149459 – ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize) in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax

RESOLVED FIXED 149459

ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize) in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax

https://bugs.webkit.org/show_bug.cgi?id=149459

Summary ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, m...

Renata Hodovan

Reported 2015-09-22 08:12:07 PDT

Created attachment 261742 [details] Test Load this with debug WebKit: <style> * { flex-direction: column-reverse; display: inline-flex; height: 0%; } </style> <table> <caption> <h2></h2> </caption> </table> Backtrace: ASSERTION FAILED: computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize) ../../Source/WebCore/rendering/RenderFlexibleBox.cpp(879) : WebCore::LayoutUnit WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax(WebCore::RenderBox&, WebCore::LayoutUnit) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff8effd700 (LWP 14045)] 0x00007fffec64eab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007fffec64eab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff3380357 in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax (this=0x7fffd5ba6258, child=..., childSize=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:879 #2 0x00007ffff3380882 in WebCore::RenderFlexibleBox::computeNextFlexLine (this=0x7fffd5ba6258, orderedChildren=..., preferredMainAxisExtent=..., totalFlexGrow=@0x7fffffffafd0: 0, totalWeightedFlexShrink=@0x7fffffffafd8: 0, minMaxAppliedMainAxisExtent=..., hasInfiniteLineLength=@0x7fffffffaf7f: true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:922 #3 0x00007ffff337f297 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fffd5ba6258, relayoutChildren=false, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:695 #4 0x00007ffff337d367 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fffd5ba6258, relayoutChildren=false) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272 #5 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5ba6258) at ../../Source/WebCore/rendering/RenderBlock.cpp:926 #6 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5ba6258) at ../../Source/WebCore/rendering/RenderElement.h:135 #7 0x00007ffff3305a2a in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7fffd5ba6320, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1642 #8 0x00007ffff32e2ebd in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7fffd5ba6320, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:651 #9 0x00007ffff32e2203 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd5ba6320, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:483 #10 0x00007ffff348bb42 in WebCore::RenderTableCell::layout (this=0x7fffd5ba6320) at ../../Source/WebCore/rendering/RenderTableCell.cpp:266 #11 0x00007ffff3494424 in WebCore::RenderTableRow::layout (this=0x7fffd5b95720) at ../../Source/WebCore/rendering/RenderTableRow.cpp:177 #12 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5b95720) at ../../Source/WebCore/rendering/RenderElement.h:135 #13 0x00007ffff3496a2f in WebCore::RenderTableSection::layout (this=0x7fffd5aea818) at ../../Source/WebCore/rendering/RenderTableSection.cpp:409 #14 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5aea818) at ../../Source/WebCore/rendering/RenderElement.h:135 #15 0x00007ffff347eab0 in WebCore::RenderTable::layout (this=0x7fffd5ad0000) at ../../Source/WebCore/rendering/RenderTable.cpp:466 #16 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5ad0000) at ../../Source/WebCore/rendering/RenderElement.h:135 #17 0x00007ffff337df7f in WebCore::RenderFlexibleBox::computeMainAxisExtentForChild (this=0x7fffd5ba6190, child=..., sizeType=WebCore::MinSize, size=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:457 #18 0x00007ffff338013e in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax (this=0x7fffd5ba6190, child=..., childSize=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:872 #19 0x00007ffff3380882 in WebCore::RenderFlexibleBox::computeNextFlexLine (this=0x7fffd5ba6190, orderedChildren=..., preferredMainAxisExtent=..., totalFlexGrow=@0x7fffffffbdf0: 0, totalWeightedFlexShrink=@0x7fffffffbdf8: 0, minMaxAppliedMainAxisExtent=..., hasInfiniteLineLength=@0x7fffffffbd9f: false) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:922 #20 0x00007ffff337f297 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fffd5ba6190, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:695 #21 0x00007ffff337d367 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fffd5ba6190, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272 #22 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5ba6190) at ../../Source/WebCore/rendering/RenderBlock.cpp:926 #23 0x00007ffff327d31f in WebCore::RenderElement::layoutIfNeeded (this=0x7fffd5ba6190) at ../../Source/WebCore/rendering/RenderElement.h:135 #24 0x00007ffff337df7f in WebCore::RenderFlexibleBox::computeMainAxisExtentForChild (this=0x7fffd5be3c80, child=..., sizeType=WebCore::MinSize, size=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:457 #25 0x00007ffff338013e in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax (this=0x7fffd5be3c80, child=..., childSize=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:872 #26 0x00007ffff3380882 in WebCore::RenderFlexibleBox::computeNextFlexLine (this=0x7fffd5be3c80, orderedChildren=..., preferredMainAxisExtent=..., totalFlexGrow=@0x7fffffffc3b0: 0, totalWeightedFlexShrink=@0x7fffffffc3b8: 0, minMaxAppliedMainAxisExtent=..., hasInfiniteLineLength=@0x7fffffffc35f: false) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:922 #27 0x00007ffff337f297 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fffd5be3c80, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:695 #28 0x00007ffff337d367 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fffd5be3c80, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272 #29 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5be3c80) at ../../Source/WebCore/rendering/RenderBlock.cpp:926 #30 0x00007ffff32e3284 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fffd5ae8228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #31 0x00007ffff32e2dc3 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fffd5ae8228, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #32 0x00007ffff32e2227 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fffd5ae8228, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #33 0x00007ffff32b5922 in WebCore::RenderBlock::layout (this=0x7fffd5ae8228) at ../../Source/WebCore/rendering/RenderBlock.cpp:926 #34 0x00007ffff34cbc39 in WebCore::RenderView::layoutContent (this=0x7fffd5ae8228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253 #35 0x00007ffff34cc32c in WebCore::RenderView::layout (this=0x7fffd5ae8228) at ../../Source/WebCore/rendering/RenderView.cpp:378 #36 0x00007ffff2fe43bd in WebCore::FrameView::layout (this=0x7fffd5811000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1409 #37 0x00007ffff29175c6 in WebCore::Document::implicitClose (this=0x7fffd5803000) at ../../Source/WebCore/dom/Document.cpp:2699 #38 0x00007ffff2e79385 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7fffd5aef098) at ../../Source/WebCore/loader/FrameLoader.cpp:891 #39 0x00007ffff2e790bc in WebCore::FrameLoader::checkCompleted (this=0x7fffd5aef098) at ../../Source/WebCore/loader/FrameLoader.cpp:837 #40 0x00007ffff2e78e2c in WebCore::FrameLoader::finishedParsing (this=0x7fffd5aef098) at ../../Source/WebCore/loader/FrameLoader.cpp:758 #41 0x00007ffff29215fa in WebCore::Document::finishedParsing (this=0x7fffd5803000) at ../../Source/WebCore/dom/Document.cpp:4898 #42 0x00007ffff2cccb33 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7fffd5af7920) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404 #43 0x00007ffff2d0c38a in WebCore::HTMLTreeBuilder::finished (this=0x7fffd5af7900) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #44 0x00007ffff2cd5c90 in WebCore::HTMLDocumentParser::end (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #45 0x00007ffff2cd5d5e in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411 #46 0x00007ffff2cd497b in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #47 0x00007ffff2cd5d95 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423 #48 0x00007ffff2cd5e43 in WebCore::HTMLDocumentParser::finish (this=0x7fffd58165c0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #49 0x00007ffff2e68c78 in WebCore::DocumentWriter::end (this=0x7fffd58360a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #50 0x00007ffff2e5264a in WebCore::DocumentLoader::finishedLoading (this=0x7fffd5836000, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:430 #51 0x00007ffff2e523a8 in WebCore::DocumentLoader::notifyFinished (this=0x7fffd5836000, resource=0x7fffd580f9c0) at ../../Source/WebCore/loader/DocumentLoader.cpp:377 #52 0x00007ffff2f10f7d in WebCore::CachedResource::checkNotify (this=0x7fffd580f9c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #53 0x00007ffff2f1108c in WebCore::CachedResource::finishLoading (this=0x7fffd580f9c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #54 0x00007ffff2f0d28a in WebCore::CachedRawResource::finishLoading (this=0x7fffd580f9c0, data=0x7fffd5bfde80) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #55 0x00007ffff2ebd812 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd5836c00, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #56 0x00007ffff2eb828b in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd5836c00, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:631 #57 0x00007ffff38e70f6 in WebCore::readCallback (asyncResult=0x8dd9b0, data=0x7fffd5bb7300) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1340 #58 0x00007fffe945796a in async_ready_callback_wrapper (source_object=0xa35db0, res=0x8dd9b0, user_data=0x7fffd5bb7300) at ginputstream.c:529 #59 0x00007fffe947d453 in g_task_return_now (task=0x8dd9b0) at gtask.c:1088 #60 0x00007fffe947d489 in complete_in_idle_cb (task=0x8dd9b0) at gtask.c:1102 #61 0x00007fffe8eb7a9d in g_main_dispatch (context=0x492400) at gmain.c:3122 #62 g_main_context_dispatch (context=context@entry=0x492400) at gmain.c:3737 #63 0x00007fffe8eb7e70 in g_main_context_iterate (context=0x492400, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808 #64 0x00007fffe8eb8192 in g_main_loop_run (loop=0x5fff50) at gmain.c:4002 #65 0x00007ffff406313f in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:67 #66 0x00007ffff2300a23 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #67 0x00007ffff2300880 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77 #68 0x00000000004008da in main (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Attachments
Test (164 bytes, text/html) 2015-09-22 08:12 PDT, Renata Hodovan	no flags	Details
Patch (4.94 KB, patch) 2015-10-13 02:05 PDT, Sergio Villar Senin	darin: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Sergio Villar Senin

Comment 1 2015-10-13 02:05:38 PDT

Created attachment 262980 [details] Patch

Darin Adler

Comment 2 2015-10-18 16:45:52 PDT

Comment on attachment 262980 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=262980&action=review > Source/WebCore/rendering/RenderFlexibleBox.cpp:872 > + LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value(); What guarantees Optional<LayoutSize> is never null? > Source/WebCore/rendering/RenderFlexibleBox.cpp:878 > + LayoutUnit resolvedMainSize = computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize).value(); Ditto.

Darin Adler

Comment 3 2015-10-18 16:46:20 PDT

Comment on attachment 262980 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=262980&action=review >> Source/WebCore/rendering/RenderFlexibleBox.cpp:872 >> + LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value(); > > What guarantees Optional<LayoutSize> is never null? I guess the old code was asserting it, and the new code does too, just in a different way.

Sergio Villar Senin

Comment 4 2015-10-20 02:47:23 PDT

(In reply to comment #3) > Comment on attachment 262980 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=262980&action=review > > >> Source/WebCore/rendering/RenderFlexibleBox.cpp:872 > >> + LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value(); > > > > What guarantees Optional<LayoutSize> is never null? > > I guess the old code was asserting it, and the new code does too, just in a > different way. Correct.

Sergio Villar Senin

Comment 5 2015-10-20 02:58:09 PDT

Committed r191336: <http://trac.webkit.org/changeset/191336>

zalan

Comment 6 2018-09-02 08:50:01 PDT

(In reply to Sergio Villar Senin from comment #4) > (In reply to comment #3) > > Comment on attachment 262980 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=262980&action=review > > > > >> Source/WebCore/rendering/RenderFlexibleBox.cpp:872 > > >> + LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value(); > > > > > > What guarantees Optional<LayoutSize> is never null? > > > > I guess the old code was asserting it, and the new code does too, just in a > > different way. > > Correct. I don't see how this was correct in the original commit. It does not seem to be guaranteed that computeMainAxisExtentForChild() always returns with a valid value (see webkit.org/b/189232)

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Sergio Villar Senin

Reported

2015-09-22 08:12 PDT

Modified

2018-09-02 08:50 PDT History

CC List

7 users Show

URL

Keywords

Depends on

Blocks

116980

Dependencies

tree graph