174131 – ASSERTION FAILED: !needsLayout() in WebCore::RenderMathMLScripts::firstLineBaseline

RESOLVED FIXED Bug 174131

ASSERTION FAILED: !needsLayout() in WebCore::RenderMathMLScripts::firstLineBaseline

https://bugs.webkit.org/show_bug.cgi?id=174131

Summary ASSERTION FAILED: !needsLayout() in WebCore::RenderMathMLScripts::firstLineBa...

Renata Hodovan

Reported 2017-07-04 08:11:48 PDT

Load the attached test with debug WebKitTestRunner: Checked version: 52ec9f7 OS: macOS Sierra (10.12.5) <math><mtr><mtd><mi></mtd><msub> Backtrace: ASSERTION FAILED: !needsLayout() WebKit/Source/WebCore/rendering/mathml/RenderMathMLScripts.cpp(476) : virtual std::optional<int> WebCore::RenderMathMLScripts::firstLineBaseline() const 1 0x12e8cbf11 WTFCrash 2 0x11592b665 WebCore::RenderMathMLScripts::firstLineBaseline() const 3 0x11536d439 WebCore::RenderBlock::firstLineBaseline() const 4 0x11543d4ff WebCore::RenderBlockFlow::firstLineBaseline() const 5 0x115c01bbe WebCore::RenderTableCell::cellBaselinePosition() const 6 0x115c029a6 WebCore::RenderTableCell::layout() 7 0x115c2241d WebCore::RenderTableRow::layout() 8 0x111371a2c WebCore::RenderElement::layoutIfNeeded() 9 0x115c2a961 WebCore::RenderTableSection::layout() 10 0x111371a2c WebCore::RenderElement::layoutIfNeeded() 11 0x115bd94c3 WebCore::RenderTable::layout() 12 0x111371a2c WebCore::RenderElement::layoutIfNeeded() 13 0x11547d0e8 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 14 0x1153f78f4 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 15 0x1153f4201 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 16 0x1153344d4 WebCore::RenderBlock::layout() 17 0x111371a2c WebCore::RenderElement::layoutIfNeeded() 18 0x11591b53d WebCore::RenderMathMLRow::computeLineVerticalStretch(WebCore::LayoutUnit&, WebCore::LayoutUnit&) 19 0x11591f264 WebCore::RenderMathMLRow::layoutBlock(bool, WebCore::LayoutUnit) 20 0x1153344d4 WebCore::RenderBlock::layout() 21 0x111371a2c WebCore::RenderElement::layoutIfNeeded() 22 0x11547d0e8 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 23 0x1153f78f4 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 24 0x1153f4201 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 25 0x1153344d4 WebCore::RenderBlock::layout() 26 0x115401744 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 27 0x1153f808f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 28 0x1153f4278 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 29 0x1153344d4 WebCore::RenderBlock::layout() 30 0x115401744 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 31 0x1153f808f WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) ASAN:DEADLYSIGNAL ================================================================= ==20026==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00012e8cbf49 bp 0x7fff58cf8f10 sp 0x7fff58cf8f00 T0) #0 0x12e8cbf48 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3554f48) #1 0x11592b664 in WebCore::RenderMathMLScripts::firstLineBaseline() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e49664) #2 0x11536d438 in WebCore::RenderBlock::firstLineBaseline() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x588b438) #3 0x11543d4fe in WebCore::RenderBlockFlow::firstLineBaseline() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x595b4fe) #4 0x115c01bbd in WebCore::RenderTableCell::cellBaselinePosition() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611fbbd) #5 0x115c029a5 in WebCore::RenderTableCell::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61209a5) #6 0x115c2241c in WebCore::RenderTableRow::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x614041c) #7 0x111371a2b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x188fa2b) #8 0x115c2a960 in WebCore::RenderTableSection::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6148960) #9 0x111371a2b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x188fa2b) #10 0x115bd94c2 in WebCore::RenderTable::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60f74c2) #11 0x111371a2b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x188fa2b) #12 0x11547d0e7 in WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x599b0e7) #13 0x1153f78f3 in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59158f3) #14 0x1153f4200 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5912200) #15 0x1153344d3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58524d3) #16 0x111371a2b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x188fa2b) #17 0x11591b53c in WebCore::RenderMathMLRow::computeLineVerticalStretch(WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e3953c) #18 0x11591f263 in WebCore::RenderMathMLRow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e3d263) #19 0x1153344d3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58524d3) #20 0x111371a2b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x188fa2b) #21 0x11547d0e7 in WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x599b0e7) #22 0x1153f78f3 in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x59158f3) #23 0x1153f4200 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5912200) #24 0x1153344d3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58524d3) #25 0x115401743 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x591f743) #26 0x1153f808e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x591608e) #27 0x1153f4277 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5912277) #28 0x1153344d3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58524d3) #29 0x115401743 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x591f743) #30 0x1153f808e in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x591608e) #31 0x1153f4277 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5912277) #32 0x1153344d3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x58524d3) #33 0x115d3ac75 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6258c75) #34 0x115d3d0d5 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x625b0d5) #35 0x111707847 in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1c25847) #36 0x110cf56fe in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12136fe) #37 0x111681482 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b9f482) #38 0x111680c02 in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b9ec02) #39 0x11167ccbb in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b9acbb) #40 0x110d27ecc in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1245ecc) #41 0x111adef95 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ffcf95) #42 0x111df5f27 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2313f27) #43 0x111b5983b in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x207783b) #44 0x111b53f06 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2071f06) #45 0x111b53abd in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2071abd) #46 0x111b5995b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x207795b) #47 0x111b59a97 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2077a97) #48 0x110efe7af in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x141c7af) #49 0x110e49696 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1367696) #50 0x110e49092 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1367092) #51 0x1100fc2e3 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61a2e3) #52 0x1100fc973 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x61a973) #53 0x1100ed401 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60b401) #54 0x1167957e1 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6cb37e1) #55 0x108e4d56b in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f3956b) #56 0x108e5a2b9 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f462b9) #57 0x108e59ec4 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f45ec4) #58 0x108e56f68 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f42f68) #59 0x108e5512a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f4112a) #60 0x1077cb2ac in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x8b72ac) #61 0x10711faaa in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x20baaa) #62 0x107104104 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f0104) #63 0x107120795 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x20c795) #64 0x10715f39c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x24b39c) #65 0x10715f2c8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x24b2c8) #66 0x12e956a30 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x35dfa30) #67 0x12e9a57d0 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x362e7d0) #68 0x12e9a6801 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x362f801) #69 0x7fffabc81320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7320) #70 0x7fffabc6221c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8821c) #71 0x7fffabc61715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87715) #72 0x7fffabc61113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87113) #73 0x7fffab1c2ebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30ebb) #74 0x7fffab1c2cf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30cf0) #75 0x7fffab1c2b25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b25) #76 0x7fffa975ba53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x46a53) #77 0x7fffa9ed77ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c27ed) #78 0x7fffa97503da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3b3da) #79 0x7fffa971ae0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x5e0d) #80 0x7fffc16348c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6) #81 0x7fffc16332e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3) #82 0x106ef9f22 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f22) #83 0x7fffc13db234 in start (/usr/lib/system/libdyld.dylib+0x5234) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3554f48) in WTFCrash ==20026==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 20026) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy

Attachments
Test (32 bytes, application/octet-stream) 2017-07-04 08:11 PDT, Renata Hodovan	no flags	Details
Testcase (using mtr, invalid markup) (66 bytes, text/html) 2017-11-14 09:22 PST, Frédéric Wang (:fredw)	no flags	Details
Testcase (using HTML table, display math) (199 bytes, text/html) 2017-11-14 09:24 PST, Frédéric Wang (:fredw)	no flags	Details
Testcase (using HTML table and grid) (835 bytes, text/html) 2017-11-15 01:23 PST, Frédéric Wang (:fredw)	no flags	Details
Patch (4.42 KB, patch) 2017-11-15 01:50 PST, Frédéric Wang (:fredw)	alex: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Renata Hodovan

Comment 1 2017-07-04 08:11:49 PDT

Created attachment 314565 [details] Test

Frédéric Wang (:fredw)

Comment 2 2017-11-14 02:12:53 PST

OK, I hit it with the torture test https://mdn.mozillademos.org/en-US/docs/Mozilla/MathML_Project/MathML_Torture_Test$samples/MathML_Torture_Test ; I obtain the following trace: ASSERTION FAILED: !needsLayout() /Users/fred/WebKit/Source/WebCore/rendering/mathml/RenderMathMLScripts.cpp(479) : virtual std::optional<int> WebCore::RenderMathMLScripts::firstLineBaseline() const 1 0x10eeed24d WTFCrash 2 0x11639fbac WebCore::RenderMathMLScripts::firstLineBaseline() const 3 0x11638b0d8 WebCore::RenderMathMLBlock::ascentForChild(WebCore::RenderBox const&) 4 0x11639b909 WebCore::RenderMathMLRow::firstLineBaseline() const 5 0x11638b0d8 WebCore::RenderMathMLBlock::ascentForChild(WebCore::RenderBox const&) 6 0x11639b909 WebCore::RenderMathMLRow::firstLineBaseline() const 7 0x115ff77a4 WebCore::RenderBlock::firstLineBaseline() const 8 0x116019045 WebCore::RenderBlockFlow::firstLineBaseline() const 9 0x11629a8e6 WebCore::RenderTableCell::cellBaselinePosition() const 10 0x11629ab1b WebCore::RenderTableCell::layout() 11 0x1162b8dcd WebCore::RenderTableRow::layout() 12 0x115f8cdfc WebCore::RenderElement::layoutIfNeeded() 13 0x1162bd020 WebCore::RenderTableSection::layout() 14 0x115f8cdfc WebCore::RenderElement::layoutIfNeeded() 15 0x1162913ba WebCore::RenderTable::layout() This ASSERT was added in bug 153918 and was not present in RenderMathMLScripts::firstLineBaseline before. I wonder whether it is actually valid, none of the other firstLineBaseline functions have it.

Frédéric Wang (:fredw)

Comment 3 2017-11-14 09:22:07 PST

Created attachment 326883 [details] Testcase (using mtr, invalid markup) This is like attachment 314565 [details], but with the mtd removed and the open/close markup explicit. This is invalid MathML.

Frédéric Wang (:fredw)

Comment 4 2017-11-14 09:24:01 PST

Created attachment 326884 [details] Testcase (using HTML table, display math) This is a testcase extracted from the MathML torture test. It is different from the initial testcase since it uses a HTML table and display math. Also, it is valid MathML markup.

Frédéric Wang (:fredw)

Comment 5 2017-11-15 01:23:42 PST

Created attachment 326973 [details] Testcase (using HTML table and grid) This testcase follows similar path as attachment 326884 [details] but arrives on RenderGrid::firstLineBaseline() with needsLayout() == true. So I think this situation is not specific to MathML... RenderMathMLScripts seems to be the only firstLineBaseline implementation requiring needsLayout and I suspect I was a bit too strict when I added that in bug 153918.

Frédéric Wang (:fredw)

Comment 6 2017-11-15 01:50:57 PST

Created attachment 326974 [details] Patch

Frédéric Wang (:fredw)

Comment 7 2017-11-16 01:44:30 PST

I moved the more general issue to bug 179754.

Alejandro G. Castro

Comment 8 2017-11-21 00:33:02 PST

Comment on attachment 326974 [details] Patch LGTM, we probably made the mistake of adding the assert trying to be too protective.

Frédéric Wang (:fredw)

Comment 9 2017-11-21 00:38:07 PST

Committed r225069: <https://trac.webkit.org/changeset/225069>

Radar WebKit Bug Importer

Comment 10 2017-11-21 00:39:20 PST

<rdar://problem/35654156>

Frédéric Wang (:fredw)

Comment 11 2017-11-21 01:19:24 PST

Committed r225070: <https://trac.webkit.org/changeset/225070>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component MathML

Assignee

Frédéric Wang (:fredw)

Reported

2017-07-04 08:11 PDT

Modified

2017-11-21 01:19 PST History

CC List

9 users Show

URL

Keywords InRadar

Depends on

Blocks

116980

Dependancies

tree graph