143864 – contentWidth can become negative with nested scrollbars

NEW 143864

contentWidth can become negative with nested scrollbars

https://bugs.webkit.org/show_bug.cgi?id=143864

Summary contentWidth can become negative with nested scrollbars

Bem Jones-Bey

Reported 2015-04-16 22:18:23 PDT

Created attachment 251004 [details] Test case This was originally reported in Blink: https://code.google.com/p/chromium/issues/detail?id=450598 This shows up when a percentage shape margin is specified, since the shape margin is computed based on the width of the containing block, and there's an assert that this computation should always return a positive number, WebKit stack: ASSERTION FAILED: shapeMargin() >= 0 /Users/bemjb/Code/WebKit/Source/WebCore/rendering/shapes/RectangleShape.cpp(45) : WebCore::FloatRect WebCore::RectangleShape::shapeMarginBounds() const 1 0x111f23d00 WTFCrash 2 0x114cba5ff WebCore::RectangleShape::shapeMarginBounds() const 3 0x114cbad81 WebCore::RectangleShape::shapeMarginLogicalBoundingBox() const 4 0x1137830dc WebCore::Shape::lineOverlapsShapeMarginBounds(WebCore::LayoutUnit, WebCore::LayoutUnit) const 5 0x1151ca0ac WebCore::ShapeOutsideInfo::computeDeltasForContainingBlockLine(WebCore::RenderBlockFlow const&, WebCore::FloatingObject const&, WebCore::LayoutUnit, WebCore::LayoutUnit) 6 0x1149f74af WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded(WebCore::FloatingObject*) 7 0x114d23b08 WebCore::RenderBlockFlow::positionNewFloatOnLine(WebCore::FloatingObject*, WebCore::FloatingObject*, WebCore::LineInfo&, WebCore::LineWidth&) 8 0x1149db938 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) 9 0x1149dbb80 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) 10 0x114d1e4af WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) 11 0x114d1d291 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) 12 0x114d21ad0 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 13 0x114cfa382 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 14 0x114cf93c8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x114cc57c9 WebCore::RenderBlock::layout() 16 0x114cfcbf3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x114cfa5e6 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 18 0x114cf93eb WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x114cc57c9 WebCore::RenderBlock::layout() 20 0x114cfcbf3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 21 0x114cfa5e6 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 22 0x114cf93eb WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 23 0x114cc57c9 WebCore::RenderBlock::layout() 24 0x114fefddd WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 25 0x114ff0c3a WebCore::RenderView::layout() 26 0x113eb6bf9 WebCore::FrameView::layout(bool) 27 0x113b16990 WebCore::Document::implicitClose() 28 0x113e806ab WebCore::FrameLoader::checkCallImplicitClose() 29 0x113e8037e WebCore::FrameLoader::checkCompleted() 30 0x113e7ee82 WebCore::FrameLoader::finishedParsing() 31 0x113b23dd3 WebCore::Document::finishedParsing()

Attachments
Test case (458 bytes, text/html) 2015-04-16 22:18 PDT, Bem Jones-Bey	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Ahmad Saleem

Comment 1 2022-11-01 17:00:57 PDT

This comment seems to mention that it was Blink specific: https://bugs.chromium.org/p/chromium/issues/detail?id=450598#c3 This commit was pushed to fix issue in Blink: https://src.chromium.org/viewvc/blink?view=revision&revision=194638 and Webkit has similar code here: https://github.com/WebKit/WebKit/blob/0d7afc5a45c140c44497a81e92416f01306be877/Source/WebCore/rendering/shapes/ShapeOutsideInfo.cpp#L172 and I am not super sure, whether we need to do anything or not but appreciate if someone else can comment, it would be great. Thanks!

Ahmad Saleem

Comment 2 2022-12-16 18:20:06 PST

Or this could be fix - https://chromium.googlesource.com/chromium/blink/+/2ab65b30003b20c2ca2828a2da1fd2cad8809f0c & https://github.com/WebKit/WebKit/blob/b357325af732916368c76dd65082e0e389bfb93c/Source/WebCore/rendering/style/RenderStyle.cpp#L2026

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Nobody

Reported

2015-04-16 22:18 PDT

Modified

2022-12-16 18:20 PST History

CC List

4 users Show

URL

Keywords

Depends on

Blocks