143864 – contentWidth can become negative with nested scrollbars

Bug 143864 - contentWidth can become negative with nested scrollbars

Summary: contentWidth can become negative with nested scrollbars

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-16 22:18 PDT by Bem Jones-Bey
Modified:	2022-12-16 18:20 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Test case (458 bytes, text/html) 2015-04-16 22:18 PDT, Bem Jones-Bey	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bem Jones-Bey 2015-04-16 22:18:23 PDT

Created attachment 251004 [details]
Test case

This was originally reported in Blink: https://code.google.com/p/chromium/issues/detail?id=450598

This shows up when a percentage shape margin is specified, since the shape margin is computed based on the width of the containing block, and there's an assert that this computation should always return a positive number,

WebKit stack:
ASSERTION FAILED: shapeMargin() >= 0
/Users/bemjb/Code/WebKit/Source/WebCore/rendering/shapes/RectangleShape.cpp(45) : WebCore::FloatRect WebCore::RectangleShape::shapeMarginBounds() const
1   0x111f23d00 WTFCrash
2   0x114cba5ff WebCore::RectangleShape::shapeMarginBounds() const
3   0x114cbad81 WebCore::RectangleShape::shapeMarginLogicalBoundingBox() const
4   0x1137830dc WebCore::Shape::lineOverlapsShapeMarginBounds(WebCore::LayoutUnit, WebCore::LayoutUnit) const
5   0x1151ca0ac WebCore::ShapeOutsideInfo::computeDeltasForContainingBlockLine(WebCore::RenderBlockFlow const&, WebCore::FloatingObject const&, WebCore::LayoutUnit, WebCore::LayoutUnit)
6   0x1149f74af WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded(WebCore::FloatingObject*)
7   0x114d23b08 WebCore::RenderBlockFlow::positionNewFloatOnLine(WebCore::FloatingObject*, WebCore::FloatingObject*, WebCore::LineInfo&, WebCore::LineWidth&)
8   0x1149db938 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&)
9   0x1149dbb80 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&)
10  0x114d1e4af WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int)
11  0x114d1d291 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool)
12  0x114d21ad0 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
13  0x114cfa382 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
14  0x114cf93c8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
15  0x114cc57c9 WebCore::RenderBlock::layout()
16  0x114cfcbf3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17  0x114cfa5e6 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
18  0x114cf93eb WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
19  0x114cc57c9 WebCore::RenderBlock::layout()
20  0x114cfcbf3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
21  0x114cfa5e6 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
22  0x114cf93eb WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
23  0x114cc57c9 WebCore::RenderBlock::layout()
24  0x114fefddd WebCore::RenderView::layoutContent(WebCore::LayoutState const&)
25  0x114ff0c3a WebCore::RenderView::layout()
26  0x113eb6bf9 WebCore::FrameView::layout(bool)
27  0x113b16990 WebCore::Document::implicitClose()
28  0x113e806ab WebCore::FrameLoader::checkCallImplicitClose()
29  0x113e8037e WebCore::FrameLoader::checkCompleted()
30  0x113e7ee82 WebCore::FrameLoader::finishedParsing()
31  0x113b23dd3 WebCore::Document::finishedParsing()

Comment 1 Ahmad Saleem 2022-11-01 17:00:57 PDT

This comment seems to mention that it was Blink specific:

https://bugs.chromium.org/p/chromium/issues/detail?id=450598#c3

This commit was pushed to fix issue in Blink:

https://src.chromium.org/viewvc/blink?view=revision&revision=194638

and Webkit has similar code here:

https://github.com/WebKit/WebKit/blob/0d7afc5a45c140c44497a81e92416f01306be877/Source/WebCore/rendering/shapes/ShapeOutsideInfo.cpp#L172

and I am not super sure, whether we need to do anything or not but appreciate if someone else can comment, it would be great. Thanks!

Comment 2 Ahmad Saleem 2022-12-16 18:20:06 PST

Or this could be fix - https://chromium.googlesource.com/chromium/blink/+/2ab65b30003b20c2ca2828a2da1fd2cad8809f0c & https://github.com/WebKit/WebKit/blob/b357325af732916368c76dd65082e0e389bfb93c/Source/WebCore/rendering/style/RenderStyle.cpp#L2026