WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 178865
ASSERTION FAILED: !renderer->needsLayout() in WebCore::RenderBlock::checkPositionedObjectsNeedLayout with MathML
https://bugs.webkit.org/show_bug.cgi?id=178865
Summary
ASSERTION FAILED: !renderer->needsLayout() in WebCore::RenderBlock::checkPosi...
Renata Hodovan
Reported
2017-10-26 06:44:24 PDT
Created
attachment 325005
[details]
Test Load the attached test with debug WebKitTestRunner: <math style="transform: matrix(266, 638, -645, 889, 768, 735)"> <mi> <a> <a style="position: absolute;"></a> </a> </mi> </math> Checked version: 9e82982 OS: macOS Sierra (10.12.5) Backtrace: ASSERTION FAILED: !renderer->needsLayout() WebKit/Source/WebCore/rendering/RenderBlock.cpp(3625) : void WebCore::RenderBlock::checkPositionedObjectsNeedLayout() 1 0x12d2ad321 WTFCrash 2 0x10c1194f7 WebCore::RenderBlock::checkPositionedObjectsNeedLayout() 3 0x10c79e49f WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout() 4 0x10c79e411 WebCore::RenderObject::clearNeedsLayout() 5 0x10c733372 WebCore::RenderMathMLRow::layoutBlock(bool, WebCore::LayoutUnit) 6 0x10c0cd603 WebCore::RenderBlock::layout() 7 0x10b04e4ac WebCore::RenderElement::layoutIfNeeded() 8 0x10c22235d WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 9 0x10c195306 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 10 0x10c1919dc WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 11 0x10c0cd603 WebCore::RenderBlock::layout() 12 0x10c19f7fb WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 13 0x10c195b2b WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 14 0x10c191a53 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x10c0cd603 WebCore::RenderBlock::layout() 16 0x10c19f7fb WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x10c195b2b WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 18 0x10c191a53 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x10c0cd603 WebCore::RenderBlock::layout() 20 0x10cb8d3d6 WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 21 0x10cb8efea WebCore::RenderView::layout() 22 0x10ad86a1f WebCore::FrameView::layout() 23 0x1112c03a9 WebCore::Document::implicitClose() 24 0x111d82fc5 WebCore::FrameLoader::checkCallImplicitClose() 25 0x111d82706 WebCore::FrameLoader::checkCompleted() 26 0x111d7e4ea WebCore::FrameLoader::finishedParsing() 27 0x1112f46b2 WebCore::Document::finishedParsing() 28 0x10b18e236 WebCore::HTMLConstructionSite::finishedParsing() 29 0x10b55a2c9 WebCore::HTMLTreeBuilder::finished() 30 0x10b216ead WebCore::HTMLDocumentParser::end() 31 0x10b210fe9 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() ASAN:DEADLYSIGNAL ================================================================= ==84587==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00012d2ad359 bp 0x7fff5f2b5890 sp 0x7fff5f2b5880 T0) ==84587==The signal is caused by a WRITE memory access. ==84587==WARNING: invalid path to external symbolizer! ==84587==WARNING: Failed to use and restart external symbolizer! #0 0x12d2ad358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) #1 0x10c1194f6 in WebCore::RenderBlock::checkPositionedObjectsNeedLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x212d4f6) #2 0x10c79e49e in WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x27b249e) #3 0x10c79e410 in WebCore::RenderObject::clearNeedsLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x27b2410) #4 0x10c733371 in WebCore::RenderMathMLRow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2747371) #5 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602) #6 0x10b04e4ab in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x10624ab) #7 0x10c22235c in WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x223635c) #8 0x10c195305 in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a9305) #9 0x10c1919db in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59db) #10 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602) #11 0x10c19f7fa in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21b37fa) #12 0x10c195b2a in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a9b2a) #13 0x10c191a52 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a5a52) #14 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602) #15 0x10c19f7fa in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21b37fa) #16 0x10c195b2a in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a9b2a) #17 0x10c191a52 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a5a52) #18 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602) #19 0x10cb8d3d5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2ba13d5) #20 0x10cb8efe9 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2ba2fe9) #21 0x10ad86a1e in WebCore::FrameView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xd9aa1e) #22 0x1112c03a8 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d43a8) #23 0x111d82fc4 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7d96fc4) #24 0x111d82705 in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7d96705) #25 0x111d7e4e9 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7d924e9) #26 0x1112f46b1 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x73086b1) #27 0x10b18e235 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x11a2235) #28 0x10b55a2c8 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x156e2c8) #29 0x10b216eac in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122aeac) #30 0x10b210fe8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224fe8) #31 0x10b210b09 in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224b09) #32 0x10b216fcc in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122afcc) #33 0x10b217107 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122b107) #34 0x111cd32d7 in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce72d7) #35 0x111cd1793 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5793) #36 0x111cd1163 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5163) #37 0x111cd1a8b in non-virtual thunk to WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5a8b) #38 0x111f61ee8 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f75ee8) #39 0x111f5a003 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6e003) #40 0x111f5bf92 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6ff92) #41 0x111e8cf9f in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea0f9f) #42 0x102d00f59 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a6f59) #43 0x102d0d9df in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b39df) #44 0x102d0d5f8 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b35f8) #45 0x102d0a81f in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b081f) #46 0x102d0884a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23ae84a) #47 0x101301571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571) #48 0x100c7c88a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a) #49 0x100c60198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198) #50 0x100c7d5b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7) #51 0x100cbc4bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc) #52 0x100cbc3e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8) #53 0x12d3477e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2) #54 0x12d39ee1e in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefe1e) #55 0x12d39fd78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78) #56 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320) #57 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c) #58 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715) #59 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #60 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #61 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #62 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #63 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #64 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #65 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #66 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #67 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #68 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #69 0x100940dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0) #70 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) ==84587==Register values: rax = 0x00000000bbadbeef rbx = 0x00007fff5f2b5900 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000 rdi = 0x00001fffebe56ac8 rsi = 0x0000000000000000 rbp = 0x00007fff5f2b5890 rsp = 0x00007fff5f2b5880 r8 = 0x0000000000000041 r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff r12 = 0xf204f201f1f1f104 r13 = 0x0000100000000000 r14 = 0x00007fff5f2b5a90 r15 = 0x00007fff5f2b5aa0 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash ==84587==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 84587) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test
(163 bytes, text/html)
2017-10-26 06:44 PDT
,
Renata Hodovan
no flags
Details
Patch (WIP)
(2.11 KB, patch)
2017-11-15 04:52 PST
,
Frédéric Wang (:fredw)
no flags
Details
Formatted Diff
Diff
Patch
(14.70 KB, patch)
2017-11-15 11:36 PST
,
Frédéric Wang (:fredw)
rego
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Frédéric Wang (:fredw)
Comment 1
2017-11-14 14:31:28 PST
Just reading the code, I see that RenderMathMLRow::layoutRowItems does not call layoutIfNeeded for OutOfFlowPositioned children. This logic was copied from the flexbox code but I'm not sure how RenderFlexibleBox::layoutBlock ensures that clearNeedsLayout() won't ASSERT. I wonder whether we could just remove that OutOfFlowPositioned logic for MathML. @javi: Any idea?
Frédéric Wang (:fredw)
Comment 2
2017-11-15 04:52:10 PST
Created
attachment 326976
[details]
Patch (WIP) I discussed that a bit with rego, and the absolutely-positioned HTML element is not a child of the MathML element so the crash is actually not due to how RenderMathMLRow::layoutRowItems performs if (child->isOutOfFlowPositioned()) { child->containingBlock()->insertPositionedObject(*child); continue; } However, a similar insertPositionedObject call should happen inside the HTML renderers. And because of the CSS transform on it, the <math> element becomes the containing block of the absolutely-positioned HTML element and hence must call layoutPositionedObjects(). The attached patch does that and addresses the case reported here. This is still WIP, we need to: 1) Call layoutPositionedObjects() in other MathML layout functions. For example the ASSERT will also happen with <math> <mtext style="position: relative"> <span> <span style="position: absolute">X</span> </span> </mtext> </math> 2) Maybe call insertPositionedObject in other MathML layout functions too (probably a edge cases and not really important, for example Firefox does not handle that correctly either). For example compare the position of A and B in <math> <mtext style="position: absolute; left: 100px; top: 100px;">A</mtext> <mfrac> <mtext style="position: absolute; left: 100px; top: 100px;">B</mtext> <mtext></mtext> </mfrac> </math>
zalan
Comment 3
2017-11-15 08:36:51 PST
>2) Maybe call insertPositionedObject in other MathML layout functions too
Not sure how much it actually matter for MatML content, but in general any container (block or inline) could potentially be a containing block for any out of flow positioned descendant.
Frédéric Wang (:fredw)
Comment 4
2017-11-15 09:07:14 PST
(In reply to zalan from
comment #3
)
> >2) Maybe call insertPositionedObject in other MathML layout functions too > Not sure how much it actually matter for MatML content, but in general any > container (block or inline) could potentially be a containing block for any > out of flow positioned descendant.
I think we should definitely handle (1) i.e. call layoutPositionedObjects() in all MathML layoutBlock functions in order to address this kind of ASSERT failures where MathML elements have out-of-flow child in descendants. I'm less sure about (2) i.e. passing out-of-flow children of a MathML element to insertPositionedObject. That would be easy to do but this would also add some special handling in all MathML layoutBlock functions just for the sake of some weird use cases (e.g. absolutely positioning a numerator or a super-script). So I actually lean toward removing that from RenderMathMLRow too which is even more straightforward and simplify code further.
Frédéric Wang (:fredw)
Comment 5
2017-11-15 11:36:43 PST
Created
attachment 327003
[details]
Patch
Frédéric Wang (:fredw)
Comment 6
2017-11-15 11:38:28 PST
I've uploaded a patch to fix the ASSERTION failures and opened
bug 179739
for the handling of out-of-flow positioned children.
Manuel Rego Casasnovas
Comment 7
2017-11-15 12:04:07 PST
Comment on
attachment 327003
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=327003&action=review
r=me
> Source/WebCore/ChangeLog:9 > + out-of-flow positioned descendants. Also all MathML elements can be block container and hence
Nit: s/block container/containing block/
Frédéric Wang (:fredw)
Comment 8
2017-11-15 12:10:59 PST
https://trac.webkit.org/changeset/224894/
Radar WebKit Bug Importer
Comment 9
2017-11-15 15:04:32 PST
<
rdar://problem/35572670
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug