Bug 235572

Summary:

ASSERTION FAILED: layoutState->renderer() == this ../../Source/WebCore/rendering/RenderBlock.cpp(2866)

Product:

WebKit

Reporter:

A <alset0326>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
html that trigger crash	none

Description A 2022-01-25 04:22:59 PST

Created attachment 449913 [details]
html that trigger crash

1. build a debug webkit
2. open html
3. crash

ASSERTION FAILED: layoutState->renderer() == this
../../Source/WebCore/rendering/RenderBlock.cpp(2866) : virtual WebCore::LayoutUnit WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
1   0x7f235dcd7964 WTFReportBacktrace
2   0x7f235dcd7c01 WTFCrash
3   0x7f23777ceba1 WTF::CrashOnOverflow::overflowed()
4   0x7f2380f2a522 WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
5   0x7f2380f2ae62 WebCore::RenderBlock::computeFragmentRangeForBoxChild(WebCore::RenderBox const&) const
6   0x7f2380f2b2ca WebCore::RenderBlock::estimateFragmentRangeForBoxChild(WebCore::RenderBox const&) const
7   0x7f2380f0d18f WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool)
8   0x7f2380f0db11 WebCore::RenderBlock::layoutPositionedObjects(bool, bool)
9   0x7f2380fdfaa6 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
10  0x7f2380f088ab WebCore::RenderBlock::layout()
11  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
12  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
13  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
14  0x7f2380f088ab WebCore::RenderBlock::layout()
15  0x7f2380e4be9e WebCore::RenderElement::layoutIfNeeded()
16  0x7f2380ff97af WebCore::RenderBlockFlow::positionNewFloats()
17  0x7f2380fe3c54 WebCore::RenderBlockFlow::adjustFloatingBlock(WebCore::RenderBlockFlow::MarginInfo const&)
18  0x7f2380fe0c6c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
19  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
20  0x7f2380f088ab WebCore::RenderBlock::layout()
21  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
22  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
23  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
24  0x7f2380f088ab WebCore::RenderBlock::layout()
25  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
26  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
27  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
28  0x7f2380f088ab WebCore::RenderBlock::layout()
29  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
30  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
31  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)

Comment 1 Radar WebKit Bug Importer 2022-02-01 04:23:15 PST

<rdar://problem/88322109>