Bug 235194

Summary:

<dialog> with transformed ancestor asserts under RenderGeometryMap

Product:

WebKit

Reporter:

Simon Fraser (smfr) <simon.fraser>

Component:

DOM

Assignee:

Simon Fraser (smfr) <simon.fraser>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

changseok, esprehn+autocc, ews-watchlist, fred.wang, glenn, koivisto, kondapallykalyan, mrobinson, ntim, pdr, simon.fraser, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

235272

Bug Blocks:

84635

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	koivisto: review+, ews-feeder: commit-queue-
Patch	none
Patch	none

Simon Fraser (smfr)

Reported 2022-01-13 11:31:39 PST

imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/top-layer-parent-transform.html triggers an assertion: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x7bf6ddf9e WTFCrash + 14 1 WebCore 0x7d2e0f49b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 WebCore 0x7d77b6ca6 WebCore::RenderObject::offsetFromAncestorContainer(WebCore::RenderElement&) const + 262 3 WebCore 0x7d7628382 WebCore::RenderBox::pushMappingToContainer(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap&) const + 226 (RenderBox.cpp:2361) 4 WebCore 0x7d76daa8f WebCore::RenderGeometryMap::pushMappingsToAncestor(WebCore::RenderObject const*, WebCore::RenderLayerModelObject const*) + 79 (RenderGeometryMap.cpp:140) 5 WebCore 0x7d76dae5d WebCore::RenderGeometryMap::pushMappingsToAncestor(WebCore::RenderLayer const*, WebCore::RenderLayer const*, bool) + 557 (RenderGeometryMap.cpp:197) 6 WebCore 0x7d7702142 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 162 (RenderLayer.cpp:962) 7 WebCore 0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053) 8 WebCore 0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053) 9 WebCore 0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053) 10 WebCore 0x7d7702bda WebCore::RenderLayer::updateLayerPositionsAfterLayout(bool, bool) + 218 (RenderLayer.cpp:952) 11 WebCore 0x7d6ca51e1 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::EmptyCounter>) + 129 (FrameView.cpp:1319) 12 WebCore 0x7d6c9abf8 WebCore::FrameViewLayoutContext::layout() + 2728 (FrameViewLayoutContext.cpp:259) 13 WebCore 0x7d5f8ac56 WebCore::Document::implicitClose() + 1046 (Document.cpp:3218) 14 WebCore 0x7d6aa428b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:942)

Attachments
Patch (15.56 KB, patch) 2022-01-13 21:37 PST, Simon Fraser (smfr)	no flags	Details Formatted Diff Diff
Patch (13.62 KB, patch) 2022-01-18 09:32 PST, Simon Fraser (smfr)	no flags	Details Formatted Diff Diff
Patch (21.54 KB, patch) 2022-01-19 11:16 PST, Simon Fraser (smfr)	no flags	Details Formatted Diff Diff
Patch (18.32 KB, patch) 2022-01-19 11:22 PST, Simon Fraser (smfr)	koivisto: review+ ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (18.14 KB, patch) 2022-01-19 12:05 PST, Simon Fraser (smfr)	no flags	Details Formatted Diff Diff
Patch (19.44 KB, patch) 2022-01-19 12:20 PST, Simon Fraser (smfr)	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Simon Fraser (smfr)

Comment 1 2022-01-13 21:37:36 PST

Created attachment 449140 [details] Patch

Simon Fraser (smfr)

Comment 2 2022-01-18 09:32:49 PST

Created attachment 449398 [details] Patch

Martin Robinson

Comment 3 2022-01-19 04:13:55 PST

*** Bug 235063 has been marked as a duplicate of this bug. ***

Simon Fraser (smfr)

Comment 4 2022-01-19 11:16:47 PST

Created attachment 449498 [details] Patch

Simon Fraser (smfr)

Comment 5 2022-01-19 11:22:51 PST

Created attachment 449499 [details] Patch

Antti Koivisto

Comment 6 2022-01-19 11:36:09 PST

Comment on attachment 449499 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=449499&action=review > Source/WebCore/rendering/RenderElement.h:112 > + RenderLayer* layerParentRespectingTopLayer() const; > + RenderLayer* layerNextSiblingRespectingTopLayer(RenderLayer& parentLayer) const; Do we have non-respecting versions and what are they good for? Could we just have these without "RespectingTopLayer" part?

Antti Koivisto

Comment 7 2022-01-19 11:49:32 PST

Comment on attachment 449499 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=449499&action=review > Source/WebCore/rendering/RenderElement.cpp:637 > +static RenderLayer* findNextLayer(const RenderElement& currRenderer, RenderLayer& parentLayer, const RenderObject* siblingToTraverseFrom, bool checkParent = true) I know this is just function that moves but it would nice to make it better. I suspect what it does could be expressed cleanly (by making it iterative and separation layer testing from traversal) but currently it is pretty incomprehensible. currRenderer is not current WebKit style It is not super clear what "next layer" here means. Next in depth-first order? siblingToTraverseFrom is really weird too.

Simon Fraser (smfr)

Comment 8 2022-01-19 12:05:16 PST

Created attachment 449504 [details] Patch

Simon Fraser (smfr)

Comment 9 2022-01-19 12:20:00 PST

Created attachment 449506 [details] Patch

Radar WebKit Bug Importer

Comment 10 2022-01-19 12:25:19 PST

<rdar://problem/87785288>

EWS

Comment 11 2022-01-19 19:54:37 PST

Committed r288267 (246209@main): <https://commits.webkit.org/246209@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 449506 [details].

Note You need to log in before you can comment on or make changes to this bug.