149459 – ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize) in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax

Bug 149459 - ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize) in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax

Summary: ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, m...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Sergio Villar Senin

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-09-22 08:12 PDT by Renata Hodovan
Modified:	2018-09-02 08:50 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Test (164 bytes, text/html) 2015-09-22 08:12 PDT, Renata Hodovan	no flags	Details
Patch (4.94 KB, patch) 2015-10-13 02:05 PDT, Sergio Villar Senin	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-09-22 08:12:07 PDT

Created attachment 261742 [details]
Test

Load this with debug WebKit:

<style>
* {
    flex-direction: column-reverse;
    display: inline-flex;
    height: 0%;
}
</style>
<table>
    <caption>
        <h2></h2>
    </caption>
</table>


Backtrace:

ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize)
../../Source/WebCore/rendering/RenderFlexibleBox.cpp(879) : WebCore::LayoutUnit WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax(WebCore::RenderBox&, WebCore::LayoutUnit)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8effd700 (LWP 14045)]
0x00007fffec64eab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007fffec64eab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff3380357 in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax (this=0x7fffd5ba6258, child=..., childSize=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:879
#2  0x00007ffff3380882 in WebCore::RenderFlexibleBox::computeNextFlexLine (this=0x7fffd5ba6258, orderedChildren=..., preferredMainAxisExtent=..., totalFlexGrow=@0x7fffffffafd0: 0, totalWeightedFlexShrink=@0x7fffffffafd8: 0, minMaxAppliedMainAxisExtent=..., hasInfiniteLineLength=@0x7fffffffaf7f: true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:922
#3  0x00007ffff337f297 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fffd5ba6258, relayoutChildren=false, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:695
#4  0x00007ffff337d367 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fffd5ba6258, relayoutChildren=false) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272
#5  0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5ba6258) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#6  0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5ba6258) at ../../Source/WebCore/rendering/RenderElement.h:135
#7  0x00007ffff3305a2a in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7fffd5ba6320, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1642
#8  0x00007ffff32e2ebd in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7fffd5ba6320, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:651
#9  0x00007ffff32e2203 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd5ba6320, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:483
#10 0x00007ffff348bb42 in WebCore::RenderTableCell::layout (this=0x7fffd5ba6320) at ../../Source/WebCore/rendering/RenderTableCell.cpp:266
#11 0x00007ffff3494424 in WebCore::RenderTableRow::layout (this=0x7fffd5b95720) at ../../Source/WebCore/rendering/RenderTableRow.cpp:177
#12 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5b95720) at ../../Source/WebCore/rendering/RenderElement.h:135
#13 0x00007ffff3496a2f in WebCore::RenderTableSection::layout (this=0x7fffd5aea818) at ../../Source/WebCore/rendering/RenderTableSection.cpp:409
#14 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5aea818) at ../../Source/WebCore/rendering/RenderElement.h:135
#15 0x00007ffff347eab0 in WebCore::RenderTable::layout (this=0x7fffd5ad0000) at ../../Source/WebCore/rendering/RenderTable.cpp:466
#16 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5ad0000) at ../../Source/WebCore/rendering/RenderElement.h:135
#17 0x00007ffff337df7f in WebCore::RenderFlexibleBox::computeMainAxisExtentForChild (this=0x7fffd5ba6190, child=..., sizeType=WebCore::MinSize, size=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:457
#18 0x00007ffff338013e in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax (this=0x7fffd5ba6190, child=..., childSize=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:872
#19 0x00007ffff3380882 in WebCore::RenderFlexibleBox::computeNextFlexLine (this=0x7fffd5ba6190, orderedChildren=..., preferredMainAxisExtent=..., totalFlexGrow=@0x7fffffffbdf0: 0, totalWeightedFlexShrink=@0x7fffffffbdf8: 0, minMaxAppliedMainAxisExtent=..., hasInfiniteLineLength=@0x7fffffffbd9f: false) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:922
#20 0x00007ffff337f297 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fffd5ba6190, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:695
#21 0x00007ffff337d367 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fffd5ba6190, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272
#22 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5ba6190) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#23 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5ba6190) at ../../Source/WebCore/rendering/RenderElement.h:135
#24 0x00007ffff337df7f in WebCore::RenderFlexibleBox::computeMainAxisExtentForChild (this=0x7fffd5be3c80, child=..., sizeType=WebCore::MinSize, size=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:457
#25 0x00007ffff338013e in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax (this=0x7fffd5be3c80, child=..., childSize=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:872
#26 0x00007ffff3380882 in WebCore::RenderFlexibleBox::computeNextFlexLine (this=0x7fffd5be3c80, orderedChildren=..., preferredMainAxisExtent=..., totalFlexGrow=@0x7fffffffc3b0: 0, totalWeightedFlexShrink=@0x7fffffffc3b8: 0, minMaxAppliedMainAxisExtent=..., hasInfiniteLineLength=@0x7fffffffc35f: false) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:922
#27 0x00007ffff337f297 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fffd5be3c80, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:695
#28 0x00007ffff337d367 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fffd5be3c80, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272
#29 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5be3c80) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#30 0x00007ffff32e3284 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd5ae8228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#31 0x00007ffff32e2dc3 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd5ae8228, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#32 0x00007ffff32e2227 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd5ae8228, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#33 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5ae8228) at ../../Source/WebCore/rendering/RenderBlock.cpp:926
#34 0x00007ffff34cbc39 in WebCore::RenderView::layoutContent (this=0x7fffd5ae8228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253
#35 0x00007ffff34cc32c in WebCore::RenderView::layout (this=0x7fffd5ae8228) at ../../Source/WebCore/rendering/RenderView.cpp:378
#36 0x00007ffff2fe43bd in WebCore::FrameView::layout (this=0x7fffd5811000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1409
#37 0x00007ffff29175c6 in WebCore::Document::implicitClose (this=0x7fffd5803000) at ../../Source/WebCore/dom/Document.cpp:2699
#38 0x00007ffff2e79385 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7fffd5aef098) at ../../Source/WebCore/loader/FrameLoader.cpp:891
#39 0x00007ffff2e790bc in WebCore::FrameLoader::checkCompleted (this=0x7fffd5aef098) at ../../Source/WebCore/loader/FrameLoader.cpp:837
#40 0x00007ffff2e78e2c in WebCore::FrameLoader::finishedParsing (this=0x7fffd5aef098) at ../../Source/WebCore/loader/FrameLoader.cpp:758
#41 0x00007ffff29215fa in WebCore::Document::finishedParsing (this=0x7fffd5803000) at ../../Source/WebCore/dom/Document.cpp:4898
#42 0x00007ffff2cccb33 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7fffd5af7920) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404
#43 0x00007ffff2d0c38a in WebCore::HTMLTreeBuilder::finished (this=0x7fffd5af7900) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937
#44 0x00007ffff2cd5c90 in WebCore::HTMLDocumentParser::end (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402
#45 0x00007ffff2cd5d5e in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411
#46 0x00007ffff2cd497b in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132
#47 0x00007ffff2cd5d95 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423
#48 0x00007ffff2cd5e43 in WebCore::HTMLDocumentParser::finish (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#49 0x00007ffff2e68c78 in WebCore::DocumentWriter::end (this=0x7fffd58360a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247
#50 0x00007ffff2e5264a in WebCore::DocumentLoader::finishedLoading (this=0x7fffd5836000, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:430
#51 0x00007ffff2e523a8 in WebCore::DocumentLoader::notifyFinished (this=0x7fffd5836000, resource=0x7fffd580f9c0) at ../../Source/WebCore/loader/DocumentLoader.cpp:377
#52 0x00007ffff2f10f7d in WebCore::CachedResource::checkNotify (this=0x7fffd580f9c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297
#53 0x00007ffff2f1108c in WebCore::CachedResource::finishLoading (this=0x7fffd580f9c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313
#54 0x00007ffff2f0d28a in WebCore::CachedRawResource::finishLoading (this=0x7fffd580f9c0, data=0x7fffd5bfde80) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#55 0x00007ffff2ebd812 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd5836c00, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372
#56 0x00007ffff2eb828b in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd5836c00, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:631
#57 0x00007ffff38e70f6 in WebCore::readCallback (asyncResult=0x8dd9b0, data=0x7fffd5bb7300) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1340
#58 0x00007fffe945796a in async_ready_callback_wrapper (source_object=0xa35db0, res=0x8dd9b0, user_data=0x7fffd5bb7300) at ginputstream.c:529
#59 0x00007fffe947d453 in g_task_return_now (task=0x8dd9b0) at gtask.c:1088
#60 0x00007fffe947d489 in complete_in_idle_cb (task=0x8dd9b0) at gtask.c:1102
#61 0x00007fffe8eb7a9d in g_main_dispatch (context=0x492400) at gmain.c:3122
#62 g_main_context_dispatch (context=context@entry=0x492400) at gmain.c:3737
#63 0x00007fffe8eb7e70 in g_main_context_iterate (context=0x492400, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808
#64 0x00007fffe8eb8192 in g_main_loop_run (loop=0x5fff50) at gmain.c:4002
#65 0x00007ffff406313f in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:67
#66 0x00007ffff2300a23 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#67 0x00007ffff2300880 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77
#68 0x00000000004008da in main (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Comment 1 Sergio Villar Senin 2015-10-13 02:05:38 PDT

Created attachment 262980 [details]
Patch

Comment 2 Darin Adler 2015-10-18 16:45:52 PDT

Comment on attachment 262980 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=262980&action=review

> Source/WebCore/rendering/RenderFlexibleBox.cpp:872
> +        LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value();

What guarantees Optional<LayoutSize> is never null?

> Source/WebCore/rendering/RenderFlexibleBox.cpp:878
> +            LayoutUnit resolvedMainSize = computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize).value();

Ditto.

Comment 3 Darin Adler 2015-10-18 16:46:20 PDT

Comment on attachment 262980 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=262980&action=review

>> Source/WebCore/rendering/RenderFlexibleBox.cpp:872
>> +        LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value();
> 
> What guarantees Optional<LayoutSize> is never null?

I guess the old code was asserting it, and the new code does too, just in a different way.

Comment 4 Sergio Villar Senin 2015-10-20 02:47:23 PDT

(In reply to comment #3)
> Comment on attachment 262980 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=262980&action=review
> 
> >> Source/WebCore/rendering/RenderFlexibleBox.cpp:872
> >> +        LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value();
> > 
> > What guarantees Optional<LayoutSize> is never null?
> 
> I guess the old code was asserting it, and the new code does too, just in a
> different way.

Correct.

Comment 5 Sergio Villar Senin 2015-10-20 02:58:09 PDT

Committed r191336: <http://trac.webkit.org/changeset/191336>

Comment 6 zalan 2018-09-02 08:50:01 PDT

(In reply to Sergio Villar Senin from comment #4)
> (In reply to comment #3)
> > Comment on attachment 262980 [details]
> > Patch
> > 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=262980&action=review
> > 
> > >> Source/WebCore/rendering/RenderFlexibleBox.cpp:872
> > >> +        LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value();
> > > 
> > > What guarantees Optional<LayoutSize> is never null?
> > 
> > I guess the old code was asserting it, and the new code does too, just in a
> > different way.
> 
> Correct.
I don't see how this was correct in the original commit. It does not seem to be guaranteed that computeMainAxisExtentForChild() always returns with a valid value (see webkit.org/b/189232)