RESOLVED CONFIGURATION CHANGED151105
ASSERTION FAILED: totalFlexGrow >= 0 
https://bugs.webkit.org/show_bug.cgi?id=151105
Summary ASSERTION FAILED: totalFlexGrow >= 0
Renata Hodovan
Reported 2015-11-10 09:47:12 PST
Created attachment 265189 [details] Test Load the attached test with debug MiniBrowser: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa <style> * { display: inline-flex; overflow-x: scroll;width: 68%; } </style> <ins> <h1></h1>aaaaaaaaaaaaaaaa </ins> OS: Ubuntu 15.04 x86_64 Checked build: debug EFL Checked version: 29ae33c Backtrace: ASSERTION FAILED: totalFlexGrow >= 0 && totalWeightedFlexShrink >= 0 ../../Source/WebCore/rendering/RenderFlexibleBox.cpp(701) : void WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext>&) 1 0x7fe2811f589f WTFCrash 2 0x7fe287bae687 WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 3 0x7fe287bac85f WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 4 0x7fe287ae9558 WebCore::RenderBlock::layout() 5 0x7fe287abcaf5 WebCore::RenderElement::layoutIfNeeded() 6 0x7fe287bb0eec WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit&, WTF::Vector<WebCore::RenderBox*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::Vector<WebCore::LayoutUnit, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::LayoutUnit, bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 7 0x7fe287bae73e WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 8 0x7fe287bac85f WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 9 0x7fe287ae9558 WebCore::RenderBlock::layout() 10 0x7fe287abcaf5 WebCore::RenderElement::layoutIfNeeded() 11 0x7fe287bb0eec WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit&, WTF::Vector<WebCore::RenderBox*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::Vector<WebCore::LayoutUnit, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::LayoutUnit, bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 12 0x7fe287bae73e WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 13 0x7fe287bac85f WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 14 0x7fe287ae9558 WebCore::RenderBlock::layout() 15 0x7fe287b17e20 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 16 0x7fe287b1795f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 17 0x7fe287b16dc3 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 18 0x7fe287ae9558 WebCore::RenderBlock::layout() 19 0x7fe287cfbfa7 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 20 0x7fe287cfc69a WebCore::RenderView::layout() 21 0x7fe2878ce7f6 WebCore::FrameView::layout(bool) 22 0x7fe28732bf3c WebCore::Document::implicitClose() 23 0x7fe287791827 WebCore::FrameLoader::checkCallImplicitClose() 24 0x7fe28779155e WebCore::FrameLoader::checkCompleted() 25 0x7fe2877912ce WebCore::FrameLoader::finishedParsing() 26 0x7fe287335f6c WebCore::Document::finishedParsing() 27 0x7fe2886a1349 WebCore::HTMLConstructionSite::finishedParsing() 28 0x7fe28768a064 WebCore::HTMLTreeBuilder::finished() 29 0x7fe28765a708 WebCore::HTMLDocumentParser::end() 30 0x7fe28765a7e1 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 31 0x7fe2876594c3 WebCore::HTMLDocumentParser::prepareToStopParsing() Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fe2811f58a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fe2811f58a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007fe287bae687 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fe2687d0708, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:701 #2 0x00007fe287bac85f in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fe2687d0708, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272 #3 0x00007fe287ae9558 in WebCore::RenderBlock::layout (this=0x7fe2687d0708) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #4 0x00007fe287abcaf5 in WebCore::RenderElement::layoutIfNeeded (this=0x7fe2687d0708) at ../../Source/WebCore/rendering/RenderElement.h:135 #5 0x00007fe287bb0eec in WebCore::RenderFlexibleBox::layoutAndPlaceChildren (this=0x7fe2687d0320, crossAxisOffset=..., children=..., childSizes=..., availableFreeSpace=..., relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:1128 #6 0x00007fe287bae73e in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fe2687d0320, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:705 #7 0x00007fe287bac85f in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fe2687d0320, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272 #8 0x00007fe287ae9558 in WebCore::RenderBlock::layout (this=0x7fe2687d0320) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #9 0x00007fe287abcaf5 in WebCore::RenderElement::layoutIfNeeded (this=0x7fe2687d0320) at ../../Source/WebCore/rendering/RenderElement.h:135 #10 0x00007fe287bb0eec in WebCore::RenderFlexibleBox::layoutAndPlaceChildren (this=0x7fe2687d0190, crossAxisOffset=..., children=..., childSizes=..., availableFreeSpace=..., relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:1128 #11 0x00007fe287bae73e in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7fe2687d0190, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:705 #12 0x00007fe287bac85f in WebCore::RenderFlexibleBox::layoutBlock (this=0x7fe2687d0190, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:272 #13 0x00007fe287ae9558 in WebCore::RenderBlock::layout (this=0x7fe2687d0190) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #14 0x00007fe287b17e20 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7fe2686dd228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #15 0x00007fe287b1795f in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7fe2686dd228, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #16 0x00007fe287b16dc3 in WebCore::RenderBlockFlow::layoutBlock (this=0x7fe2686dd228, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #17 0x00007fe287ae9558 in WebCore::RenderBlock::layout (this=0x7fe2686dd228) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #18 0x00007fe287cfbfa7 in WebCore::RenderView::layoutContent (this=0x7fe2686dd228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253 #19 0x00007fe287cfc69a in WebCore::RenderView::layout (this=0x7fe2686dd228) at ../../Source/WebCore/rendering/RenderView.cpp:378 #20 0x00007fe2878ce7f6 in WebCore::FrameView::layout (this=0x7fe268425540, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1408 #21 0x00007fe28732bf3c in WebCore::Document::implicitClose (this=0x7fe268426a40) at ../../Source/WebCore/dom/Document.cpp:2704 #22 0x00007fe287791827 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7fe2686e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:889 #23 0x00007fe28779155e in WebCore::FrameLoader::checkCompleted (this=0x7fe2686e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:835 #24 0x00007fe2877912ce in WebCore::FrameLoader::finishedParsing (this=0x7fe2686e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:756 #25 0x00007fe287335f6c in WebCore::Document::finishedParsing (this=0x7fe268426a40) at ../../Source/WebCore/dom/Document.cpp:4897 #26 0x00007fe2886a1349 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7fe2686fe6e0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403 #27 0x00007fe28768a064 in WebCore::HTMLTreeBuilder::finished (this=0x7fe2686fe6c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #28 0x00007fe28765a708 in WebCore::HTMLDocumentParser::end (this=0x7fe26842e840) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:393 #29 0x00007fe28765a7e1 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fe26842e840) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #30 0x00007fe2876594c3 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fe26842e840) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #31 0x00007fe28765a824 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fe26842e840) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414 #32 0x00007fe28765a8db in WebCore::HTMLDocumentParser::finish (this=0x7fe26842e840) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:442 #33 0x00007fe28777c702 in WebCore::DocumentWriter::end (this=0x7fe2684249e0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #34 0x00007fe287765fd8 in WebCore::DocumentLoader::finishedLoading (this=0x7fe268424940, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437 #35 0x00007fe287765d36 in WebCore::DocumentLoader::notifyFinished (this=0x7fe268424940, resource=0x7fe268436000) at ../../Source/WebCore/loader/DocumentLoader.cpp:384 #36 0x00007fe287811143 in WebCore::CachedResource::checkNotify (this=0x7fe268436000) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #37 0x00007fe287811252 in WebCore::CachedResource::finishLoading (this=0x7fe268436000) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #38 0x00007fe28780d446 in WebCore::CachedRawResource::finishLoading (this=0x7fe268436000, data=0x7fe2687bb680) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #39 0x00007fe2877d5e74 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fe26842fa80, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #40 0x00007fe2877d0953 in WebCore::ResourceLoader::didFinishLoading (this=0x7fe26842fa80, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:638 #41 0x00007fe287fc419a in WebCore::readCallback (asyncResult=0x1e949d0, data=0x7fe2687bd680) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1341 #42 0x00007fe27d7e55a6 in async_ready_callback_wrapper (source_object=0x1ddc9b0, res=0x1e949d0, user_data=0x7fe2687bd680) at ginputstream.c:523 #43 0x00007fe27d80bb74 in g_task_return_now (task=0x1e949d0) at gtask.c:1077 #44 0x00007fe27d80bb99 in complete_in_idle_cb (task=0x1e949d0) at gtask.c:1086 #45 0x00007fe27d243add in g_main_dispatch (context=0x1dd6bd0) at gmain.c:3064 #46 g_main_context_dispatch (context=context@entry=0x1dd6bd0) at gmain.c:3663 #47 0x00007fe27ebafe58 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=0x7ffe939e3e60, wfds=0x7ffe939e3de0, rfds=0x7ffe939e3d60, ecore_fds=<optimized out>, ctx=<optimized out>) at lib/ecore/ecore_glib.c:172 #48 _ecore_glib_select (ecore_fds=<optimized out>, rfds=0x7ffe939e3d60, wfds=0x7ffe939e3de0, efds=0x7ffe939e3e60, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:204 #49 0x00007fe27ebb34a4 in _ecore_main_select (timeout=9.532824124368238e-130) at lib/ecore/ecore_main.c:1459 #50 0x00007fe27ebb3ed4 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1893 #51 0x00007fe27ebb3fc7 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983 #52 0x00007fe281250795 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #53 0x00007fe2870b087d in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffe939e4298) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #54 0x00007fe2870b048b in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffe939e4298) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #55 0x00000000004008ea in main (argc=2, argv=0x7ffe939e4298) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test (166 bytes, text/html)
2015-11-10 09:47 PST, Renata Hodovan 		no flags
Details
testcase (257 bytes, text/html)
2017-11-21 01:28 PST, Frédéric Wang (:fredw) 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-08-04 18:23:10 PDT
This does not reproduce under r204037. If you believe there is still an issue, please reopen the bug with a revised test case.
Renata Hodovan
Comment 2 2016-08-05 09:56:38 PDT
Using the attached test case the issue is still seems valid in r204165 with debug EFL and GTK builds.
Renata Hodovan
Comment 3 2017-02-16 09:56:45 PST
I can repro on Mac too with r212361.
Frédéric Wang (:fredw)
Comment 4 2017-11-16 08:36:29 PST
@Renata: I'm not able to reproduce the issue. I tried with debug build of WebKitGTK (r224920) and macOS (r224757).
Renata Hodovan
Comment 5 2017-11-21 01:13:42 PST
(In reply to Frédéric Wang (:fredw) from comment #4) > @Renata: I'm not able to reproduce the issue. I tried with debug build of > WebKitGTK (r224920) and macOS (r224757). @Frédéric: Indeed, the issue is quite old (the assertion doesn't even exist in this form). However, I have a repro that triggers the new assertion check both with WebKitGTK (r224529) and macOS (r225029): ASSERTION FAILED: totalFlexGrow >= 0 ../../Source/WebCore/rendering/RenderFlexibleBox.cpp(888) : void WebCore::RenderFlexibleBox::layoutFlexItems(bool) Test case: <style> metadata { flex-grow: 615112881120490770; } tspan { display: flex } * { flex-grow: 27306422; margin: 018ch; display: inline-grid, overflow-y: overlay } </style> <tspan> <metadata>a</metadata> <div>a</div> </tspan> Could you verify it, please?
Frédéric Wang (:fredw)
Comment 6 2017-11-21 01:28:43 PST
Created attachment 327394 [details] testcase
Frédéric Wang (:fredw)
Comment 7 2017-11-21 01:56:34 PST
Thanks for the new testcase. I can confirm it allows to hit the ASSERT on macOS and GTK.
Brent Fulgham
Comment 8 2022-07-14 15:13:06 PDT
This code has been significantly refactored since this patch was proposed. There doesn't seem to be any action we can take here.
Note You need to log in before you can comment on or make changes to this bug.