WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 120291
ASSERTION FAILED: !currBox->needsLayout() in WebCore::RenderBlock::checkPositionedObjectsNeedLayout
https://bugs.webkit.org/show_bug.cgi?id=120291
Summary
ASSERTION FAILED: !currBox->needsLayout() in WebCore::RenderBlock::checkPosit...
Renata Hodovan
Reported
2013-08-26 01:34:17 PDT
The failing test: <html> <li style="position: absolute;"> <label style="position:fixed;"></label> <input autofocus="autofocus"> </li> <sup></sup> <form></form> </html> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56f42bc in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56f42bc in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff4838e22 in WebCore::RenderBlock::checkPositionedObjectsNeedLayout (this=0x78fe88) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:8308 #2 0x00007ffff496a695 in WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout (this=0x78fe88) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderObject.cpp:747 #3 0x00007ffff41a557c in WebCore::RenderObject::setNeedsLayout (this=0x78fe88, needsLayout=false, markParents=WebCore::MarkContainingBlockChain) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderObject.h:1219 #4 0x00007ffff4816957 in WebCore::RenderBlock::layoutBlock (this=0x78fe88, relayoutChildren=false, pageLogicalHeight=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1752 #5 0x00007ffff4815441 in WebCore::RenderBlock::layout (this=0x78fe88) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1428 #6 0x00007ffff49cab01 in WebCore::RenderView::layoutContent (this=0x78fe88, state=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:142 #7 0x00007ffff49cb8be in WebCore::RenderView::layout (this=0x78fe88) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:327 #8 0x00007ffff4676ade in WebCore::FrameView::layout (this=0x7945b0, allowSubtree=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1327 #9 0x00007ffff41af833 in WebCore::Document::implicitClose (this=0x89ea00) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2418 #10 0x00007ffff45af90d in WebCore::FrameLoader::checkCallImplicitClose (this=0x78d798) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:850 #11 0x00007ffff45af67e in WebCore::FrameLoader::checkCompleted (this=0x78d798) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:793 #12 0x00007ffff45af3b3 in WebCore::FrameLoader::finishedParsing (this=0x78d798) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:726 #13 0x00007ffff41b67d9 in WebCore::Document::finishedParsing (this=0x89ea00) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4393 #14 0x00007ffff4407b0d in WebCore::HTMLConstructionSite::finishedParsing (this=0x8159d8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348 #15 0x00007ffff443c1a5 in WebCore::HTMLTreeBuilder::finished (this=0x8159c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926 #16 0x00007ffff440f182 in WebCore::HTMLDocumentParser::end (this=0x794190) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763 #17 0x00007ffff440f26d in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x794190) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774 #18 0x00007ffff440dddc in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x794190) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #19 0x00007ffff440f2b2 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x794190) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786 #20 0x00007ffff440f36b in WebCore::HTMLDocumentParser::finish (this=0x794190) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835 #21 0x00007ffff45a7213 in WebCore::DocumentWriter::end (this=0x694160) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #22 0x00007ffff4599d52 in WebCore::DocumentLoader::finishedLoading (this=0x6940c0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402 #23 0x00007ffff4599ac0 in WebCore::DocumentLoader::notifyFinished (this=0x6940c0, resource=0x7cba20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #24 0x00007ffff4580db6 in WebCore::CachedResource::checkNotify (this=0x7cba20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #25 0x00007ffff4580e8c in WebCore::CachedResource::finishLoading (this=0x7cba20) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #26 0x00007ffff457d5de in WebCore::CachedRawResource::finishLoading (this=0x7cba20, data=0x7c5890) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #27 0x00007ffff45e3c41 in WebCore::SubresourceLoader::didFinishLoading (this=0x775b80, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #28 0x00007ffff45da52b in WebCore::ResourceLoader::didFinishLoading (this=0x775b80, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #29 0x00007ffff4a85729 in WebCore::QNetworkReplyHandler::finish (this=0x7cc550) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #30 0x00007ffff4a84448 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7cc588) ---Type <return> to continue, or q <return> to quit--- at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #31 0x00007ffff4a84145 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7cc588, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a8556e <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #32 0x00007ffff4a85092 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7ccd10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #33 0x00007ffff4a87a24 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7ccd10, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf70) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 #34 0x00007ffff220f5cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #35 0x00007ffff221084e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #36 0x00007ffff3056dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #37 0x00007ffff305a075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #38 0x00007ffff21eadbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #39 0x00007ffff21eca76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #40 0x00007ffff2232333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #41 0x00007fffee3732d6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3065 #42 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3641 #43 0x00007fffee373628 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3712 #44 0x00007fffee3736cc in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.6/./glib/gmain.c:3773 #45 0x00007ffff22324bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #46 0x00007ffff21e9d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #47 0x00007ffff21ed120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #48 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #49 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc48) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Attachments
Test case
(184 bytes, text/html)
2013-08-26 01:34 PDT
,
Renata Hodovan
no flags
Details
Repro2
(140 bytes, text/html)
2014-09-08 06:38 PDT
,
Renata Hodovan
no flags
Details
Test
(452 bytes, text/html)
2015-12-10 02:43 PST
,
Renata Hodovan
no flags
Details
Test reduction.
(374 bytes, text/html)
2015-12-10 08:35 PST
,
zalan
no flags
Details
Patch
(4.27 KB, patch)
2016-08-25 15:01 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2013-08-26 01:34:57 PDT
Created
attachment 209626
[details]
Test case
Renata Hodovan
Comment 2
2014-09-08 06:38:20 PDT
Created
attachment 237781
[details]
Repro2 The previous test does not reproduce the issue anymore but this new one does. Backtrace: ASSERTION FAILED: !currBox->needsLayout() ../../Source/WebCore/rendering/RenderBlock.cpp(3821) : void WebCore::RenderBlock::checkPositionedObjectsNeedLayout() ... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff96ccd700 (LWP 29929)] 0x00007fffedbf5e7f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 329 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffedbf5e7f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 #1 0x00007ffff392412c in WebCore::RenderBlock::checkPositionedObjectsNeedLayout (this=0x6ea000) at ../../Source/WebCore/rendering/RenderBlock.cpp:3821 #2 0x00007ffff3a9e1e4 in WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout (this=0x6ea000) at ../../Source/WebCore/rendering/RenderObject.cpp:675 #3 0x00007ffff3a9dd2b in WebCore::RenderObject::clearNeedsLayout (this=0x6ea000) at ../../Source/WebCore/rendering/RenderObject.cpp:597 #4 0x00007ffff3940b72 in WebCore::RenderBlockFlow::layoutBlock (this=0x6ea000, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:583 #5 0x00007ffff391540f in WebCore::RenderBlock::layout (this=0x6ea000) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019 #6 0x00007ffff3b0a689 in WebCore::RenderView::layoutContent (this=0x6ea000, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:230 #7 0x00007ffff3b0ad59 in WebCore::RenderView::layout (this=0x6ea000) at ../../Source/WebCore/rendering/RenderView.cpp:355 #8 0x00007ffff368536f in WebCore::FrameView::layout (this=0x76d160, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1301 #9 0x00007ffff3053485 in WebCore::Document::implicitClose (this=0x7d4d40) at ../../Source/WebCore/dom/Document.cpp:2440 #10 0x00007ffff35339c3 in WebCore::FrameLoader::checkCallImplicitClose (this=0x798708) at ../../Source/WebCore/loader/FrameLoader.cpp:898 #11 0x00007ffff353372b in WebCore::FrameLoader::checkCompleted (this=0x798708) at ../../Source/WebCore/loader/FrameLoader.cpp:844 #12 0x00007ffff3533494 in WebCore::FrameLoader::finishedParsing (this=0x798708) at ../../Source/WebCore/loader/FrameLoader.cpp:764 #13 0x00007ffff305bf07 in WebCore::Document::finishedParsing (this=0x7d4d40) at ../../Source/WebCore/dom/Document.cpp:4523 #14 0x00007ffff33b00f5 in WebCore::HTMLConstructionSite::finishedParsing (this=0x795738) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #15 0x00007ffff33edd8d in WebCore::HTMLTreeBuilder::finished (this=0x795720) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997 #16 0x00007ffff33b8c56 in WebCore::HTMLDocumentParser::end (this=0x795000) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #17 0x00007ffff33b8d41 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x795000) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #18 0x00007ffff33b76f7 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x795000) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #19 0x00007ffff33b8d84 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x795000) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:474 #20 0x00007ffff33b8e3b in WebCore::HTMLDocumentParser::finish (this=0x795000) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:502 #21 0x00007ffff3525131 in WebCore::DocumentWriter::end (this=0x9e5180) at ../../Source/WebCore/loader/DocumentWriter.cpp:246 #22 0x00007ffff35107e9 in WebCore::DocumentLoader::finishedLoading (this=0x9e50e0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441 #23 0x00007ffff3510552 in WebCore::DocumentLoader::notifyFinished (this=0x9e50e0, resource=0x97ec60) at ../../Source/WebCore/loader/DocumentLoader.cpp:375 #24 0x00007ffff35c7814 in WebCore::CachedResource::checkNotify (this=0x97ec60) at ../../Source/WebCore/loader/cache/CachedResource.cpp:347 #25 0x00007ffff35c791e in WebCore::CachedResource::finishLoading (this=0x97ec60) at ../../Source/WebCore/loader/cache/CachedResource.cpp:363 #26 0x00007ffff35c41ac in WebCore::CachedRawResource::finishLoading (this=0x97ec60, data=0x796d40) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:101 #27 0x00007ffff3573a3a in WebCore::SubresourceLoader::didFinishLoading (this=0x886f40, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:306 #28 0x00007ffff356f75f in WebCore::ResourceLoader::didFinishLoading (this=0x886f40, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:512 #29 0x00007ffff3edb101 in WebCore::readCallback (asyncResult=0x7949f0, data=0x887770) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302 #30 0x00007fffebaf12ea in async_ready_callback_wrapper (source_object=0x934db0, res=0x7949f0, user_data=0x887770) at ginputstream.c:519 #31 0x00007fffebb10ceb in g_task_return_now (task=0x7949f0) at gtask.c:1108 #32 0x00007fffebb10d09 in complete_in_idle_cb (task=0x7949f0) at gtask.c:1117 #33 0x00007fffead672e6 in g_main_dispatch (context=0x67b0c0) at gmain.c:3065 #34 g_main_context_dispatch (context=context@entry=0x67b0c0) at gmain.c:3641 #35 0x00007fffead67638 in g_main_context_iterate (context=0x67b0c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712 #36 0x00007fffead67a3a in g_main_loop_run (loop=0x6b2d00) at gmain.c:3906 #37 0x00007ffff45cf042 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #38 0x00007ffff2b0b624 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd9c8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #39 0x00007ffff2b0b489 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd9c8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #40 0x000000000040080d in main (argc=2, argv=0x7fffffffd9c8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32
ChangSeok Oh
Comment 3
2014-12-08 13:26:14 PST
I'd like to patch this if nobody is interested in this.
zalan
Comment 4
2014-12-08 14:19:45 PST
(In reply to
comment #3
)
> I'd like to patch this if nobody is interested in this.
bug 138732
might fix this issue. (I'd check first before spending time on figuring this out)
ChangSeok Oh
Comment 5
2014-12-09 02:16:47 PST
(In reply to
comment #4
)
> (In reply to
comment #3
) > > I'd like to patch this if nobody is interested in this. >
bug 138732
might fix this issue. (I'd check first before spending time on > figuring this out)
Are you sure
bug 138732
you want to mention? It looks a mathML related patch doesn't handle the ASSERTION failed issue?
Renata Hodovan
Comment 6
2015-12-10 02:43:47 PST
Created
attachment 267086
[details]
Test New test case that still repro the failure.
zalan
Comment 7
2015-12-10 08:35:02 PST
Created
attachment 267110
[details]
Test reduction.
Radar WebKit Bug Importer
Comment 8
2016-08-03 12:30:12 PDT
<
rdar://problem/27683456
>
zalan
Comment 9
2016-08-25 15:01:02 PDT
Created
attachment 287025
[details]
Patch
Dave Hyatt
Comment 10
2016-08-25 15:03:19 PDT
Comment on
attachment 287025
[details]
Patch r=me
WebKit Commit Bot
Comment 11
2016-09-06 09:02:10 PDT
Comment on
attachment 287025
[details]
Patch Clearing flags on attachment: 287025 Committed
r205479
: <
http://trac.webkit.org/changeset/205479
>
WebKit Commit Bot
Comment 12
2016-09-06 09:02:14 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug