Bug 210584

Summary: Crash in IndefiniteSizeStrategy::recomputeUsedFlexFractionIfNeeded when min-size can not be resolved
Product: WebKit Reporter: zalan <zalan>
Component: Layout and RenderingAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, esprehn+autocc, ews-watchlist, glenn, jfernandez, kondapallykalyan, pdr, rego, simon.fraser, svillar, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

zalan
Reported 2020-04-15 18:25:13 PDT
<rdar://problem/56685237>
Attachments
Patch (4.00 KB, patch)
2020-04-15 18:30 PDT, zalan 		no flags
DetailsFormatted DiffDiff
Patch (4.02 KB, patch)
2020-04-16 10:13 PDT, zalan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
zalan
Comment 1 2020-04-15 18:30:06 PDT
Created attachment 396601 [details] Patch
zalan
Comment 2 2020-04-15 18:32:43 PDT
I haven't checked the grid spec so this might need to be turned into some kind of error state by returning false from this function. In general, or at least in block layout such circular dependencies could be just resolved by using the initial 0 value.
Manuel Rego Casasnovas
Comment 3 2020-04-16 02:19:10 PDT
Comment on attachment 396601 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396601&action=review Thanks for fixing this, LGTM. > Source/WebCore/rendering/GridTrackSizingAlgorithm.cpp:1017 > + freeSpace = std::max(freeSpace, minSize.valueOr(0_lu)) - renderGrid->guttersSize(grid, ForRows, 0, grid.numTracks(ForRows), availableSpace()); For heights we usually go with -1 when they're unknown (check just 2 lines above), but this is not going to change anything in the end if we use -1 or 0. If any of them is the max, then findFrUnitSize will return 0 (due to the early return in GridTrackSizingAlgorithm::findFrUnitSize()) so the final result would be the same. > LayoutTests/fast/css-grid-layout/crash-when-min-height-cant-be-resolved.html:6 > + grid: 1fr / auto-flow; Nit: This line can be simplified to "grid-template-rows: 1fr" as it's already enough to cause the crash.
zalan
Comment 4 2020-04-16 09:53:14 PDT
(In reply to Manuel Rego Casasnovas from comment #3) > Comment on attachment 396601 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=396601&action=review > > Thanks for fixing this, LGTM. > > > Source/WebCore/rendering/GridTrackSizingAlgorithm.cpp:1017 > > + freeSpace = std::max(freeSpace, minSize.valueOr(0_lu)) - renderGrid->guttersSize(grid, ForRows, 0, grid.numTracks(ForRows), availableSpace()); > > For heights we usually go with -1 when they're unknown (check just 2 lines > above), but this is not going to change anything in the end if we use -1 or > 0. If any of them is the max, then findFrUnitSize will return 0 (due to the > early return in GridTrackSizingAlgorithm::findFrUnitSize()) so the final > result would be the same. Yeah I saw that logic. I don't particularly like special -1 values, if the constraint can be resolved with the initial value, I'd rather go with that. Thanks for the review.
zalan
Comment 5 2020-04-16 10:13:19 PDT
Created attachment 396660 [details] Patch
EWS
Comment 6 2020-04-16 10:39:34 PDT
Committed r260196: <https://trac.webkit.org/changeset/260196> All reviewed patches have been landed. Closing bug and clearing flags on attachment 396660 [details].
Note You need to log in before you can comment on or make changes to this bug.