Created attachment 266140 [details] Test Load the attached test with debug MiniBrowser: <style> * { display: flex; -webkit-align-self: end safe; } </style> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 79922a5 Backtrace: SHOULD NEVER BE REACHED ../../Source/WebCore/rendering/RenderFlexibleBox.cpp(1346) : void WebCore::RenderFlexibleBox::alignChildren(const WTF::Vector<WebCore::RenderFlexibleBox::LineContext>&) 1 0x7f64d5b8282c WTFCrash 2 0x7f64d49a21e8 WebCore::RenderFlexibleBox::alignChildren(WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul> const&) 3 0x7f64d499cdba WebCore::RenderFlexibleBox::repositionLogicalHeightDependentFlexItems(WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 4 0x7f64d499c8fc WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 5 0x7f64d48d77c6 WebCore::RenderBlock::layout() 6 0x7f64d48aa8f1 WebCore::RenderElement::layoutIfNeeded() 7 0x7f64d49a0f61 WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit&, WTF::Vector<WebCore::RenderBox*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::Vector<WebCore::LayoutUnit, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::LayoutUnit, bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 8 0x7f64d499e7c9 WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul>&) 9 0x7f64d499c8c4 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 10 0x7f64d48d77c6 WebCore::RenderBlock::layout() 11 0x7f64d490694c WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 12 0x7f64d490648a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 13 0x7f64d49058ea WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 14 0x7f64d48d77c6 WebCore::RenderBlock::layout() 15 0x7f64d4aee02f WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 16 0x7f64d4aee727 WebCore::RenderView::layout() 17 0x7f64d46b4346 WebCore::FrameView::layout(bool) 18 0x7f64d4106a83 WebCore::Document::implicitClose() 19 0x7f64d4574e91 WebCore::FrameLoader::checkCallImplicitClose() 20 0x7f64d4574bc1 WebCore::FrameLoader::checkCompleted() 21 0x7f64d4574937 WebCore::FrameLoader::finishedParsing() 22 0x7f64d4110bb4 WebCore::Document::finishedParsing() 23 0x7f64d54aa7ab WebCore::HTMLConstructionSite::finishedParsing() 24 0x7f64d446adb2 WebCore::HTMLTreeBuilder::finished() 25 0x7f64d443b0a8 WebCore::HTMLDocumentParser::end() 26 0x7f64d443b176 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 27 0x7f64d4439e6b WebCore::HTMLDocumentParser::prepareToStopParsing() 28 0x7f64d443b1b1 WebCore::HTMLDocumentParser::attemptToEnd() 29 0x7f64d443b261 WebCore::HTMLDocumentParser::finish() 30 0x7f64d4560166 WebCore::DocumentWriter::end() 31 0x7f64d454960a WebCore::DocumentLoader::finishedLoading(double) Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f64d5b82831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f64d96cfa80 (LWP 8936))] #0 0x00007f64d5b82831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f64d49a21e8 in WebCore::RenderFlexibleBox::alignChildren (this=0x7f64b53cf190, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:1346 #2 0x00007f64d499cdba in WebCore::RenderFlexibleBox::repositionLogicalHeightDependentFlexItems (this=0x7f64b53cf190, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:345 #3 0x00007f64d499c8fc in WebCore::RenderFlexibleBox::layoutBlock (this=0x7f64b53cf190, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:278 #4 0x00007f64d48d77c6 in WebCore::RenderBlock::layout (this=0x7f64b53cf190) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #5 0x00007f64d48aa8f1 in WebCore::RenderElement::layoutIfNeeded (this=0x7f64b53cf190) at ../../Source/WebCore/rendering/RenderElement.h:135 #6 0x00007f64d49a0f61 in WebCore::RenderFlexibleBox::layoutAndPlaceChildren (this=0x7f64b53cf0c8, crossAxisOffset=..., children=..., childSizes=..., availableFreeSpace=..., relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:1131 #7 0x00007f64d499e7c9 in WebCore::RenderFlexibleBox::layoutFlexItems (this=0x7f64b53cf0c8, relayoutChildren=true, lineContexts=...) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:708 #8 0x00007f64d499c8c4 in WebCore::RenderFlexibleBox::layoutBlock (this=0x7f64b53cf0c8, relayoutChildren=true) at ../../Source/WebCore/rendering/RenderFlexibleBox.cpp:275 #9 0x00007f64d48d77c6 in WebCore::RenderBlock::layout (this=0x7f64b53cf0c8) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #10 0x00007f64d490694c in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f64b52dd228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #11 0x00007f64d490648a in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f64b52dd228, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #12 0x00007f64d49058ea in WebCore::RenderBlockFlow::layoutBlock (this=0x7f64b52dd228, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #13 0x00007f64d48d77c6 in WebCore::RenderBlock::layout (this=0x7f64b52dd228) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #14 0x00007f64d4aee02f in WebCore::RenderView::layoutContent (this=0x7f64b52dd228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253 #15 0x00007f64d4aee727 in WebCore::RenderView::layout (this=0x7f64b52dd228) at ../../Source/WebCore/rendering/RenderView.cpp:378 #16 0x00007f64d46b4346 in WebCore::FrameView::layout (this=0x7f64b500c000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1427 #17 0x00007f64d4106a83 in WebCore::Document::implicitClose (this=0x7f64b501d900) at ../../Source/WebCore/dom/Document.cpp:2704 #18 0x00007f64d4574e91 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7f64b52e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:861 #19 0x00007f64d4574bc1 in WebCore::FrameLoader::checkCompleted (this=0x7f64b52e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:807 #20 0x00007f64d4574937 in WebCore::FrameLoader::finishedParsing (this=0x7f64b52e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:728 #21 0x00007f64d4110bb4 in WebCore::Document::finishedParsing (this=0x7f64b501d900) at ../../Source/WebCore/dom/Document.cpp:4897 #22 0x00007f64d54aa7ab in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f64b52fe6e0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403 #23 0x00007f64d446adb2 in WebCore::HTMLTreeBuilder::finished (this=0x7f64b52fe6c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #24 0x00007f64d443b0a8 in WebCore::HTMLDocumentParser::end (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:393 #25 0x00007f64d443b176 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #26 0x00007f64d4439e6b in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #27 0x00007f64d443b1b1 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414 #28 0x00007f64d443b261 in WebCore::HTMLDocumentParser::finish (this=0x7f64b5048cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:442 #29 0x00007f64d4560166 in WebCore::DocumentWriter::end (this=0x7f64b502ef20) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #30 0x00007f64d454960a in WebCore::DocumentLoader::finishedLoading (this=0x7f64b502ee80, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437 #31 0x00007f64d4549364 in WebCore::DocumentLoader::notifyFinished (this=0x7f64b502ee80, resource=0x7f64b50261c0) at ../../Source/WebCore/loader/DocumentLoader.cpp:384 #32 0x00007f64d45f5d0d in WebCore::CachedResource::checkNotify (this=0x7f64b50261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #33 0x00007f64d45f5e22 in WebCore::CachedResource::finishLoading (this=0x7f64b50261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #34 0x00007f64d45f2044 in WebCore::CachedRawResource::finishLoading (this=0x7f64b50261c0, data=0x7f64b53bf900) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #35 0x00007f64d45ba1a1 in WebCore::SubresourceLoader::didFinishLoading (this=0x7f64b502fa80, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #36 0x00007f64d45b4be7 in WebCore::ResourceLoader::didFinishLoading (this=0x7f64b502fa80, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:638 #37 0x00007f64d4dbeb45 in WebCore::readCallback (asyncResult=0xbab9a0, data=0x7f64b53bd740) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1341 #38 0x00007f64cc9814e6 in async_ready_callback_wrapper (source_object=0xabf5b0, res=0xbab9a0, user_data=0x7f64b53bd740) at ginputstream.c:523 #39 0x00007f64cc9a7a04 in g_task_return_now (task=0xbab9a0) at gtask.c:1077 #40 0x00007f64cc9a7a29 in complete_in_idle_cb (task=0xbab9a0) at gtask.c:1086 #41 0x00007f64cc3dd72a in g_main_dispatch (context=0xab9700) at gmain.c:3064 #42 g_main_context_dispatch (context=context@entry=0xab9700) at gmain.c:3663 #43 0x00007f64cdd34b50 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=0x7ffce346d7e0, wfds=0x7ffce346d760, rfds=0x7ffce346d6e0, ecore_fds=<optimized out>, ctx=<optimized out>) at lib/ecore/ecore_glib.c:175 #44 _ecore_glib_select (ecore_fds=<optimized out>, rfds=0x7ffce346d6e0, wfds=0x7ffce346d760, efds=0x7ffce346d7e0, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:208 #45 0x00007f64cdd37b8c in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1481 #46 0x00007f64cdd38665 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1913 #47 0x00007f64cdd38827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988 #48 0x00007f64d5be0ebb in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #49 0x00007f64d3e81f7a in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffce346dc48) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #50 0x00007f64d3e81b88 in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffce346dc48) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #51 0x000000000040089a in main (argc=2, argv=0x7ffce346dc48) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Yeah, this is an actual issue, indeed. Thanks for reporting, I'll take care of it ASAP.
This reproduces in r204037.
<rdar://problem/27711829>
Somehow, I forgot about this bug. I'll take a look as soon as possible.
This is just an unsupported alignment value (blocked on bug 135460). *** This bug has been marked as a duplicate of bug 135460 ***
Even though bug #135460 can be considered the root cause of this bug, I'd not say it's duplicated. We shouldn't allow the layout code to reach those values, which are protected with an assert because the correspond to a new parsing logic of the new CSS Box Alignment specification. I think we had the new parsing logic implemented behind the GRID_LAYOUT compile flag, but if I remember correctly, we have remove it. I'd like to reopen the bug to investigate what happened and whether there is a way to avoid the assert even when the new values are not implemented.
(In reply to comment #6) > Even though bug #135460 can be considered the root cause of this bug, I'd > not say it's duplicated. We shouldn't allow the layout code to reach those > values, which are protected with an assert because the correspond to a new > parsing logic of the new CSS Box Alignment specification. > > I think we had the new parsing logic implemented behind the GRID_LAYOUT > compile flag, but if I remember correctly, we have remove it. > > I'd like to reopen the bug to investigate what happened and whether there is > a way to avoid the assert even when the new values are not implemented. Sure, please investigate it. Duping this to bug 135460 was more of a wishful thinking on my side :)
(In reply to comment #7) > (In reply to comment #6) > > I'd like to reopen the bug to investigate what happened and whether there is > > a way to avoid the assert even when the new values are not implemented. > Sure, please investigate it. Duping this to bug 135460 was more of a wishful > thinking on my side :) Np :) I'm on it and hopefully will send a patch for review today.
Created attachment 287081 [details] Patch
Created attachment 287087 [details] Patch
Created attachment 287108 [details] Patch
Comment on attachment 287108 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287108&action=review > Source/WebCore/css/parser/CSSParser.cpp:824 > + // FIXME: For now, we will do it behing the GRID_LAYOUT compile flag. Typo: behing > Source/WebCore/css/parser/CSSParser.cpp:830 > + // FIXME: For now, we will do it behing the GRID_LAYOUT compile flag. Ditto.
Created attachment 287232 [details] Patch
Comment on attachment 287232 [details] Patch Clearing flags on attachment: 287232 Committed r205102: <http://trac.webkit.org/changeset/205102>
All reviewed patches have been landed. Closing bug.
(In reply to comment #14) > Comment on attachment 287232 [details] > Patch > > Clearing flags on attachment: 287232 > > Committed r205102: <http://trac.webkit.org/changeset/205102> It broke the !ENABLE(CSS_GRID_LAYOUT) build: ../../Source/WebCore/css/parser/CSSParser.cpp: In function 'bool WebCore::isKeywordPropertyID(WebCore::CSSPropertyID)': ../../Source/WebCore/css/parser/CSSParser.cpp:1160:58: error: 'class WebCore::RuntimeEnabledFeatures' has no member named 'isCSSGridLayoutEnabled' isCSSGridLayoutEnabled() shouldn't be used without #if ENABLE(CSS_GRID_LAYOUT) guard.
(In reply to comment #16) > (In reply to comment #14) > > Comment on attachment 287232 [details] > > Patch > > > > Clearing flags on attachment: 287232 > > > > Committed r205102: <http://trac.webkit.org/changeset/205102> > > It broke the !ENABLE(CSS_GRID_LAYOUT) build: > > ../../Source/WebCore/css/parser/CSSParser.cpp: In function 'bool > WebCore::isKeywordPropertyID(WebCore::CSSPropertyID)': > ../../Source/WebCore/css/parser/CSSParser.cpp:1160:58: error: 'class > WebCore::RuntimeEnabledFeatures' has no member named 'isCSSGridLayoutEnabled' > > isCSSGridLayoutEnabled() shouldn't be used without #if > ENABLE(CSS_GRID_LAYOUT) guard. Sorry about that. I'll land a fix ASAP.
(In reply to comment #17) > (In reply to comment #16) > > (In reply to comment #14) > > > Comment on attachment 287232 [details] > > > Patch > > > > > > Clearing flags on attachment: 287232 > > > > > > Committed r205102: <http://trac.webkit.org/changeset/205102> > > > > It broke the !ENABLE(CSS_GRID_LAYOUT) build: > > > > ../../Source/WebCore/css/parser/CSSParser.cpp: In function 'bool > > WebCore::isKeywordPropertyID(WebCore::CSSPropertyID)': > > ../../Source/WebCore/css/parser/CSSParser.cpp:1160:58: error: 'class > > WebCore::RuntimeEnabledFeatures' has no member named 'isCSSGridLayoutEnabled' > > > > isCSSGridLayoutEnabled() shouldn't be used without #if > > ENABLE(CSS_GRID_LAYOUT) guard. > > Sorry about that. I'll land a fix ASAP. I've filed bug #161485 to land the patch after getting green EWS.