Bug 210584

Summary:

Crash in IndefiniteSizeStrategy::recomputeUsedFlexFractionIfNeeded when min-size can not be resolved

Product:

WebKit

Reporter:

zalan <zalan>

Component:

Layout and Rendering

Assignee:

zalan <zalan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, esprehn+autocc, ews-watchlist, glenn, jfernandez, kondapallykalyan, pdr, rego, simon.fraser, svillar, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none

Description zalan 2020-04-15 18:25:13 PDT

<rdar://problem/56685237>

Comment 1 zalan 2020-04-15 18:30:06 PDT

Created attachment 396601 [details]
Patch

Comment 2 zalan 2020-04-15 18:32:43 PDT

I haven't checked the grid spec so this might need to be turned into some kind of error state by returning false from this function. In general, or at least in block layout such circular dependencies could be just resolved by using the initial 0 value.

Comment 3 Manuel Rego Casasnovas 2020-04-16 02:19:10 PDT

Comment on attachment 396601 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=396601&action=review

Thanks for fixing this, LGTM.

> Source/WebCore/rendering/GridTrackSizingAlgorithm.cpp:1017
> +    freeSpace = std::max(freeSpace, minSize.valueOr(0_lu)) - renderGrid->guttersSize(grid, ForRows, 0, grid.numTracks(ForRows), availableSpace());

For heights we usually go with -1 when they're unknown (check just 2 lines above), but this is not going to change anything in the end if we use -1 or 0. If any of them is the max, then findFrUnitSize will return 0 (due to the early return in GridTrackSizingAlgorithm::findFrUnitSize()) so the final result would be the same.

> LayoutTests/fast/css-grid-layout/crash-when-min-height-cant-be-resolved.html:6
> +    grid: 1fr / auto-flow;

Nit: This line can be simplified to "grid-template-rows: 1fr" as it's already enough to cause the crash.

Comment 4 zalan 2020-04-16 09:53:14 PDT

(In reply to Manuel Rego Casasnovas from comment #3)
> Comment on attachment 396601 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=396601&action=review
> 
> Thanks for fixing this, LGTM.
> 
> > Source/WebCore/rendering/GridTrackSizingAlgorithm.cpp:1017
> > +    freeSpace = std::max(freeSpace, minSize.valueOr(0_lu)) - renderGrid->guttersSize(grid, ForRows, 0, grid.numTracks(ForRows), availableSpace());
> 
> For heights we usually go with -1 when they're unknown (check just 2 lines
> above), but this is not going to change anything in the end if we use -1 or
> 0. If any of them is the max, then findFrUnitSize will return 0 (due to the
> early return in GridTrackSizingAlgorithm::findFrUnitSize()) so the final
> result would be the same.
Yeah I saw that logic. I don't particularly like special -1 values, if the constraint can be resolved with the initial value, I'd rather go with that.
Thanks for the review.

Comment 5 zalan 2020-04-16 10:13:19 PDT

Created attachment 396660 [details]
Patch

Comment 6 EWS 2020-04-16 10:39:34 PDT

Committed r260196: <https://trac.webkit.org/changeset/260196>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 396660 [details].