Bug 152113

Summary:

ASSERTION FAILED: flowThread->regionInRange(region, startRegion, endRegion) in WebCore::RenderBox::borderBoxRectInRegion

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

Layout and Rendering

Assignee:

zalan <zalan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abucur, bfulgham, commit-queue, esprehn+autocc, glenn, kondapallykalyan, simon.fraser, stavila, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test	none
Test reduction	none
Test reduction	none
Test reduction	none
Patch	none
Patch	none
Patch	none

Renata Hodovan

Reported 2015-12-10 02:15:01 PST

Created attachment 267082 [details] Test Load the attached test with debug MiniBrowser: <style> h2 { column-span: all } * { column-width: 91cm } </style> <div> <h2></h2> </div> <video controls></video> <h2></h2> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 2559fac Backtrace: ASSERTION FAILED: flowThread->regionInRange(region, startRegion, endRegion) ../../Source/WebCore/rendering/RenderBox.cpp(222) : WebCore::LayoutRect WebCore::RenderBox::borderBoxRectInRegion(WebCore::RenderRegion*, WebCore::RenderBox::RenderBoxRegionInfoFlags) const 1 0x7f0e7d1e9fb8 WTFCrash 2 0x7f0e7bf9f035 WebCore::RenderBox::borderBoxRectInRegion(WebCore::RenderRegion*, WebCore::RenderBox::RenderBoxRegionInfoFlags) const 3 0x7f0e7c0ec960 WebCore::RenderRegion::ensureOverflowForBox(WebCore::RenderBox const*, WTF::RefPtr<WebCore::RenderOverflow>&, bool) 4 0x7f0e7c0ed19e WebCore::RenderRegion::visualOverflowRectForBox(WebCore::RenderBoxModelObject const&) 5 0x7f0e7c0eb160 WebCore::RenderRegion::overflowRectForFlowThreadPortion(WebCore::LayoutRect const&, bool, bool, WebCore::RenderRegion::OverflowType) 6 0x7f0e7c0eaf9e WebCore::RenderRegion::flowThreadPortionOverflowRect() 7 0x7f0e7c0c7ac2 WebCore::RenderMultiColumnSet::repaintFlowThreadContent(WebCore::LayoutRect const&) 8 0x7f0e7c00b8e6 WebCore::RenderFlowThread::repaintRectangleInRegions(WebCore::LayoutRect const&) const 9 0x7f0e7c0dfc03 WebCore::RenderObject::repaintUsingContainer(WebCore::RenderLayerModelObject const*, WebCore::LayoutRect const&, bool) const 10 0x7f0e7bfebfc5 WebCore::RenderElement::repaintAfterLayoutIfNeeded(WebCore::RenderLayerModelObject const*, WebCore::LayoutRect const&, WebCore::LayoutRect const&, WebCore::LayoutRect const*, WebCore::LayoutRect const*) 11 0x7f0e7cc25c41 WebCore::LayoutRepainter::repaintAfterLayout() 12 0x7f0e7bf69245 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 13 0x7f0e7bf3abb2 WebCore::RenderBlock::layout() 14 0x7f0e7bf69d38 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 15 0x7f0e7bf69876 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 16 0x7f0e7bf68cd6 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 17 0x7f0e7bf3abb2 WebCore::RenderBlock::layout() 18 0x7f0e7c00a6d9 WebCore::RenderFlowThread::layout() 19 0x7f0e7c0bec18 WebCore::RenderMultiColumnFlowThread::layout() 20 0x7f0e7bf79326 WebCore::RenderBlockFlow::layoutSpecialExcludedChild(bool) 21 0x7f0e7bf69737 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 22 0x7f0e7bf68cd6 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 23 0x7f0e7bf3abb2 WebCore::RenderBlock::layout() 24 0x7f0e7bf69d38 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 25 0x7f0e7bf69876 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 26 0x7f0e7bf68cd6 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 27 0x7f0e7bf3abb2 WebCore::RenderBlock::layout() 28 0x7f0e7c00a6d9 WebCore::RenderFlowThread::layout() 29 0x7f0e7c0bec18 WebCore::RenderMultiColumnFlowThread::layout() 30 0x7f0e7bf79326 WebCore::RenderBlockFlow::layoutSpecialExcludedChild(bool) 31 0x7f0e7bf69737 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f0e7d1e9fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f0e80d1fa80 (LWP 21680))] #0 0x00007f0e7d1e9fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f0e7bf9f035 in WebCore::RenderBox::borderBoxRectInRegion (this=0x7f0e149606a8, region=0x7f0e149548c0, cacheFlag=WebCore::RenderBox::CacheRenderBoxRegionInfo) at ../../Source/WebCore/rendering/RenderBox.cpp:222 #2 0x00007f0e7c0ec960 in WebCore::RenderRegion::ensureOverflowForBox (this=0x7f0e149548c0, box=0x7f0e149606a8, overflow=..., forceCreation=true) at ../../Source/WebCore/rendering/RenderRegion.cpp:436 #3 0x00007f0e7c0ed19e in WebCore::RenderRegion::visualOverflowRectForBox (this=0x7f0e149548c0, box=...) at ../../Source/WebCore/rendering/RenderRegion.cpp:528 #4 0x00007f0e7c0eb160 in WebCore::RenderRegion::overflowRectForFlowThreadPortion (this=0x7f0e149548c0, flowThreadPortionRect=..., isFirstPortion=false, isLastPortion=true, overflowType=WebCore::RenderRegion::VisualOverflow) at ../../Source/WebCore/rendering/RenderRegion.cpp:159 #5 0x00007f0e7c0eaf9e in WebCore::RenderRegion::flowThreadPortionOverflowRect (this=0x7f0e149548c0) at ../../Source/WebCore/rendering/RenderRegion.cpp:134 #6 0x00007f0e7c0c7ac2 in WebCore::RenderMultiColumnSet::repaintFlowThreadContent (this=0x7f0e149548c0, repaintRect=...) at ../../Source/WebCore/rendering/RenderMultiColumnSet.cpp:666 #7 0x00007f0e7c00b8e6 in WebCore::RenderFlowThread::repaintRectangleInRegions (this=0x7f0e149606a8, repaintRect=...) at ../../Source/WebCore/rendering/RenderFlowThread.cpp:389 #8 0x00007f0e7c0dfc03 in WebCore::RenderObject::repaintUsingContainer (this=0x7f0e5cbb6508, repaintContainer=0x7f0e149606a8, r=..., shouldClipToLayer=true) at ../../Source/WebCore/rendering/RenderObject.cpp:898 #9 0x00007f0e7bfebfc5 in WebCore::RenderElement::repaintAfterLayoutIfNeeded (this=0x7f0e5cbb6508, repaintContainer=0x7f0e149606a8, oldBounds=..., oldOutlineBox=..., newBoundsPtr=0x0, newOutlineBoxRectPtr=0x0) at ../../Source/WebCore/rendering/RenderElement.cpp:1321 #10 0x00007f0e7cc25c41 in WebCore::LayoutRepainter::repaintAfterLayout (this=0x7ffeaa1ee520) at ../../Source/WebCore/rendering/LayoutRepainter.cpp:47 #11 0x00007f0e7bf69245 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f0e5cbb6508, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:544 #12 0x00007f0e7bf3abb2 in WebCore::RenderBlock::layout (this=0x7f0e5cbb6508) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #13 0x00007f0e7bf69d38 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f0e149606a8, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #14 0x00007f0e7bf69876 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f0e149606a8, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #15 0x00007f0e7bf68cd6 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f0e149606a8, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #16 0x00007f0e7bf3abb2 in WebCore::RenderBlock::layout (this=0x7f0e149606a8) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #17 0x00007f0e7c00a6d9 in WebCore::RenderFlowThread::layout (this=0x7f0e149606a8) at ../../Source/WebCore/rendering/RenderFlowThread.cpp:202 #18 0x00007f0e7c0bec18 in WebCore::RenderMultiColumnFlowThread::layout (this=0x7f0e149606a8) at ../../Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:126 #19 0x00007f0e7bf79326 in WebCore::RenderBlockFlow::layoutSpecialExcludedChild (this=0x7f0e5cbb6398, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3771 #20 0x00007f0e7bf69737 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f0e5cbb6398, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:604 #21 0x00007f0e7bf68cd6 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f0e5cbb6398, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #22 0x00007f0e7bf3abb2 in WebCore::RenderBlock::layout (this=0x7f0e5cbb6398) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #23 0x00007f0e7bf69d38 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f0e14960470, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #24 0x00007f0e7bf69876 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f0e14960470, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #25 0x00007f0e7bf68cd6 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f0e14960470, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #26 0x00007f0e7bf3abb2 in WebCore::RenderBlock::layout (this=0x7f0e14960470) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #27 0x00007f0e7c00a6d9 in WebCore::RenderFlowThread::layout (this=0x7f0e14960470) at ../../Source/WebCore/rendering/RenderFlowThread.cpp:202 #28 0x00007f0e7c0bec18 in WebCore::RenderMultiColumnFlowThread::layout (this=0x7f0e14960470) at ../../Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:126 #29 0x00007f0e7bf79326 in WebCore::RenderBlockFlow::layoutSpecialExcludedChild (this=0x7f0e5cbb62e0, relayoutChildren=false) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3771 #30 0x00007f0e7bf69737 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f0e5cbb62e0, relayoutChildren=false, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:604 #31 0x00007f0e7bf68cd6 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f0e5cbb62e0, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #32 0x00007f0e7bf3abb2 in WebCore::RenderBlock::layout (this=0x7f0e5cbb62e0) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #33 0x00007f0e7bf69d38 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f0e5cb5c250, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #34 0x00007f0e7bf69876 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f0e5cb5c250, relayoutChildren=false, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #35 0x00007f0e7bf68cd6 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f0e5cb5c250, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #36 0x00007f0e7bf3abb2 in WebCore::RenderBlock::layout (this=0x7f0e5cb5c250) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #37 0x00007f0e7c151d77 in WebCore::RenderView::layoutContent (this=0x7f0e5cb5c250, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253 #38 0x00007f0e7c15246f in WebCore::RenderView::layout (this=0x7f0e5cb5c250) at ../../Source/WebCore/rendering/RenderView.cpp:378 #39 0x00007f0e7bd177dc in WebCore::FrameView::layout (this=0x7f0e5ca0c000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1427 #40 0x00007f0e7bd1bced in WebCore::FrameView::layoutTimerFired (this=0x7f0e5ca0c000) at ../../Source/WebCore/page/FrameView.cpp:2599 #41 0x00007f0e7bd355a3 in std::_Mem_fn_base<void (WebCore::FrameView::*)(), true>::operator()<, void>(std::_Mem_fn_base<void (WebCore::FrameView::*)(), true>::_Class *) const (this=0x234f570, __object=0x7f0e5ca0c000) at /usr/include/c++/5/functional:600 #42 0x00007f0e7bd34225 in std::_Bind<std::_Mem_fn<void (WebCore::FrameView::*)()>(WebCore::FrameView*)>::__call<void, 0ul>(<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x0, DIE 0x230cc9>, std::_Index_tuple<0ul>) (this=0x234f570, __args=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x0, DIE 0x230cc9>) at /usr/include/c++/5/functional:1074 #43 0x00007f0e7bd31f83 in std::_Bind<std::_Mem_fn<void (WebCore::FrameView::*)()>(WebCore::FrameView*)>::operator()<, void>(void) (this=0x234f570) at /usr/include/c++/5/functional:1133 #44 0x00007f0e7bd2e67e in std::_Function_handler<void(), std::_Bind<std::_Mem_fn<void (WebCore::FrameView::*)()>(WebCore::FrameView*)> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/5/functional:1871 #45 0x00007f0e7af3c108 in std::function<void()>::operator()(void) const (this=0x7f0e5ca0c190) at /usr/include/c++/5/functional:2271 #46 0x00007f0e7afe9f90 in WebCore::Timer::fired (this=0x7f0e5ca0c158) at ../../Source/WebCore/platform/Timer.h:133 #47 0x00007f0e7bdff409 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f0e5cbd3488) at ../../Source/WebCore/platform/ThreadTimers.cpp:121 #48 0x00007f0e7bdfefb1 in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0x7f0e80c040a8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at ../../Source/WebCore/platform/ThreadTimers.cpp:73 #49 0x00007f0e7bdff5de in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/5/functional:1871 #50 0x00007f0e7af3c108 in std::function<void()>::operator()(void) const (this=0x7f0e80c040a8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at /usr/include/c++/5/functional:2271 #51 0x00007f0e7cbc2cd3 in WebCore::MainThreadSharedTimer::fired (this=0x7f0e80c040a0 <WebCore::MainThreadSharedTimer::singleton()::instance>) at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52 #52 0x00007f0e7cdcd8a4 in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44 #53 0x00007f0e753b80ce in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336 #54 _ecore_timer_expired_call (when=798321.33057432994) at lib/ecore/ecore_timer.c:733 #55 0x00007f0e753b821b in _ecore_timer_expired_timers_call (when=798321.33057432994) at lib/ecore/ecore_timer.c:686 #56 0x00007f0e753b4215 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1832 #57 0x00007f0e753b4827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988 #58 0x00007f0e7d248647 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #59 0x00007f0e7b4e735c in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffeaa1f00c8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #60 0x00007f0e7b4e6f6a in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffeaa1f00c8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #61 0x000000000040089a in main (argc=2, argv=0x7ffeaa1f00c8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Attachments
Test (135 bytes, text/html) 2015-12-10 02:15 PST, Renata Hodovan	no flags	Details
Test reduction (191 bytes, text/html) 2016-08-29 09:23 PDT, zalan	no flags	Details
Test reduction (199 bytes, text/html) 2016-08-29 10:01 PDT, zalan	no flags	Details
Test reduction (138 bytes, text/html) 2016-11-13 18:54 PST, zalan	no flags	Details
Patch (6.28 KB, patch) 2016-12-01 20:27 PST, zalan	no flags	Details Formatted Diff Diff
Patch (8.98 KB, patch) 2016-12-02 11:35 PST, zalan	no flags	Details Formatted Diff Diff
Patch (8.82 KB, patch) 2016-12-02 11:47 PST, zalan	no flags	Details Formatted Diff Diff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-05 09:19:52 PDT

This reproduces in r204037.

Radar WebKit Bug Importer

Comment 2 2016-08-05 09:20:33 PDT

<rdar://problem/27720221>

zalan

Comment 3 2016-08-29 09:23:57 PDT

Created attachment 287273 [details] Test reduction

zalan

Comment 4 2016-08-29 10:01:11 PDT

Created attachment 287276 [details] Test reduction

zalan

Comment 5 2016-11-13 18:54:29 PST

Created attachment 294684 [details] Test reduction

zalan

Comment 6 2016-12-01 20:27:21 PST

Created attachment 295926 [details] Patch

zalan

Comment 7 2016-12-02 11:35:14 PST

Created attachment 295970 [details] Patch

Dave Hyatt

Comment 8 2016-12-02 11:41:22 PST

Comment on attachment 295970 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=295970&action=review r=me > Source/WebCore/rendering/RenderBlockFlow.cpp:436 > + // Pagination always intiates MultiColumnFlowThread. Typo. initiates. > Source/WebCore/rendering/RenderBlockFlow.cpp:443 > + // column-axis intiates MultiColumnFlowThread. Typo again. > Source/WebCore/rendering/RenderBlockFlow.cpp:447 > + // Non-auto column-width always intiates MultiColumnFlowThread. Typo. > Source/WebCore/rendering/RenderBlockFlow.cpp:451 > + // column-count > 1 always intiates MultiColumnFlowThread. Typo.

zalan

Comment 9 2016-12-02 11:47:53 PST

Created attachment 295972 [details] Patch

WebKit Commit Bot

Comment 10 2016-12-02 13:25:38 PST

Comment on attachment 295972 [details] Patch Clearing flags on attachment: 295972 Committed r209259: <http://trac.webkit.org/changeset/209259>

WebKit Commit Bot

Comment 11 2016-12-02 13:25:43 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.