Bug 151591

Summary: Should never be reached failure in WebCore::RenderFlexibleBox::alignChildren
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: Layout and RenderingAssignee: Javier Fernandez <jfernandez>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, darin, hyatt, jfernandez, ossy, rego, simon.fraser, svillar, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test
none
Patch
none
Patch
none
Patch
none
Patch none

Renata Hodovan
Reported 2015-11-24 10:26:59 PST
Created attachment 266140 [details] Test Load the attached test with debug MiniBrowser: <style> * { display: flex; -webkit-align-self: end safe; } </style> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 79922a5 Backtrace: SHOULD NEVER BE REACHED ../../Source/WebCore/rendering/RenderFlexibleBox.cpp(1346) : void WebCore::RenderFlexibleBox::alignChildren(const WTF::Vector<WebCore::RenderFlexibleBox::LineContext>&) 1 0x7f64d5b8282c WTFCrash 2 0x7f64d49a21e8 WebCore::RenderFlexibleBox::alignChildren(WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul> const&) 3 0x7f64d499cdba WebCore::RenderFlexibleBox::repositionLogicalHeightDependentFlexItems(WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 4 0x7f64d499c8fc WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 5 0x7f64d48d77c6 WebCore::RenderBlock::layout() 6 0x7f64d48aa8f1 WebCore::RenderElement::layoutIfNeeded() 7 0x7f64d49a0f61 WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit&, WTF::Vector<WebCore::RenderBox*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::Vector<WebCore::LayoutUnit, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::LayoutUnit, bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 8 0x7f64d499e7c9 WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 9 0x7f64d499c8c4 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 10 0x7f64d48d77c6 WebCore::RenderBlock::layout() 11 0x7f64d490694c WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 12 0x7f64d490648a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 13 0x7f64d49058ea WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 14 0x7f64d48d77c6 WebCore::RenderBlock::layout() 15 0x7f64d4aee02f WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 16 0x7f64d4aee727 WebCore::RenderView::layout() 17 0x7f64d46b4346 WebCore::FrameView::layout(bool) 18 0x7f64d4106a83 WebCore::Document::implicitClose() 19 0x7f64d4574e91 WebCore::FrameLoader::checkCallImplicitClose() 20 0x7f64d4574bc1 WebCore::FrameLoader::checkCompleted() 21 0x7f64d4574937 WebCore::FrameLoader::finishedParsing() 22 0x7f64d4110bb4 WebCore::Document::finishedParsing() 23 0x7f64d54aa7ab WebCore::HTMLConstructionSite::finishedParsing() 24 0x7f64d446adb2 WebCore::HTMLTreeBuilder::finished() 25 0x7f64d443b0a8 WebCore::HTMLDocumentParser::end() 26 0x7f64d443b176 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 27 0x7f64d4439e6b WebCore::HTMLDocumentParser::prepareToStopParsing() 28 0x7f64d443b1b1 WebCore::HTMLDocumentParser::attemptToEnd() 29 0x7f64d443b261 WebCore::HTMLDocumentParser::finish() 30 0x7f64d4560166 WebCore::DocumentWriter::end() 31 0x7f64d454960a WebCore::DocumentLoader::finishedLoading(double) Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f64d5b82831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f64d96cfa80 (LWP 8936))] #0 0x00007f64d5b82831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f64d49a21e8 in WebCore::RenderFlexibleBox::alignChildren (this=0x7f64b53cf190, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:1346 #2 0x00007f64d499cdba in WebCore::RenderFlexibleBox::repositionLogicalHeightDependentFlexItems (this=0x7f64b53cf190, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:345 #3 0x00007f64d499c8fc in WebCore::RenderFlexibleBox::layoutBlock (this=0x7f64b53cf190, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:278 #4 0x00007f64d48d77c6 in WebCore::RenderBlock::layout (this=0x7f64b53cf190) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #5 0x00007f64d48aa8f1 in WebCore::RenderElement::layoutIfNeeded (this=0x7f64b53cf190) at ../../Source/WebCore/rendering/RenderElement.h:135 #6 0x00007f64d49a0f61 in WebCore::RenderFlexibleBox::layoutAndPlaceChildren (this=0x7f64b53cf0c8, crossAxisOffset=..., children=..., childSizes=..., availableFreeSpace=..., relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:1131 #7 0x00007f64d499e7c9 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7f64b53cf0c8, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:708 #8 0x00007f64d499c8c4 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7f64b53cf0c8, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:275 #9 0x00007f64d48d77c6 in WebCore::RenderBlock::layout (this=0x7f64b53cf0c8) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #10 0x00007f64d490694c in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f64b52dd228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #11 0x00007f64d490648a in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f64b52dd228, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #12 0x00007f64d49058ea in WebCore::RenderBlockFlow::layoutBlock (this=0x7f64b52dd228, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #13 0x00007f64d48d77c6 in WebCore::RenderBlock::layout (this=0x7f64b52dd228) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #14 0x00007f64d4aee02f in WebCore::RenderView::layoutContent (this=0x7f64b52dd228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253 #15 0x00007f64d4aee727 in WebCore::RenderView::layout (this=0x7f64b52dd228) at ../../Source/WebCore/rendering/RenderView.cpp:378 #16 0x00007f64d46b4346 in WebCore::FrameView::layout (this=0x7f64b500c000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1427 #17 0x00007f64d4106a83 in WebCore::Document::implicitClose (this=0x7f64b501d900) at ../../Source/WebCore/dom/Document.cpp:2704 #18 0x00007f64d4574e91 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7f64b52e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:861 #19 0x00007f64d4574bc1 in WebCore::FrameLoader::checkCompleted (this=0x7f64b52e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:807 #20 0x00007f64d4574937 in WebCore::FrameLoader::finishedParsing (this=0x7f64b52e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:728 #21 0x00007f64d4110bb4 in WebCore::Document::finishedParsing (this=0x7f64b501d900) at ../../Source/WebCore/dom/Document.cpp:4897 #22 0x00007f64d54aa7ab in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f64b52fe6e0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403 #23 0x00007f64d446adb2 in WebCore::HTMLTreeBuilder::finished (this=0x7f64b52fe6c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #24 0x00007f64d443b0a8 in WebCore::HTMLDocumentParser::end (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:393 #25 0x00007f64d443b176 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #26 0x00007f64d4439e6b in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #27 0x00007f64d443b1b1 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414 #28 0x00007f64d443b261 in WebCore::HTMLDocumentParser::finish (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:442 #29 0x00007f64d4560166 in WebCore::DocumentWriter::end (this=0x7f64b502ef20) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #30 0x00007f64d454960a in WebCore::DocumentLoader::finishedLoading (this=0x7f64b502ee80, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437 #31 0x00007f64d4549364 in WebCore::DocumentLoader::notifyFinished (this=0x7f64b502ee80, resource=0x7f64b50261c0) at ../../Source/WebCore/loader/DocumentLoader.cpp:384 #32 0x00007f64d45f5d0d in WebCore::CachedResource::checkNotify (this=0x7f64b50261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #33 0x00007f64d45f5e22 in WebCore::CachedResource::finishLoading (this=0x7f64b50261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #34 0x00007f64d45f2044 in WebCore::CachedRawResource::finishLoading (this=0x7f64b50261c0, data=0x7f64b53bf900) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #35 0x00007f64d45ba1a1 in WebCore::SubresourceLoader::didFinishLoading (this=0x7f64b502fa80, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #36 0x00007f64d45b4be7 in WebCore::ResourceLoader::didFinishLoading (this=0x7f64b502fa80, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:638 #37 0x00007f64d4dbeb45 in WebCore::readCallback (asyncResult=0xbab9a0, data=0x7f64b53bd740) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1341 #38 0x00007f64cc9814e6 in async_ready_callback_wrapper (source_object=0xabf5b0, res=0xbab9a0, user_data=0x7f64b53bd740) at ginputstream.c:523 #39 0x00007f64cc9a7a04 in g_task_return_now (task=0xbab9a0) at gtask.c:1077 #40 0x00007f64cc9a7a29 in complete_in_idle_cb (task=0xbab9a0) at gtask.c:1086 #41 0x00007f64cc3dd72a in g_main_dispatch (context=0xab9700) at gmain.c:3064 #42 g_main_context_dispatch (context=context@entry=0xab9700) at gmain.c:3663 #43 0x00007f64cdd34b50 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=0x7ffce346d7e0, wfds=0x7ffce346d760, rfds=0x7ffce346d6e0, ecore_fds=<optimized out>, ctx=<optimized out>) at lib/ecore/ecore_glib.c:175 #44 _ecore_glib_select (ecore_fds=<optimized out>, rfds=0x7ffce346d6e0, wfds=0x7ffce346d760, efds=0x7ffce346d7e0, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:208 #45 0x00007f64cdd37b8c in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1481 #46 0x00007f64cdd38665 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1913 #47 0x00007f64cdd38827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988 #48 0x00007f64d5be0ebb in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #49 0x00007f64d3e81f7a in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffce346dc48) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #50 0x00007f64d3e81b88 in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffce346dc48) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #51 0x000000000040089a in main (argc=2, argv=0x7ffce346dc48) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test (76 bytes, text/html)
2015-11-24 10:26 PST, Renata Hodovan 		no flags
Details
Patch (12.44 KB, patch)
2016-08-26 02:04 PDT, Javier Fernandez 		no flags
DetailsFormatted DiffDiff
Patch (12.51 KB, patch)
2016-08-26 02:22 PDT, Javier Fernandez 		no flags
DetailsFormatted DiffDiff
Patch (12.46 KB, patch)
2016-08-26 08:57 PDT, Javier Fernandez 		no flags
DetailsFormatted DiffDiff
Patch (12.46 KB, patch)
2016-08-28 07:15 PDT, Javier Fernandez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Javier Fernandez
Comment 1 2015-11-25 02:20:24 PST
Yeah, this is an actual issue, indeed. Thanks for reporting, I'll take care of it ASAP.
Brent Fulgham
Comment 2 2016-08-04 18:29:56 PDT
This reproduces in r204037.
Radar WebKit Bug Importer
Comment 3 2016-08-04 18:30:15 PDT
<rdar://problem/27711829>
Javier Fernandez
Comment 4 2016-08-19 13:36:00 PDT
Somehow, I forgot about this bug. I'll take a look as soon as possible.
alan
Comment 5 2016-08-24 13:14:18 PDT
This is just an unsupported alignment value (blocked on bug 135460). *** This bug has been marked as a duplicate of bug 135460 ***
Javier Fernandez
Comment 6 2016-08-25 02:55:21 PDT
Even though bug #135460 can be considered the root cause of this bug, I'd not say it's duplicated. We shouldn't allow the layout code to reach those values, which are protected with an assert because the correspond to a new parsing logic of the new CSS Box Alignment specification. I think we had the new parsing logic implemented behind the GRID_LAYOUT compile flag, but if I remember correctly, we have remove it. I'd like to reopen the bug to investigate what happened and whether there is a way to avoid the assert even when the new values are not implemented.
alan
Comment 7 2016-08-25 09:16:38 PDT
(In reply to comment #6) > Even though bug #135460 can be considered the root cause of this bug, I'd > not say it's duplicated. We shouldn't allow the layout code to reach those > values, which are protected with an assert because the correspond to a new > parsing logic of the new CSS Box Alignment specification. > > I think we had the new parsing logic implemented behind the GRID_LAYOUT > compile flag, but if I remember correctly, we have remove it. > > I'd like to reopen the bug to investigate what happened and whether there is > a way to avoid the assert even when the new values are not implemented. Sure, please investigate it. Duping this to bug 135460 was more of a wishful thinking on my side :)
Javier Fernandez
Comment 8 2016-08-25 09:22:02 PDT
(In reply to comment #7) > (In reply to comment #6) > > I'd like to reopen the bug to investigate what happened and whether there is > > a way to avoid the assert even when the new values are not implemented. > Sure, please investigate it. Duping this to bug 135460 was more of a wishful > thinking on my side :) Np :) I'm on it and hopefully will send a patch for review today.
Javier Fernandez
Comment 9 2016-08-26 02:04:17 PDT
Created attachment 287081 [details] Patch
Javier Fernandez
Comment 10 2016-08-26 02:22:09 PDT
Created attachment 287087 [details] Patch
Javier Fernandez
Comment 11 2016-08-26 08:57:30 PDT
Created attachment 287108 [details] Patch
Darin Adler
Comment 12 2016-08-27 13:29:12 PDT
Comment on attachment 287108 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287108&action=review > Source/WebCore/css/parser/CSSParser.cpp:824 > + // FIXME: For now, we will do it behing the GRID_LAYOUT compile flag. Typo: behing > Source/WebCore/css/parser/CSSParser.cpp:830 > + // FIXME: For now, we will do it behing the GRID_LAYOUT compile flag. Ditto.
Javier Fernandez
Comment 13 2016-08-28 07:15:05 PDT
Created attachment 287232 [details] Patch
WebKit Commit Bot
Comment 14 2016-08-28 07:47:31 PDT
Comment on attachment 287232 [details] Patch Clearing flags on attachment: 287232 Committed r205102: <http://trac.webkit.org/changeset/205102>
WebKit Commit Bot
Comment 15 2016-08-28 07:47:38 PDT
All reviewed patches have been landed. Closing bug.
Csaba Osztrogonác
Comment 16 2016-09-01 03:19:29 PDT
(In reply to comment #14) > Comment on attachment 287232 [details] > Patch > > Clearing flags on attachment: 287232 > > Committed r205102: <http://trac.webkit.org/changeset/205102> It broke the !ENABLE(CSS_GRID_LAYOUT) build: ../../Source/WebCore/css/parser/CSSParser.cpp: In function 'bool WebCore::isKeywordPropertyID(WebCore::CSSPropertyID)': ../../Source/WebCore/css/parser/CSSParser.cpp:1160:58: error: 'class WebCore::RuntimeEnabledFeatures' has no member named 'isCSSGridLayoutEnabled' isCSSGridLayoutEnabled() shouldn't be used without #if ENABLE(CSS_GRID_LAYOUT) guard.
Javier Fernandez
Comment 17 2016-09-01 03:56:46 PDT
(In reply to comment #16) > (In reply to comment #14) > > Comment on attachment 287232 [details] > > Patch > > > > Clearing flags on attachment: 287232 > > > > Committed r205102: <http://trac.webkit.org/changeset/205102> > > It broke the !ENABLE(CSS_GRID_LAYOUT) build: > > ../../Source/WebCore/css/parser/CSSParser.cpp: In function 'bool > WebCore::isKeywordPropertyID(WebCore::CSSPropertyID)': > ../../Source/WebCore/css/parser/CSSParser.cpp:1160:58: error: 'class > WebCore::RuntimeEnabledFeatures' has no member named 'isCSSGridLayoutEnabled' > > isCSSGridLayoutEnabled() shouldn't be used without #if > ENABLE(CSS_GRID_LAYOUT) guard. Sorry about that. I'll land a fix ASAP.
Javier Fernandez
Comment 18 2016-09-01 06:56:52 PDT
(In reply to comment #17) > (In reply to comment #16) > > (In reply to comment #14) > > > Comment on attachment 287232 [details] > > > Patch > > > > > > Clearing flags on attachment: 287232 > > > > > > Committed r205102: <http://trac.webkit.org/changeset/205102> > > > > It broke the !ENABLE(CSS_GRID_LAYOUT) build: > > > > ../../Source/WebCore/css/parser/CSSParser.cpp: In function 'bool > > WebCore::isKeywordPropertyID(WebCore::CSSPropertyID)': > > ../../Source/WebCore/css/parser/CSSParser.cpp:1160:58: error: 'class > > WebCore::RuntimeEnabledFeatures' has no member named 'isCSSGridLayoutEnabled' > > > > isCSSGridLayoutEnabled() shouldn't be used without #if > > ENABLE(CSS_GRID_LAYOUT) guard. > > Sorry about that. I'll land a fix ASAP. I've filed bug #161485 to land the patch after getting green EWS.
Note You need to log in before you can comment on or make changes to this bug.