Bug 222711

Summary: ASSERTION FAILED: contentSize >= 0 in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: Layout and RenderingAssignee: Sergio Villar Senin <svillar>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, cdumez, changseok, esprehn+autocc, ews-watchlist, glenn, koivisto, kondapallykalyan, pdr, rbuis, sabouhallawa, simon.fraser, svillar, thorton, webkit-bot-watchers-bugzilla, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=222651
Attachments:
Description Flags
Patch
simon.fraser: review+, zalan: commit-queue-
Patch none

Ryan Haddad
Reported 2021-03-03 23:25:28 PST
imported/w3c/web-platform-tests/css/css-flexbox/frameset-crash.html, which was recently imported with https://trac.webkit.org/changeset/273825/webkit, is frequently asserting on iOS and macOS debug bots. https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fcss%2Fcss-flexbox%2Fframeset-crash.html ASSERTION FAILED: contentSize >= 0 ./rendering/RenderFlexibleBox.cpp(1210) : WebCore::LayoutUnit WefbCore::RenderFlexibleBox::adjustChildSizeForMinAndMax(const WebCore::RenderBox &, WebCore::LayoutUnit) 1 0x144404329 WTFCrash 2 0x127ee57db WTFCrashWithInfo(int, char const*, char const*, int) 3 0x12c8ccbaa WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax(WebCore::RenderBox const&, WebCore::LayoutUnit) 4 0x12c8ca6f0 WebCore::RenderFlexibleBox::constructFlexItem(WebCore::RenderBox&, bool) 5 0x12c8c585a WebCore::RenderFlexibleBox::layoutFlexItems(bool) 6 0x12c8c5364 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 7 0x12c7db8b9 WebCore::RenderBlock::layout() 8 0x12c7f6a02 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 9 0x12c7f5344 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 10 0x12c7f41c3 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 11 0x12c7db8b9 WebCore::RenderBlock::layout() 12 0x12c7f6a02 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 13 0x12c7f5344 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 14 0x12c7f41c3 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x12c7db8b9 WebCore::RenderBlock::layout() 16 0x12c7f6a02 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x12c7f5344 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 18 0x12c7f41c3 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x12c7db8b9 WebCore::RenderBlock::layout() 20 0x12caaee33 WebCore::RenderView::layout() 21 0x12be804b1 WebCore::FrameViewLayoutContext::layout() 22 0x12af61ce6 WebCore::Document::implicitClose() 23 0x12bc44d6b WebCore::FrameLoader::checkCallImplicitClose() 24 0x12bc4479a WebCore::FrameLoader::checkCompleted() 25 0x12bc42887 WebCore::FrameLoader::finishedParsing() 26 0x12af76866 WebCore::Document::finishedParsing() 27 0x12b76fdd8 WebCore::HTMLConstructionSite::finishedParsing() 28 0x12b7b8c97 WebCore::HTMLTreeBuilder::finished() 29 0x12b777418 WebCore::HTMLDocumentParser::end() 30 0x12b7750e8 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 31 0x12b774e27 WebCore::HTMLDocumentParser::prepareToStopParsing()
Attachments
Patch (3.97 KB, patch)
2021-03-16 05:26 PDT, Sergio Villar Senin 		simon.fraser: review+
zalan: commit-queue-
DetailsFormatted DiffDiff
Patch (4.52 KB, patch)
2021-05-04 04:11 PDT, Sergio Villar Senin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-03-03 23:25:55 PST
<rdar://problem/75022692>
Sergio Villar Senin
Comment 2 2021-03-04 00:49:04 PST
Committed r273876 (234837@main): <https://commits.webkit.org/234837@main>
Sergio Villar Senin
Comment 3 2021-03-04 00:50:12 PST
This was not meant to be closed. I've just landed in r273876 a gardening patch skipping this test in Debug until we figure out what's going on.
Sergio Villar Senin
Comment 4 2021-03-16 05:26:33 PDT
Created attachment 423322 [details] Patch
Sergio Villar Senin
Comment 5 2021-03-18 05:17:43 PDT
Ping reviewers
Sergio Villar Senin
Comment 6 2021-04-13 01:52:40 PDT
Another gentle ping
zalan
Comment 7 2021-05-03 18:52:25 PDT
Comment on attachment 423322 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423322&action=review > Source/WebCore/rendering/RenderFrameSet.cpp:437 > + ASSERT(preferredLogicalWidthsDirty()); > + > + RenderBox::computePreferredLogicalWidths(style().logicalMinWidth(), style().logicalMaxWidth(), borderAndPaddingLogicalWidth()); > + setPreferredLogicalWidthsDirty(false); I am curious as to why RenderBox::computePreferredLogicalWidths() does not simply call the other computePreferredLogicalWidths() function. I did a quick grep and it looked like many RenderBox subclasses override this function. It would be interesting to know if there's another class that's missing the override and whether it is intentional or just a mistake like this. I'd move this functionality up to the RenderBox unless there's a good reason not to (so that we don't end up with this exact same bug if someone introduces a new subclass).
Sergio Villar Senin
Comment 8 2021-05-04 04:11:39 PDT
Created attachment 427650 [details] Patch Something like this Alan?
zalan
Comment 9 2021-05-04 06:41:58 PDT
(In reply to Sergio Villar Senin from comment #8) > Created attachment 427650 [details] > Patch > > Something like this Alan? Exactly like this! Thanks! Will review it in a bit.
zalan
Comment 10 2021-05-04 10:19:44 PDT
Comment on attachment 427650 [details] Patch So it looks like there are 2 classes with no computePreferredLogicalWidths override, RenderTableRow and RenderMultiColumnSpannerPlaceholder. If this patch regresses them in any way, we could just override and leave them empty with an explanation of why they should not need to provide the preferred logical width.
EWS
Comment 11 2021-05-04 11:19:51 PDT
Committed r276971 (237300@main): <https://commits.webkit.org/237300@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427650 [details].
Note You need to log in before you can comment on or make changes to this bug.