle=..., gridItem=..., direction=WebCore::ForRows, resolvedInitialPosition=...) at ../../Source/WebCore/rendering/style/GridResolvedPosition.cpp:85 #3 0x00007ffff3895279 in WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid (this=0x7ffff7f33240, gridItem=..., specifiedDirection=WebCore::ForColumns, specifiedPositions=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:814 #4 0x00007ffff3895b41 in WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid (this=0x7ffff7f33240, gridItem=..., autoPlacementCursor=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:894 #5 0x00007ffff38955ce in WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid (this=0x7ffff7f33240, autoGridItems=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:838 #6 0x00007ffff3894d5a in WebCore::RenderGrid::placeItemsOnGrid (this=0x7ffff7f33240) at ../../Source/WebCore/rendering/RenderGrid.cpp:771 #7 0x00007ffff3891703 in WebCore::RenderGrid::computeIntrinsicLogicalWidths (this=0x7ffff7f33240, minLogicalWidth=..., maxLogicalWidth=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:248 #8 0x00007ffff389192e in WebCore::RenderGrid::computePreferredLogicalWidths (this=0x7ffff7f33240) at ../../Source/WebCore/rendering/RenderGrid.cpp:279 #9 0x00007ffff380be26 in WebCore::RenderBox::minPreferredLogicalWidth (this=0x7ffff7f33240) at ../../Source/WebCore/rendering/RenderBox.cpp:999 #10 0x00007ffff3893159 in WebCore::RenderGrid::minContentForChild (this=0x7ffff7e986c0, child=..., direction=WebCore::ForColumns, columnTracks=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:516 #11 0x00007ffff3893ed1 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=..., gridItemWithSpan=..., filterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff38976d4 <WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth() const>, sizingFunction=(WebCore::LayoutUnit (WebCore::RenderGrid::*)(WebCore::RenderGrid * const, WebCore::RenderBox &, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow> &)) 0x7ffff38930ce <WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow>&)>, trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3897c3e <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction=(void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff3897bde <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, growAboveMaxBreadthFilterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff389785c <WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth() const>) at ../../Source/WebCore/rendering/RenderGrid.cpp:634 #12 0x00007ffff38937a1 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:598 #13 0x00007ffff3891c9b in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=..., availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:327 #14 0x00007ffff38919fd in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0x7ffff7e986c0, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:291 #15 0x00007ffff3895d4a in WebCore::RenderGrid::layoutGridItems (this=0x7ffff7e986c0) at ../../Source/WebCore/rendering/RenderGrid.cpp:923 #16 0x00007ffff3891556 in WebCore::RenderGrid::layoutBlock (this=0x7ffff7e986c0, relayoutChildren=false) at ../../Source/WebCore/rendering/RenderGrid.cpp:220 #17 0x00007ffff37ae24b in WebCore::RenderBlock::layout (this=0x7ffff7e986c0) at ../../Source/WebCore/rendering/RenderBlock.cpp:927 #18 0x00007ffff37d970c in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7ffff7f18b40, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:703 #19 0x00007ffff37d9253 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7ffff7f18b40, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:626 #20 0x00007ffff37d8680 in WebCore::RenderBlockFlow::layoutBlock (this=0x7ffff7f18b40, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:479 #21 0x00007ffff37ae24b in WebCore::RenderBlock::layout (this=0x7ffff7f18b40) at ../../Source/WebCore/rendering/RenderBlock.cpp:927 #22 0x00007ffff39acb11 in WebCore::RenderView::layoutContent (this=0x7ffff7f18b40, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232 #23 0x00007ffff39ad1e1 in WebCore::RenderView::layout (this=0x7ffff7f18b40) at ../../Source/WebCore/rendering/RenderView.cpp:357 #24 0x00007ffff351306c in WebCore::FrameView::layout (this=0x7ffff7ec6b00, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1317 #25 0x00007ffff2eb99ab in WebCore::Document::implicitClose (this=0x7fff5723a000) at ../../Source/WebCore/dom/Document.cpp:2497 #26 0x00007ffff33b7f4b in WebCore::FrameLoader::checkCallImplicitClose (this=0x7ffff7f39a98) at ../../Source/WebCore/loader/FrameLoader.cpp:901 #27 0x00007ffff33b7cb7 in WebCore::FrameLoader::checkCompleted (this=0x7ffff7f39a98) at ../../Source/WebCore/loader/FrameLoader.cpp:847 #28 0x00007ffff33b7a20 in WebCore::FrameLoader::finishedParsing (this=0x7ffff7f39a98) at ../../Source/WebCore/loader/FrameLoader.cpp:767 #29 0x00007ffff2ec28a0 in WebCore::Document::finishedParsing (this=0x7fff5723a000) at ../../Source/WebCore/dom/Document.cpp:4629 #30 0x00007ffff32302b7 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7ffff7f33380) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404 #31 0x00007ffff326cd3e in WebCore::HTMLTreeBuilder::finished (this=0x7ffff7f33360) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2941 #32 0x00007ffff3238c2e in WebCore::HTMLDocumentParser::end (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #33 0x00007ffff3238cfc in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411 #34 0x00007ffff32379ac in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #35 0x00007ffff3238d33 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423 #36 0x00007ffff3238de1 in WebCore::HTMLDocumentParser::finish (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #37 0x00007ffff33a806f in WebCore::DocumentWriter::end (this=0x7ffff7eba4a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #38 0x00007ffff3393699 in WebCore::DocumentLoader::finishedLoading (this=0x7ffff7eba400, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440 #39 0x00007ffff3393402 in WebCore::DocumentLoader::notifyFinished (this=0x7ffff7eba400, resource=0x7ffff7ec6200) at ../../Source/WebCore/loader/DocumentLoader.cpp:374 #40 0x00007ffff3447aa6 in WebCore::CachedResource::checkNotify (this=0x7ffff7ec6200) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293 #41 0x00007ffff3447ba4 in WebCore::CachedResource::finishLoading (this=0x7ffff7ec6200) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309 #42 0x00007ffff3444201 in WebCore::CachedRawResource::finishLoading (this=0x7ffff7ec6200, data=0x7ffff7eb8750) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #43 0x00007ffff33f686f in WebCore::SubresourceLoader::didFinishLoading (this=0x7fff41049b00, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:364 #44 0x00007ffff33f21a9 in WebCore::ResourceLoader::didFinishLoading (this=0x7fff41049b00, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:542 #45 0x00007ffff3da6401 in WebCore::readCallback (asyncResult=0x6e4460, data=0x7ffff7e7bb20) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1295 #46 0x00007fffeb2707e6 in async_ready_callback_wrapper (source_object=0x7c7270, res=0x6e4460, user_data=user_data@entry=0x7ffff7e7bb20) at ginputstream.c:523 #47 0x00007fffeb2960e5 in g_task_return_now (task=0x6e4460) at gtask.c:1077 #48 0x00007fffeb296109 in complete_in_idle_cb (task=0x6e4460) at gtask.c:1086 #49 0x00007fffea54ea1d in g_main_dispatch (context=0x478b00) at gmain.c:3064 #50 g_main_context_dispatch (context=context@entry=0x478b00) at gmain.c:3663 #51 0x00007fffea54ed88 in g_main_context_iterate (context=0x478b00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #52 0x00007fffea54f04a in g_main_loop_run (loop=0x901bd0) at gmain.c:3928 #53 0x00007ffff44a7fb0 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #54 0x00007ffff29946cc in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd988) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #55 0x00007ffff2994531 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd988) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77 #56 0x00000000004008d1 in main (argc=2, argv=0x7fffffffd988) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test case (131 bytes, text/html)
2015-02-06 03:28 PST, Renata Hodovan 		no flags
Details
Patch (3.12 KB, patch)
2015-02-09 02:08 PST, Sergio Villar Senin 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1 2015-02-06 06:12:23 PST
Yeah it requires the same fix.
Sergio Villar Senin
Comment 2 2015-02-09 02:08:23 PST
Created attachment 246260 [details] Patch
Darin Adler
Comment 3 2015-02-09 02:29:17 PST
Comment on attachment 246260 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=246260&action=review > Source/WebCore/ChangeLog:9 > + was trying to place an item with span, it was completelly ignoring the completely > Source/WebCore/ChangeLog:12 > + using the finalResolvedPosition. This works with an unlimitted grid which can unlimited > Source/WebCore/ChangeLog:13 > + indefinitelly grow. But if the item spans over the grid track limits, then it indefinitely > Source/WebCore/ChangeLog:24 > + No new test provided as the test case would involve a huge grid > + allocation that performs very slow on Debug bots. There is no really no practical way to test this? We have to find some way to test the limits.
Sergio Villar Senin
Comment 4 2015-02-09 03:24:37 PST
(In reply to comment #3) > Comment on attachment 246260 [details] > > Source/WebCore/ChangeLog:24 > > + No new test provided as the test case would involve a huge grid > > + allocation that performs very slow on Debug bots. > > There is no really no practical way to test this? We have to find some way > to test the limits. I thought about creating an unit test but we lack a lot of stuff to create one the renderers, the styles, the named grid lines, etc... What I'm going to do is to add the test case to ManualTests.
Sergio Villar Senin
Comment 5 2015-02-09 06:06:00 PST
Committed r179826: <http://trac.webkit.org/changeset/179826>
Note You need to log in before you can comment on or make changes to this bug.