Bug 205474 - ASSERTION FAILED: hasLayer() in RenderLayer::enclosingOverflowClipLayer
Summary: ASSERTION FAILED: hasLayer() in RenderLayer::enclosingOverflowClipLayer
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
: 202910 207033 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-12-19 14:34 PST by Jack
Modified: 2021-08-20 04:17 PDT (History)
14 users (show)

See Also:


Attachments
Test html (421 bytes, text/html)
2019-12-19 14:34 PST, Jack
no flags Details
Patch (4.71 KB, patch)
2019-12-19 14:39 PST, Jack
no flags Details | Formatted Diff | Diff
Patch (4.63 KB, patch)
2019-12-19 14:53 PST, Jack
no flags Details | Formatted Diff | Diff
Patch (4.64 KB, patch)
2020-01-06 12:39 PST, Jack
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jack 2019-12-19 14:34:42 PST
Created attachment 386142 [details]
Test html

<rdar://57177521>

ASSERTION FAILED: hasLayer()
./rendering/RenderBoxModelObject.cpp(563) : WebCore::LayoutSize WebCore::RenderBoxModelObject::stickyPositionOffset() const
1   0x11a2f0499 WTFCrash
2   0x1358fe240 PAL::AVAssetCacheFunction()
3   0x13ef76075 WebCore::RenderBoxModelObject::stickyPositionOffset() const
4   0x13ee56011 WebCore::RenderBoxModelObject::offsetForInFlowPosition() const
5   0x13ef391ed WebCore::RenderBox::offsetFromContainer(WebCore::RenderElement&, WebCore::LayoutPoint const&, bool*) const
6   0x13ef36686 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
7   0x13f4535fd WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const&, unsigned int, bool*) const
8   0x13f06f791 WebCore::RenderElement::getLeadingCorner(WebCore::FloatPoint&, bool&) const
9   0x13f071fe3 WebCore::RenderElement::absoluteAnchorRect(bool*) const
10  0x13bf518fb WebCore::Element::scrollIntoViewIfNeeded(bool)
11  0x1370b9de7 WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeededBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*, JSC::ThrowScope&)
12  0x136f46218 long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeededBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
13  0x136f45d74 WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeeded(JSC::JSGlobalObject*, JSC::CallFrame*)
14  0x51f27ba0116b
15  0x11b3047c9 llint_entry
16  0x11b3047c9 llint_entry
17  0x11b2e7952 vmEntryToJavaScript
18  0x11d8801e7 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
19  0x11d881261 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
20  0x11e0cbd45 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
21  0x11e0cc2c2 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
22  0x11e0cd04e JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
23  0x13b1475b2 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
24  0x13b195708 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
25  0x13c01aab4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase)
26  0x13c011896 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
27  0x13d9f464d WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*)
28  0x13da103b0 WebCore::DOMWindow::dispatchLoadEvent()
29  0x13bdb9bed WebCore::Document::dispatchWindowLoadEvent()
30  0x13bdb9279 WebCore::Document::implicitClose()
31  0x13d6b657f WebCore::FrameLoader::checkCallImplicitClose()
#CRASHED
Comment 1 Jack 2019-12-19 14:39:16 PST
Created attachment 386144 [details]
Patch
Comment 2 Ryosuke Niwa 2019-12-19 14:46:56 PST
Comment on attachment 386144 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=386144&action=review

> Source/WebCore/rendering/RenderBoxModelObject.cpp:450
> +    RenderLayer* clipLayer = nullptr;
> +    if (hasLayer())
> +        clipLayer = layer()->enclosingOverflowClipLayer(ExcludeSelf);

Why not just this?
RenderLayer* clipLayer = hasLayer() ? layer()->enclosingOverflowClipLayer(ExcludeSelf) : nullptr

> Source/WebCore/rendering/RenderBoxModelObject.cpp:542
> +    RenderLayer* enclosingClippingLayer = nullptr;

Ditto.
Comment 3 Jack 2019-12-19 14:53:30 PST
Created attachment 386147 [details]
Patch
Comment 4 Ryosuke Niwa 2019-12-19 15:06:36 PST
Comment on attachment 386147 [details]
Patch

Makes sense to me.
Comment 5 Wenson Hsieh 2020-01-02 14:22:41 PST
Comment on attachment 386147 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=386147&action=review

> Source/WebCore/rendering/RenderBoxModelObject.cpp:448
> +    RenderLayer* clipLayer = hasLayer()? layer()->enclosingOverflowClipLayer(ExcludeSelf) : nullptr;

Super minor nit - space between "hasLayer()" and "?"
Comment 6 Jack 2020-01-06 12:39:31 PST
Created attachment 386875 [details]
Patch
Comment 7 Jack 2020-01-06 12:53:32 PST
Thanks! Good catch! Somehow the patch tool didn't report it.

> Comment on attachment 386147 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=386147&action=review
> 
> > Source/WebCore/rendering/RenderBoxModelObject.cpp:448
> > +    RenderLayer* clipLayer = hasLayer()? layer()->enclosingOverflowClipLayer(ExcludeSelf) : nullptr;
> 
> Super minor nit - space between "hasLayer()" and "?"
Comment 8 EWS 2020-01-06 13:16:57 PST
Comment on attachment 386875 [details]
Patch

Rejecting attachment 386875 [details] from review queue.

shihchieh_lee@apple.com does not have reviewer permissions according to https://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/contributors.json.

- If you do not have reviewer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags.

- If you have reviewer rights please correct the error in Tools/Scripts/webkitpy/common/config/contributors.json by adding yourself to the file (no review needed).  The commit-queue restarts itself every 2 hours.  After restart the commit-queue will correctly respect your reviewer rights.
Comment 9 WebKit Commit Bot 2020-01-06 14:20:51 PST
Comment on attachment 386875 [details]
Patch

Clearing flags on attachment: 386875

Committed r254086: <https://trac.webkit.org/changeset/254086>
Comment 10 WebKit Commit Bot 2020-01-06 14:20:53 PST
All reviewed patches have been landed.  Closing bug.
Comment 11 Ryosuke Niwa 2020-03-30 18:10:39 PDT
*** Bug 207033 has been marked as a duplicate of this bug. ***
Comment 12 Martin Robinson 2021-08-20 04:17:47 PDT
*** Bug 202910 has been marked as a duplicate of this bug. ***