Bug 277491

Summary:	'min-content-negative-margin-crash.html' crash on WebKit ToT (instead of Timeout like STP199)
Product:	WebKit	Reporter:	Ahmad Saleem <ahmad.saleem792>
Component:	Layout and Rendering	Assignee:	Nikos Mouchtaris <nmouchtaris>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	bfulgham, nmouchtaris, simon.fraser, webkit-bug-importer, zalan
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Ahmad Saleem

Reported 2024-08-01 09:59:17 PDT

Hi Team, While doing work on css-sizing, I was running test suite and noticed that we are crashing following test now on WebKit ToT (without any change from my side - 281713@main). Test Case - https://wpt.fyi/results/css/css-sizing/min-content-negative-margin-crash.html?label=master&label=experimental&aligned&q=safari%3Atimeout Live Link - http://wpt.live/css/css-sizing/min-content-negative-margin-crash.html Just raising so we can fix. Will attach crash log on Radar. Thanks!

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-08-01 09:59:31 PDT

<rdar://problem/132994433>

alan

Comment 2 2024-08-01 10:34:26 PDT

0 WebCore 0x11a7bd90c WebCore::ScrollbarThemeMac::paint(WebCore::Scrollbar&, WebCore::GraphicsContext&, WebCore::IntRect const&)::$_0::operator()() const + 260 1 WebCore 0x11a7bd58c WebCore::ScrollbarThemeMac::paint(WebCore::Scrollbar&, WebCore::GraphicsContext&, WebCore::IntRect const&) + 708 2 WebCore 0x11c5253d8 WebCore::Scrollbar::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy, WebCore::RegionContext*) + 292 3 WebCore 0x11c978358 WebCore::RenderLayerScrollableArea::paintOverflowControls(WebCore::GraphicsContext&, WebCore::IntPoint const&, WebCore::IntRect const&, bool) + 860 4 WebCore 0x11a40f3d4 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 928 5 WebCore 0x11a40df4c WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 312 6 WebCore 0x11a40bfac WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1796 7 WebCore 0x11a40f258 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 548 8 WebCore 0x11c92e87c WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3704 9 WebCore 0x11c92a8a4 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 616 10 WebCore 0x11c92f308 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 6404 11 WebCore 0x11c94f728 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RegionContext*)::$_0::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const + 1036 12 WebCore 0x11c94f088 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RegionContext*) + 296 13 WebCore 0x11c950eac WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 804 14 WebCore 0x11c679868 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 232 15 WebCore 0x11b34def4 WebCore::PlatformCALayer::drawLayerContents(WebCore::GraphicsContext&, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 276 16 WebCore 0x11c69237c WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) + 400 17 WebKit 0x108c399d8 WebKit::RemoteLayerBackingStore::drawInContext(WebCore::GraphicsContext&) + 244 18 WebKit 0x108c4a61c WebKit::RemoteLayerWithRemoteRenderingBackingStore::createContextAndPaintContents() + 60 19 WebKit 0x108c3b810 WebKit::RemoteLayerBackingStoreCollection::paintReachableBackingStoreContents() + 616 20 WebKit 0x10900922c WebKit::RemoteLayerTreeContext::buildTransaction(WebKit::RemoteLayerTreeTransaction&, WebCore::PlatformCALayer&, WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>>) + 324 21 WebKit 0x108b5ae30 WebKit::RemoteLayerTreeDrawingArea::updateRendering() + 776

Nikos Mouchtaris

Comment 3 2025-03-25 15:25:05 PDT

Pull request: https://github.com/WebKit/WebKit/pull/43015

EWS

Comment 4 2025-03-28 13:47:27 PDT

Committed 292849@main (23f68f2f343f): <https://commits.webkit.org/292849@main> Reviewed commits have been landed. Closing PR #43015 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.