Bug 253182

Summary:

Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCore::RenderBox::nextSiblingBox() const

Product:

WebKit

Reporter:

Sammy Gill <sgill26>

Component:

Layout and Rendering

Assignee:

Sammy Gill <sgill26>

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

bfulgham, mmaxfield, simon.fraser, webkit-bug-importer, wenson_hsieh, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Testcase	none

Sammy Gill

Reported 2023-03-01 11:49:05 PST

Created attachment 465249 [details] Testcase The assertion gets triggered with the attached test case. The next sibling is a RenderText so nextSiblingBox returns nullptr

Attachments
Testcase (559 bytes, text/html) 2023-03-01 11:49 PST, Sammy Gill	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-03-01 14:05:48 PST

<rdar://problem/106105433>

Alexey Proskuryakov

Comment 2 2023-03-05 12:02:51 PST

This isn't just an assertion failure, but a 100% reproducible crash in production builds. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x1bed1fecc WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 512 1 WebCore 0x1bed2035c WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1680 2 WebCore 0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796 3 WebCore 0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452 4 WebCore 0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76 5 WebCore 0x1c0bbcfac WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 80 6 WebCore 0x1c0bbcd38 WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 128 7 WebCore 0x1bed20298 WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1484 8 WebCore 0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796 9 WebCore 0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452 10 WebCore 0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76 11 WebCore 0x1c0bea950 WebCore::RenderBox::computeLogicalWidthInFragmentUsing(WebCore::SizeType, WebCore::Length, WebCore::LayoutUnit, WebCore::RenderBlock const&, WebCore::RenderFragmentContainer*) const + 596 12 WebCore 0x1c0bf5624 WebCore::RenderBox::computeLogicalWidthInFragment(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderFragmentContainer*) const + 1544 13 WebCore 0x1bec83f80 WebCore::RenderBox::updateLogicalWidth() + 44 14 WebCore 0x1c0bc6a88 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 412 15 WebCore 0x1c0cd4a00 WebCore::RenderRubyRun::layoutBlock(bool, WebCore::LayoutUnit) + 72 16 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 17 WebCore 0x1c0ba2f14 WebCore::LegacyLineLayout::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 9296 18 WebCore 0x1c0bc9398 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 436 19 WebCore 0x1c0bc6d9c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1200 20 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 21 WebCore 0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920 22 WebCore 0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252 23 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 24 WebCore 0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920 25 WebCore 0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252 26 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 27 WebCore 0x1bec815d4 WebCore::RenderView::layout() + 496 28 WebCore 0x1c0805cdc WebCore::FrameViewLayoutContext::performLayout() + 736 29 WebCore 0x1c0805930 WebCore::FrameViewLayoutContext::layout() + 44 30 WebCore 0x1becd26b4 WebCore::Document::updateLayout() + 476 31 WebCore 0x1c02c7b10 WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) + 48 32 WebCore 0x1bed9be1c WebCore::CompositeEditCommand::apply() + 500 33 WebCore 0x1c02c5f78 WebCore::Editor::applyStyle(WTF::RefPtr<WebCore::EditingStyle, WTF::RawPtrTraits<WebCore::EditingStyle>, WTF::DefaultRefDerefTraits<WebCore::EditingStyle>>&&, WebCore::EditAction, WebCore::Editor::ColorFilterMode) + 496 34 WebCore 0x1c02f19b4 WebCore::executeToggleStyle(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSPropertyID, WTF::ASCIILiteral, WTF::ASCIILiteral) + 240 35 WebCore 0x1bedefe7c WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 100 36 WebCore 0x1bf2a0ac4 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 532 37 ??? 0x110810204 ??? 38 ??? 0x110808248 ??? 39 ??? 0x110808248 ??? 40 ??? 0x110808728 ??? 41 JavaScriptCore 0x1bbf75420 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 520 42 JavaScriptCore 0x1bc269c54 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 104 43 WebCore 0x1bfe59f6c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 132 44 WebCore 0x1bfe75ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1080 45 WebCore 0x1c02049e4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 444 46 WebCore 0x1c01fcbdc WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 336 47 WebCore 0x1c07b0d24 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 368 48 WebCore 0x1becafd50 WebCore::DOMWindow::dispatchLoadEvent() + 316 49 WebCore 0x1bec7d738 WebCore::Document::implicitClose() + 476 50 WebCore 0x1bec7d210 WebCore::FrameLoader::checkCompleted() + 312 51 WebCore 0x1bec7c598 WebCore::FrameLoader::finishedParsing() + 340 52 WebCore 0x1bec7b354 WebCore::Document::finishedParsing() + 608 53 WebCore 0x1bec74300 WebCore::HTMLDocumentParser::prepareToStopParsing() + 296 54 WebCore 0x1bec73fa0 WebCore::HTMLDocumentParser::finish() + 236 55 WebCore 0x1bec73bd4 WebCore::DocumentWriter::end() + 148 56 WebCore 0x1c06cfa2c WebCore::DocumentLoader::finishedLoading() + 308

alan

Comment 3 2023-03-05 12:48:49 PST

Not crashing on 261244@main.

alan

Comment 4 2023-03-05 12:50:27 PST

(must have progressed at 261063@main)

Sammy Gill

Comment 5 2023-12-20 15:01:56 PST

I don't think this bugzilla should have ever been created and must have been a mistake on my end. Quite literally a duplicate of https://bugs.webkit.org/show_bug.cgi?id=253165 considering the exact same test case was used *** This bug has been marked as a duplicate of bug 253165 ***

Note You need to log in before you can comment on or make changes to this bug.