RESOLVED FIXED 205474
ASSERTION FAILED: hasLayer() in RenderLayer::enclosingOverflowClipLayer 
https://bugs.webkit.org/show_bug.cgi?id=205474
Summary ASSERTION FAILED: hasLayer() in RenderLayer::enclosingOverflowClipLayer
Jack
Reported 2019-12-19 14:34:42 PST
Created attachment 386142 [details] Test html <rdar://57177521> ASSERTION FAILED: hasLayer() ./rendering/RenderBoxModelObject.cpp(563) : WebCore::LayoutSize WebCore::RenderBoxModelObject::stickyPositionOffset() const 1 0x11a2f0499 WTFCrash 2 0x1358fe240 PAL::AVAssetCacheFunction() 3 0x13ef76075 WebCore::RenderBoxModelObject::stickyPositionOffset() const 4 0x13ee56011 WebCore::RenderBoxModelObject::offsetForInFlowPosition() const 5 0x13ef391ed WebCore::RenderBox::offsetFromContainer(WebCore::RenderElement&, WebCore::LayoutPoint const&, bool*) const 6 0x13ef36686 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const 7 0x13f4535fd WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const&, unsigned int, bool*) const 8 0x13f06f791 WebCore::RenderElement::getLeadingCorner(WebCore::FloatPoint&, bool&) const 9 0x13f071fe3 WebCore::RenderElement::absoluteAnchorRect(bool*) const 10 0x13bf518fb WebCore::Element::scrollIntoViewIfNeeded(bool) 11 0x1370b9de7 WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeededBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*, JSC::ThrowScope&) 12 0x136f46218 long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeededBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 13 0x136f45d74 WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeeded(JSC::JSGlobalObject*, JSC::CallFrame*) 14 0x51f27ba0116b 15 0x11b3047c9 llint_entry 16 0x11b3047c9 llint_entry 17 0x11b2e7952 vmEntryToJavaScript 18 0x11d8801e7 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 19 0x11d881261 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 20 0x11e0cbd45 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 21 0x11e0cc2c2 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 22 0x11e0cd04e JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 23 0x13b1475b2 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 24 0x13b195708 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) 25 0x13c01aab4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase) 26 0x13c011896 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) 27 0x13d9f464d WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) 28 0x13da103b0 WebCore::DOMWindow::dispatchLoadEvent() 29 0x13bdb9bed WebCore::Document::dispatchWindowLoadEvent() 30 0x13bdb9279 WebCore::Document::implicitClose() 31 0x13d6b657f WebCore::FrameLoader::checkCallImplicitClose() #CRASHED
Attachments
Test html (421 bytes, text/html)
2019-12-19 14:34 PST, Jack 		no flags
Details
Patch (4.71 KB, patch)
2019-12-19 14:39 PST, Jack 		no flags
DetailsFormatted DiffDiff
Patch (4.63 KB, patch)
2019-12-19 14:53 PST, Jack 		no flags
DetailsFormatted DiffDiff
Patch (4.64 KB, patch)
2020-01-06 12:39 PST, Jack 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Jack
Comment 1 2019-12-19 14:39:16 PST
Created attachment 386144 [details] Patch
Ryosuke Niwa
Comment 2 2019-12-19 14:46:56 PST
Comment on attachment 386144 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=386144&action=review > Source/WebCore/rendering/RenderBoxModelObject.cpp:450 > + RenderLayer* clipLayer = nullptr; > + if (hasLayer()) > + clipLayer = layer()->enclosingOverflowClipLayer(ExcludeSelf); Why not just this? RenderLayer* clipLayer = hasLayer() ? layer()->enclosingOverflowClipLayer(ExcludeSelf) : nullptr > Source/WebCore/rendering/RenderBoxModelObject.cpp:542 > + RenderLayer* enclosingClippingLayer = nullptr; Ditto.
Jack
Comment 3 2019-12-19 14:53:30 PST
Created attachment 386147 [details] Patch
Ryosuke Niwa
Comment 4 2019-12-19 15:06:36 PST
Comment on attachment 386147 [details] Patch Makes sense to me.
Wenson Hsieh
Comment 5 2020-01-02 14:22:41 PST
Comment on attachment 386147 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=386147&action=review > Source/WebCore/rendering/RenderBoxModelObject.cpp:448 > + RenderLayer* clipLayer = hasLayer()? layer()->enclosingOverflowClipLayer(ExcludeSelf) : nullptr; Super minor nit - space between "hasLayer()" and "?"
Jack
Comment 6 2020-01-06 12:39:31 PST
Created attachment 386875 [details] Patch
Jack
Comment 7 2020-01-06 12:53:32 PST
Thanks! Good catch! Somehow the patch tool didn't report it. > Comment on attachment 386147 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=386147&action=review > > > Source/WebCore/rendering/RenderBoxModelObject.cpp:448 > > + RenderLayer* clipLayer = hasLayer()? layer()->enclosingOverflowClipLayer(ExcludeSelf) : nullptr; > > Super minor nit - space between "hasLayer()" and "?"
EWS
Comment 8 2020-01-06 13:16:57 PST
Comment on attachment 386875 [details] Patch Rejecting attachment 386875 [details] from review queue. shihchieh_lee@apple.com does not have reviewer permissions according to https://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/contributors.json. - If you do not have reviewer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have reviewer rights please correct the error in Tools/Scripts/webkitpy/common/config/contributors.json by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your reviewer rights.
WebKit Commit Bot
Comment 9 2020-01-06 14:20:51 PST
Comment on attachment 386875 [details] Patch Clearing flags on attachment: 386875 Committed r254086: <https://trac.webkit.org/changeset/254086>
WebKit Commit Bot
Comment 10 2020-01-06 14:20:53 PST
All reviewed patches have been landed. Closing bug.
Ryosuke Niwa
Comment 11 2020-03-30 18:10:39 PDT
*** Bug 207033 has been marked as a duplicate of this bug. ***
Martin Robinson
Comment 12 2021-08-20 04:17:47 PDT
*** Bug 202910 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.