Bug 191824 - Should never be reached failure in WebCore::RenderElement::visibleInViewportStateChanged
Summary: Should never be reached failure in WebCore::RenderElement::visibleInViewportS...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Rob Buis
URL:
Keywords: InRadar
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2018-11-18 01:17 PST by Renata Hodovan
Modified: 2022-04-22 23:29 PDT (History)
21 users (show)

See Also:

Attachments
Test (50 bytes, text/html)
2018-11-18 01:17 PST, Renata Hodovan 		no flags Details
Patch (3.13 KB, patch)
2022-04-02 01:22 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (2.76 KB, patch)
2022-04-06 02:03 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2018-11-18 01:17:52 PST 
Created attachment 355234 [details]
Test

Load the attached test with debug WebKitTestRunner / MiniBrowser:

<audio controls style="padding: 119vh 71vh 33vh">

The failure can be triggered both with Mac and GTK builds.

Checked revision: bd74428d9fb

Backtrace:

SHOULD NEVER BE REACHED
./rendering/RenderElement.cpp(1267) : virtual void WebCore::RenderElement::visibleInViewportStateChanged()
1   0x1388e0d39 WTFCrash
2   0x117ac00b0 WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul>::Vector()
3   0x1200b3cc4 WebCore::RenderElement::visibleInViewportStateChanged()
4   0x1200b3c5b WebCore::RenderElement::setVisibleInViewportState(WebCore::VisibleInViewportState)
5   0x12070df94 WebCore::RenderView::updateVisibleViewportRect(WebCore::IntRect const&)
6   0x11ec13c4b WebCore::FrameView::viewportContentsChanged()::$_2::operator()(WebCore::FrameView&, WebCore::IntRect const&) const
7   0x11ec13b54 WTF::Function<void (WebCore::FrameView&, WebCore::IntRect const&)>::CallableWrapper<WebCore::FrameView::viewportContentsChanged()::$_2>::call(WebCore::FrameView&, WebCore::IntRect const&)
8   0x11eb93efc WTF::Function<void (WebCore::FrameView&, WebCore::IntRect const&)>::operator()(WebCore::FrameView&, WebCore::IntRect const&) const
9   0x11eb8ae8a WebCore::FrameView::applyRecursivelyWithVisibleRect(WTF::Function<void (WebCore::FrameView&, WebCore::IntRect const&)> const&)
10  0x11eb670d4 WebCore::FrameView::viewportContentsChanged()
11  0x11eb9a465 WebCore::FrameView::performPostLayoutTasks()
12  0x11ebc1cbb WebCore::FrameViewLayoutContext::runAsynchronousTasks()
13  0x11ebc2ce2 WebCore::FrameViewLayoutContext::runOrScheduleAsynchronousTasks()
14  0x11eb57a2c WebCore::FrameViewLayoutContext::layout()
15  0x11eb95e8d WebCore::FrameView::updateContentsSize()
16  0x11f078c23 WebCore::ScrollView::updateScrollbars(WebCore::IntPoint const&)
17  0x11f07f74c WebCore::ScrollView::setContentsSize(WebCore::IntSize const&)
18  0x11eb64d6e WebCore::FrameView::setContentsSize(WebCore::IntSize const&)
19  0x11eb50822 WebCore::FrameView::adjustViewSize()
20  0x11eb577ab WebCore::FrameViewLayoutContext::layout()
21  0x11d163663 WebCore::Document::updateLayout()
22  0x11d166fda WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
23  0x11ca39c0f WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout)
24  0x11ca3957e WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const
25  0x11ca77c7a WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal(WebCore::CSSPropertyID)
26  0x11cc3f6b5 WebCore::CSSStyleDeclaration::namedItem(WTF::AtomicString const&)
27  0x1186e628d std::optional<WTF::Variant<WTF::String, double> > WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0::operator()<WebCore::JSCSSStyleDeclaration, JSC::PropertyName>(WebCore::JSCSSStyleDeclaration&, JSC::PropertyName) const
28  0x1186b7ed9 decltype(fp2(fp0, fp1)) WebCore::accessVisibleNamedProperty<(WebCore::OverrideBuiltins)0, WebCore::JSCSSStyleDeclaration, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&>(JSC::ExecState&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&&&)
29  0x1186b4e88 WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
30  0x1398fde3c JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
31  0x1398fb93f bool JSC::JSObject::getPropertySlot<false>(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
Comment 1 Simon Fraser (smfr) 2018-11-20 09:52:54 PST 
An audio element's renderer can call registerForVisibleInViewportCallback() via HTMLMediaElement::layoutSizeChanged(), but only RenderVideo implements visibleInViewportStateChanged().
Comment 2 Rob Buis 2022-04-02 01:22:51 PDT 
Created attachment 456454 [details]
Patch
Comment 3 Rob Buis 2022-04-06 02:03:49 PDT 
Created attachment 456794 [details]
Patch
Comment 4 EWS 2022-04-22 23:28:24 PDT 
Committed r293287 (249912@main): <https://commits.webkit.org/249912@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 456794 [details].
Comment 5 Radar WebKit Bug Importer 2022-04-22 23:29:15 PDT 
<rdar://problem/92207010>