Bug 169739

Summary: [css-grid] Crash on debug removing a positioned child
Product: WebKit Reporter: Manuel Rego Casasnovas <rego>
Component: Layout and RenderingAssignee: Manuel Rego Casasnovas <rego>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, hodovan, jfernandez, simon.fraser, svillar, zalan
Priority: P2 Keywords: BlinkMergeCandidate
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.chromium.org/p/chromium/issues/detail?id=700383
Bug Depends on:    
Bug Blocks: 60731    
Attachments:
Description Flags
Example to reproduce the issue
none
Patch
none
Patch for landing none

Description Manuel Rego Casasnovas 2017-03-16 02:05:16 PDT 
Created attachment 304619 [details]
Example to reproduce the issue

The problem is that when we remove a positioned child, the grid is not relayout but we're marking it as dirty. So when it's repainted we got a crash. The crash is:

ASSERTION FAILED: !m_grid.needsItemsPlacement()
/home/rego/checkout/WebKit/Source/WebCore/rendering/RenderGrid.cpp(1643) : virtual void WebCore::RenderGrid::paintChildren(WebCore::PaintInfo&, const WebCore::LayoutPoint&, WebCore::PaintInfo&, bool)

This has been already fixed in Blink: https://codereview.chromium.org/2748983003/
Comment 1 Manuel Rego Casasnovas 2017-03-16 02:31:39 PDT 
Created attachment 304623 [details]
Patch
Comment 2 Sergio Villar Senin 2017-03-16 05:26:36 PDT 
Comment on attachment 304623 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=304623&action=review

Nice!

> LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html:11
> +       after removing the positioned item. -->

Nit: don't need to split this comment in 3 lines
Comment 3 Manuel Rego Casasnovas 2017-03-16 05:30:27 PDT 
Created attachment 304635 [details]
Patch for landing
Comment 4 WebKit Commit Bot 2017-03-16 06:13:05 PDT 
Comment on attachment 304635 [details]
Patch for landing

Clearing flags on attachment: 304635

Committed r214039: <http://trac.webkit.org/changeset/214039>
Comment 5 WebKit Commit Bot 2017-03-16 06:13:12 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Manuel Rego Casasnovas 2017-03-16 08:20:41 PDT 
*** Bug 169749 has been marked as a duplicate of this bug. ***