Bug 169739

Summary: [css-grid] Crash on debug removing a positioned child
Product: WebKit Reporter: Manuel Rego Casasnovas <rego>
Component: Layout and RenderingAssignee: Manuel Rego Casasnovas <rego>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, hodovan, jfernandez, simon.fraser, svillar, zalan
Priority: P2 Keywords: BlinkMergeCandidate
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.chromium.org/p/chromium/issues/detail?id=700383
Bug Depends on:    
Bug Blocks: 60731    
Attachments:
Description Flags
Example to reproduce the issue
none
Patch
none
Patch for landing none

Manuel Rego Casasnovas
Reported 2017-03-16 02:05:16 PDT
Created attachment 304619 [details] Example to reproduce the issue The problem is that when we remove a positioned child, the grid is not relayout but we're marking it as dirty. So when it's repainted we got a crash. The crash is: ASSERTION FAILED: !m_grid.needsItemsPlacement() /home/rego/checkout/WebKit/Source/WebCore/rendering/RenderGrid.cpp(1643) : virtual void WebCore::RenderGrid::paintChildren(WebCore::PaintInfo&, const WebCore::LayoutPoint&, WebCore::PaintInfo&, bool) This has been already fixed in Blink: https://codereview.chromium.org/2748983003/
Attachments
Example to reproduce the issue (683 bytes, text/html)
2017-03-16 02:05 PDT, Manuel Rego Casasnovas 		no flags
Details
Patch (5.03 KB, patch)
2017-03-16 02:31 PDT, Manuel Rego Casasnovas 		no flags
DetailsFormatted DiffDiff
Patch for landing (5.02 KB, patch)
2017-03-16 05:30 PDT, Manuel Rego Casasnovas 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Manuel Rego Casasnovas
Comment 1 2017-03-16 02:31:39 PDT
Created attachment 304623 [details] Patch
Sergio Villar Senin
Comment 2 2017-03-16 05:26:36 PDT
Comment on attachment 304623 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=304623&action=review Nice! > LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html:11 > + after removing the positioned item. --> Nit: don't need to split this comment in 3 lines
Manuel Rego Casasnovas
Comment 3 2017-03-16 05:30:27 PDT
Created attachment 304635 [details] Patch for landing
WebKit Commit Bot
Comment 4 2017-03-16 06:13:05 PDT
Comment on attachment 304635 [details] Patch for landing Clearing flags on attachment: 304635 Committed r214039: <http://trac.webkit.org/changeset/214039>
WebKit Commit Bot
Comment 5 2017-03-16 06:13:12 PDT
All reviewed patches have been landed. Closing bug.
Manuel Rego Casasnovas
Comment 6 2017-03-16 08:20:41 PDT
*** Bug 169749 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.