Bug 275103
| Summary: | REGRESSION(279667@main): ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || !parent() in WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Fujii Hironori <fujii.hironori> |
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | bfulgham, simon.fraser, webkit-bug-importer, zalan |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=287113 | ||
Fujii Hironori
After 279667@main (bug#274981),
1. Start Windows Debug MiniBrowser
2. Go to https://www.calc-age.com/calc_age
3. An assertion fail
ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || !parent()
C:\webkit\wc\Source\WebCore\rendering/RenderElement.cpp(1214) : void WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout()
1 00007FFB14D51CA9 WTFCrash
2 00007FFAE6422EFD WTFCrashWithInfo
3 00007FFAEA97547C WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout
4 00007FFAEAD0388E WebCore::RenderTreeBuilder::attachToRenderElementInternal
5 00007FFAEAD01911 WebCore::RenderTreeBuilder::attachToRenderElement
6 00007FFAEAD01DCD WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation
7 00007FFAEAD016F5 WebCore::RenderTreeBuilder::Block::attach
8 00007FFAEAD01507 WebCore::RenderTreeBuilder::BlockFlow::attach
9 00007FFAEAD0068E WebCore::RenderTreeBuilder::attachInternal
10 00007FFAEACFFF97 WebCore::RenderTreeBuilder::attach
11 00007FFAEAD26A91 WebCore::RenderTreeUpdater::createRenderer
12 00007FFAEAD24444 WebCore::RenderTreeUpdater::updateElementRenderer
13 00007FFAEAD237F4 WebCore::RenderTreeUpdater::updateRenderTree
14 00007FFAEAD23057 WebCore::RenderTreeUpdater::commit
15 00007FFAE927AA41 WebCore::Document::updateRenderTree
16 00007FFAE927B1ED WebCore::Document::resolveStyle
17 00007FFAE927BA31 WebCore::Document::updateStyleIfNeeded
18 00007FFAE927746C WebCore::Document::updateLayout
19 00007FFAE9278683 WebCore::Document::updateLayoutIgnorePendingStylesheets
20 00007FFAE9368968 WebCore::Element::boundingClientRect
21 00007FFAE9368AA9 WebCore::Element::getBoundingClientRect
22 00007FFAE6FCFFAE WebCore::jsElementPrototypeFunction_getBoundingClientRectBody
23 00007FFAE6FCFEC0 WebCore::IDLOperation<WebCore::JSElement>::call<&WebCore::jsElementPrototypeFunction_getBoundingClientRectBody,0>
24 00007FFAE6FC1254 WebCore::jsElementPrototypeFunction_getBoundingClientRect
25 00007FFB00EE815F llint_entry
26 000000DEA7AFDDF0 (null)
Exception thrown at 0x00007FFB14D51CAE (WTF.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Somewhat surprisingly, I cannot reproduce this with MiniBrowser on macOS.
alan
(In reply to Alexey Proskuryakov from comment #1)
> Somewhat surprisingly, I cannot reproduce this with MiniBrowser on macOS.
I can't reproduce it either.
Fujii Hironori
I got another crash just by loading https://mainichi.jp/articles/20240603/k00/00m/040/221000c today with Windows port Debug 279717@main.
ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || !parent()
C:\webkit\wb\Source\WebCore\rendering/RenderElement.cpp(1214) : void WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout()
1 00007FFB18F11CA9 WTFCrash
2 00007FFAE6422EFD WTFCrashWithInfo
3 00007FFAEA97468C WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout
4 00007FFAEAD02A9E WebCore::RenderTreeBuilder::attachToRenderElementInternal
5 00007FFAEAD00B21 WebCore::RenderTreeBuilder::attachToRenderElement
6 00007FFAEAD010B0 WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation
7 00007FFAEAD00905 WebCore::RenderTreeBuilder::Block::attach
8 00007FFAEAD00717 WebCore::RenderTreeBuilder::BlockFlow::attach
9 00007FFAEACFF89E WebCore::RenderTreeBuilder::attachInternal
10 00007FFAEACFF1A7 WebCore::RenderTreeBuilder::attach
11 00007FFAEAD25CA1 WebCore::RenderTreeUpdater::createRenderer
12 00007FFAEAD23654 WebCore::RenderTreeUpdater::updateElementRenderer
13 00007FFAEAD22A04 WebCore::RenderTreeUpdater::updateRenderTree
14 00007FFAEAD22267 WebCore::RenderTreeUpdater::commit
15 00007FFAE927AA41 WebCore::Document::updateRenderTree
16 00007FFAE927B1ED WebCore::Document::resolveStyle
17 00007FFAE927BA31 WebCore::Document::updateStyleIfNeeded
18 00007FFAE927C5BC WebCore::Document::updateLayoutIfDimensionsOutOfDate
19 00007FFAE927C501 WebCore::Document::updateLayoutIfDimensionsOutOfDate
20 00007FFAE9366AB8 WebCore::Element::scrollHeight
21 00007FFAE6FE9C1A WebCore::jsElement_scrollHeightGetter
22 00007FFAE6FA8C55 WebCore::IDLAttribute<WebCore::JSElement>::get<&WebCore::jsElement_scrollHeightGetter,3>
23 00007FFAE6FA8B10 WebCore::jsElement_scrollHeight
24 00007FFB0992B729 WTF::FunctionPtr<57072,long long (JSC::JSGlobalObject *, long long, JSC::PropertyName),1>::operator()
25 00007FFB09C4B441 JSC::PropertySlot::customGetter
26 00007FFB08DDB748 JSC::PropertySlot::getValue
27 00007FFB08DDAF62 JSC::JSValue::get
28 00007FFB09470B23 JSC::LLInt::performLLIntGetByID
29 00007FFB09470850 llint_slow_path_get_by_id
30 00007FFB08D4C839 llint_entry
31 0000020BB95ECAE0 (null)
Exception thrown at 0x00007FFB18F11CAE (WTF.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
alan
oddly I can't repro that either. This is getting mysterious.
Fujii Hironori
*** This bug has been marked as a duplicate of bug 275264 ***
Fujii Hironori
Oops. Still crashing with 279866@main. Reopened.
ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || needsSimplifiedNormalFlowLayout() || !parent()
C:\webkit\Source\WebCore\rendering/RenderElement.cpp(1219) : void WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout()
Radar WebKit Bug Importer
<rdar://problem/129576895>
Fujii Hironori
I tested again today with Windows Debug MiniBrowser (289837@main).
This issue no longer happens. Works for me.