169739 – [css-grid] Crash on debug removing a positioned child

RESOLVED FIXED Bug 169739

[css-grid] Crash on debug removing a positioned child

https://bugs.webkit.org/show_bug.cgi?id=169739

Summary [css-grid] Crash on debug removing a positioned child

Manuel Rego Casasnovas

Reported 2017-03-16 02:05:16 PDT

Created attachment 304619 [details] Example to reproduce the issue The problem is that when we remove a positioned child, the grid is not relayout but we're marking it as dirty. So when it's repainted we got a crash. The crash is: ASSERTION FAILED: !m_grid.needsItemsPlacement() /home/rego/checkout/WebKit/Source/WebCore/rendering/RenderGrid.cpp(1643) : virtual void WebCore::RenderGrid::paintChildren(WebCore::PaintInfo&, const WebCore::LayoutPoint&, WebCore::PaintInfo&, bool) This has been already fixed in Blink: https://codereview.chromium.org/2748983003/

Attachments
Example to reproduce the issue (683 bytes, text/html) 2017-03-16 02:05 PDT, Manuel Rego Casasnovas	no flags	Details
Patch (5.03 KB, patch) 2017-03-16 02:31 PDT, Manuel Rego Casasnovas	no flags	Details Formatted Diff Diff
Patch for landing (5.02 KB, patch) 2017-03-16 05:30 PDT, Manuel Rego Casasnovas	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Manuel Rego Casasnovas

Comment 1 2017-03-16 02:31:39 PDT

Created attachment 304623 [details] Patch

Sergio Villar Senin

Comment 2 2017-03-16 05:26:36 PDT

Comment on attachment 304623 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=304623&action=review Nice! > LayoutTests/fast/css-grid-layout/grid-crash-remove-positioned-item.html:11 > + after removing the positioned item. --> Nit: don't need to split this comment in 3 lines

Manuel Rego Casasnovas

Comment 3 2017-03-16 05:30:27 PDT

Created attachment 304635 [details] Patch for landing

WebKit Commit Bot

Comment 4 2017-03-16 06:13:05 PDT

Comment on attachment 304635 [details] Patch for landing Clearing flags on attachment: 304635 Committed r214039: <http://trac.webkit.org/changeset/214039>

WebKit Commit Bot

Comment 5 2017-03-16 06:13:12 PDT

All reviewed patches have been landed. Closing bug.

Manuel Rego Casasnovas

Comment 6 2017-03-16 08:20:41 PDT

*** Bug 169749 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Manuel Rego Casasnovas

Reported

2017-03-16 02:05 PDT

Modified

2017-03-16 08:20 PDT History

CC List

7 users Show

URL

Keywords BlinkMergeCandidate

Duplicates (1)

169749 View as bug list

Depends on

Blocks

60731

Dependancies

tree graph