RESOLVED FIXED 135601
ASSERTION FAILED: !m_regionsInvalidated in WebCore::RenderFlowThread::regionAtBlockOffset 
https://bugs.webkit.org/show_bug.cgi?id=135601
Summary ASSERTION FAILED: !m_regionsInvalidated in WebCore::RenderFlowThread::regionA...
Renata Hodovan
Reported 2014-08-05 02:41:48 PDT
Created attachment 236022 [details] Test case The failing test case: <style> * { display:table; -webkit-columns:2; } </style> <textarea placeholder="a"> Backtrace: ASSERTION FAILED: !m_regionsInvalidated ../../Source/WebCore/rendering/RenderFlowThread.cpp(396) : virtual WebCore::RenderRegion* WebCore::RenderFlowThread::regionAtBlockOffset(const WebCore::RenderBox*, WebCore::LayoutUnit, bool, WebCore::RenderFlowThread::RegionAutoGenerationPolicy) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff97334700 (LWP 24858)] 0x00007ffff30191c8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 329 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007ffff30191c8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 #1 0x00007ffff3e07b1a in WebCore::RenderFlowThread::regionAtBlockOffset (this=0x79b760, clampBox=0x7a5c30, offset=..., extendLastRegion=false, autoGenerationPolicy=WebCore::RenderFlowThread::AllowRegionAutoGeneration) at ../../Source/WebCore/rendering/RenderFlowThread.cpp:396 #2 0x00007ffff3ea6c15 in WebCore::RenderMultiColumnFlowThread::regionAtBlockOffset (this=0x79b760, box=0x7a5c30, offset=..., extendLastRegion=false, autoGenerationPolicy=WebCore::RenderFlowThread::AllowRegionAutoGeneration) at ../../Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:520 #3 0x00007ffff3ea6ba4 in WebCore::RenderMultiColumnFlowThread::updateMinimumPageHeight (this=0x79b760, block=0x7a5c30, offset=..., minHeight=...) at ../../Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:513 #4 0x00007ffff3d807fa in WebCore::RenderBlockFlow::updateMinimumPageHeight (this=0x7a5c30, offset=..., minHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:1814 #5 0x00007ffff3d7f936 in WebCore::RenderBlockFlow::adjustLinePositionForPagination (this=0x7a5c30, lineBox=0x7a7d80, delta=..., overflowsRegion=@0x7fffffff9ffc: false, flowThread=0x79b760) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:1649 #6 0x00007ffff3d9559a in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x7a5c30, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1138 #7 0x00007ffff3d94b58 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x7a5c30, layoutState=..., hasInlineChild=true) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1025 #8 0x00007ffff3d97223 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7a5c30, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1442 #9 0x00007ffff3d7b54e in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7a5c30, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:652 #10 0x00007ffff3d7a934 in WebCore::RenderBlockFlow::layoutBlock (this=0x7a5c30, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:483 #11 0x00007ffff3d50987 in WebCore::RenderBlock::layout (this=0x7a5c30) at ../../Source/WebCore/rendering/RenderBlock.cpp:1018 #12 0x00007ffff3d1ddd7 in WebCore::RenderElement::layoutIfNeeded (this=0x7a5c30) at ../../Source/WebCore/rendering/RenderElement.h:102 #13 0x00007ffff3f1754a in WebCore::RenderTextControlMultiLine::layoutSpecialExcludedChild (this=0x9974f0, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderTextControlMultiLine.cpp:115 #14 0x00007ffff3d7b338 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x9974f0, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:604 #15 0x00007ffff3d7a958 in WebCore::RenderBlockFlow::layoutBlock (this=0x9974f0, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #16 0x00007ffff3d50987 in WebCore::RenderBlock::layout (this=0x9974f0) at ../../Source/WebCore/rendering/RenderBlock.cpp:1018 #17 0x00007ffff3d7b918 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x787de0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:713 #18 0x00007ffff3d7b45a in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x787de0, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #19 0x00007ffff3d7a958 in WebCore::RenderBlockFlow::layoutBlock (this=0x787de0, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #20 0x00007ffff3ef1947 in WebCore::RenderTableCell::layout (this=0x787de0) at ../../Source/WebCore/rendering/RenderTableCell.cpp:258 #21 0x00007ffff3ef949f in WebCore::RenderTableRow::layout (this=0x77e710) at ../../Source/WebCore/rendering/RenderTableRow.cpp:176 #22 0x00007ffff3d1ddd7 in WebCore::RenderElement::layoutIfNeeded (this=0x77e710) at ../../Source/WebCore/rendering/RenderElement.h:102 #23 0x00007ffff3efb760 in WebCore::RenderTableSection::layout (this=0x9db3c0) at ../../Source/WebCore/rendering/RenderTableSection.cpp:420 #24 0x00007ffff3d1ddd7 in WebCore::RenderElement::layoutIfNeeded (this=0x9db3c0) at ../../Source/WebCore/rendering/RenderElement.h:102 #25 0x00007ffff3ee5f72 in WebCore::RenderTable::layout (this=0x9acef0) at ../../Source/WebCore/rendering/RenderTable.cpp:466 #26 0x00007ffff3d7b918 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x79ba90, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:713 #27 0x00007ffff3d7b45a in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x79ba90, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #28 0x00007ffff3d7a958 in WebCore::RenderBlockFlow::layoutBlock (this=0x79ba90, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #29 0x00007ffff3ef1947 in WebCore::RenderTableCell::layout (this=0x79ba90) at ../../Source/WebCore/rendering/RenderTableCell.cpp:258 #30 0x00007ffff3ef949f in WebCore::RenderTableRow::layout (this=0x8c0db0) at ../../Source/WebCore/rendering/RenderTableRow.cpp:176 #31 0x00007ffff3d1ddd7 in WebCore::RenderElement::layoutIfNeeded (this=0x8c0db0) at ../../Source/WebCore/rendering/RenderElement.h:102 #32 0x00007ffff3efb760 in WebCore::RenderTableSection::layout (this=0x79b590) at ../../Source/WebCore/rendering/RenderTableSection.cpp:420 #33 0x00007ffff3d1ddd7 in WebCore::RenderElement::layoutIfNeeded (this=0x79b590) at ../../Source/WebCore/rendering/RenderElement.h:102 #34 0x00007ffff3ee5f72 in WebCore::RenderTable::layout (this=0x8e6d00) at ../../Source/WebCore/rendering/RenderTable.cpp:466 #35 0x00007ffff3d7b918 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x87b280, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:713 #36 0x00007ffff3d7b45a in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x87b280, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #37 0x00007ffff3d7a958 in WebCore::RenderBlockFlow::layoutBlock (this=0x87b280, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #38 0x00007ffff3d50987 in WebCore::RenderBlock::layout (this=0x87b280) at ../../Source/WebCore/rendering/RenderBlock.cpp:1018 #39 0x00007ffff3f28aad in WebCore::RenderView::layoutContent (this=0x87b280, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232 #40 0x00007ffff3f29166 in WebCore::RenderView::layout (this=0x87b280) at ../../Source/WebCore/rendering/RenderView.cpp:357 #41 0x00007ffff3acf1f4 in WebCore::FrameView::layout (this=0xa0e750, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1282 #42 0x00007ffff353f72f in WebCore::Document::implicitClose (this=0xa0f4f0) at ../../Source/WebCore/dom/Document.cpp:2438 #43 0x00007ffff399e745 in WebCore::FrameLoader::checkCallImplicitClose (this=0x8ae008) at ../../Source/WebCore/loader/FrameLoader.cpp:898 #44 0x00007ffff399e4f0 in WebCore::FrameLoader::checkCompleted (this=0x8ae008) at ../../Source/WebCore/loader/FrameLoader.cpp:844 #45 0x00007ffff399e278 in WebCore::FrameLoader::finishedParsing (this=0x8ae008) at ../../Source/WebCore/loader/FrameLoader.cpp:764 #46 0x00007ffff35470db in WebCore::Document::finishedParsing (this=0xa0f4f0) at ../../Source/WebCore/dom/Document.cpp:4519 #47 0x00007ffff383a805 in WebCore::HTMLConstructionSite::finishedParsing (this=0xa19de8) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #48 0x00007ffff3874c57 in WebCore::HTMLTreeBuilder::finished (this=0xa19dd0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997 #49 0x00007ffff38423a0 in WebCore::HTMLDocumentParser::end (this=0x808b50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #50 0x00007ffff384248b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x808b50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #51 0x00007ffff3840ff9 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x808b50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #52 0x00007ffff38424ce in WebCore::HTMLDocumentParser::attemptToEnd (this=0x808b50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:474 #53 0x00007ffff3842585 in WebCore::HTMLDocumentParser::finish (this=0x808b50) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:502 #54 0x00007ffff3991445 in WebCore::DocumentWriter::end (this=0x7a2ab0) at ../../Source/WebCore/loader/DocumentWriter.cpp:250 #55 0x00007ffff397e49b in WebCore::DocumentLoader::finishedLoading (this=0x7a2a10, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441 #56 0x00007ffff397e204 in WebCore::DocumentLoader::notifyFinished (this=0x7a2a10, resource=0x839540) at ../../Source/WebCore/loader/DocumentLoader.cpp:375 #57 0x00007ffff3a24a99 in WebCore::CachedResource::checkNotify (this=0x839540) at ../../Source/WebCore/loader/cache/CachedResource.cpp:334 #58 0x00007ffff3a24b80 in WebCore::CachedResource::finishLoading (this=0x839540) at ../../Source/WebCore/loader/cache/CachedResource.cpp:350 #59 0x00007ffff3a21b3a in WebCore::CachedRawResource::finishLoading (this=0x839540, data=0x6fbfe0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:98 #60 0x00007ffff39d87da in WebCore::SubresourceLoader::didFinishLoading (this=0x839aa0, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:310 #61 0x00007ffff39d4cc7 in WebCore::ResourceLoader::didFinishLoading (this=0x839aa0, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:517 #62 0x00007ffff4297429 in WebCore::readCallback (asyncResult=0x87a1d0, data=0x855a60) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302 #63 0x00007fffec1d82ea in async_ready_callback_wrapper (source_object=0x98cb30, res=0x87a1d0, user_data=0x855a60) at ginputstream.c:519 #64 0x00007fffec1f7ceb in g_task_return_now (task=0x87a1d0) at gtask.c:1108 #65 0x00007fffec1f7d09 in complete_in_idle_cb (task=0x87a1d0) at gtask.c:1117 #66 0x00007fffeb44e2e6 in g_main_dispatch (context=0x677bb0) at gmain.c:3065 #67 g_main_context_dispatch (context=context@entry=0x677bb0) at gmain.c:3641 #68 0x00007fffeb44e638 in g_main_context_iterate (context=0x677bb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712 #69 0x00007fffeb44ea3a in g_main_loop_run (loop=0x70c750) at gmain.c:3906 #70 0x00007ffff306a156 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #71 0x00007ffff2fa35e0 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffda58) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #72 0x00007ffff2fa3445 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffda58) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #73 0x000000000040085d in main (argc=2, argv=0x7fffffffda58) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32
Attachments
Test case (93 bytes, text/html)
2014-08-05 02:41 PDT, Renata Hodovan 		no flags
Details
Patch (6.22 KB, patch)
2016-12-07 21:13 PST, zalan 		no flags
DetailsFormatted DiffDiff
Patch (6.23 KB, patch)
2016-12-07 21:15 PST, zalan 		no flags
DetailsFormatted DiffDiff
Patch (6.20 KB, patch)
2016-12-08 07:41 PST, zalan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-08-03 14:42:52 PDT
This reproduces in r204037.
Radar WebKit Bug Importer
Comment 2 2016-08-03 14:43:16 PDT
<rdar://problem/27686300>
zalan
Comment 3 2016-12-07 21:13:22 PST
Created attachment 296481 [details] Patch
zalan
Comment 4 2016-12-07 21:15:19 PST
Created attachment 296482 [details] Patch
Dave Hyatt
Comment 5 2016-12-07 21:37:55 PST
Comment on attachment 296481 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=296481&action=review > Source/WebCore/ChangeLog:3 > + Do not create multicolumn context for certain type of renderes. renderers > Source/WebCore/rendering/RenderBlockFlow.cpp:442 > + // The following types are not supposed to create multicol context. > + if (isFieldset() || isFileUploadControl() || isTextControl() || isListBox()) > + return false; > + > if (!firstChild()) > return false; > > + // If overflow-y is set to paged-x or paged-y on the body or html element, we'll handle the paginating in the RenderView instead. > + if ((style().overflowY() == OPAGEDX || style().overflowY() == OPAGEDY) && !(isDocumentElementRenderer() || isBody())) > + return true; Seems like it would be slightly better to put your new code here below style().specifiesColumns(), since in normal usage, columns won't be specified on any of these things. > Source/WebCore/rendering/RenderBlockFlow.cpp:3961 > + return willCreateColumns(desiredColumnCount); Do you plan to call this somewhere else? I'm a little confused why all this code can't just be inside requiresColumns.
Dave Hyatt
Comment 6 2016-12-07 21:40:25 PST
Comment on attachment 296482 [details] Patch r=me
zalan
Comment 7 2016-12-08 07:41:32 PST
Created attachment 296512 [details] Patch
WebKit Commit Bot
Comment 8 2016-12-08 10:20:30 PST
Comment on attachment 296512 [details] Patch Clearing flags on attachment: 296512 Committed r209546: <http://trac.webkit.org/changeset/209546>
WebKit Commit Bot
Comment 9 2016-12-08 10:20:35 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.