Bug 226367 - Release assert in RenderFlexibleBox::computeInnerFlexBaseSizeForChild via RenderFlexibleBox::layoutFlexItems
Summary: Release assert in RenderFlexibleBox::computeInnerFlexBaseSizeForChild via Ren...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Rob Buis
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-05-27 22:00 PDT by Ryosuke Niwa
Modified: 2021-06-08 16:57 PDT (History)
13 users (show)

See Also:

Attachments
Test (131 bytes, text/html)
2021-05-27 22:39 PDT, Ryosuke Niwa 		no flags Details
Patch (1.50 KB, patch)
2021-05-28 03:21 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (3.28 KB, patch)
2021-05-28 05:28 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2021-05-27 22:00:29 PDT 
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
1   com.apple.WebCore             	0x0000000201ae3e5e std::__1::__throw_bad_optional_access() + 14 (optional:193)
2   com.apple.WebCore             	0x00000002071ad053 std::__1::optional<WebCore::LayoutUnit>::value() && + 51 (optional:965)
3   com.apple.WebCore             	0x000000020736faad WebCore::RenderFlexibleBox::computeInnerFlexBaseSizeForChild(WebCore::RenderBox&, WebCore::LayoutUnit) + 429 (RenderFlexibleBox.cpp:953)
4   com.apple.WebCore             	0x00000002073709a5 WebCore::RenderFlexibleBox::constructFlexItem(WebCore::RenderBox&, bool) + 613 (RenderFlexibleBox.cpp:1340)
5   com.apple.WebCore             	0x000000020736769d WebCore::RenderFlexibleBox::layoutFlexItems(bool) + 685 (RenderFlexibleBox.cpp:995)
6   com.apple.WebCore             	0x0000000207366aa7 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) + 999 (RenderFlexibleBox.cpp:307)
7   com.apple.WebCore             	0x000000020721ef8a WebCore::RenderBlock::layout() + 282 (RenderBlock.cpp:598)
8  com.apple.WebCore             	0x00000002072555e5 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1461 (RenderBlockFlow.cpp:764)
9  com.apple.WebCore             	0x000000020725200e WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 718 (RenderBlockFlow.cpp:675)
10  com.apple.WebCore             	0x0000000207250188 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1240 (RenderBlockFlow.cpp:527)
11  com.apple.WebCore             	0x000000020721ef8a WebCore::RenderBlock::layout() + 282 (RenderBlock.cpp:598)
12  com.apple.WebCore             	0x00000002075d5547 WebCore::RenderView::layout() + 1479 (RenderView.cpp:185)
13  com.apple.WebCore             	0x00000002066c77bf WebCore::FrameViewLayoutContext::layout() + 1359 (FrameViewLayoutContext.cpp:233)
14  com.apple.WebCore             	0x000000020549fc28 WebCore::Document::implicitClose() + 1064 (Document.cpp:3187)
15  com.apple.WebCore             	0x0000000206429bb9 WebCore::FrameLoader::checkCallImplicitClose() + 217 (FrameLoader.cpp:940)
16  com.apple.WebCore             	0x0000000206429043 WebCore::FrameLoader::checkCompleted() + 691 (FrameLoader.cpp:881)
17  com.apple.WebCore             	0x0000000206425615 WebCore::FrameLoader::finishedParsing() + 453 (FrameLoader.cpp:786)
18  com.apple.WebCore             	0x00000002054c0894 WebCore::Document::finishedParsing() + 612 (Document.cpp:6060)
19  com.apple.WebCore             	0x0000000205e55075 WebCore::HTMLConstructionSite::finishedParsing() + 37 (HTMLConstructionSite.cpp:419)
20  com.apple.WebCore             	0x0000000205eb4d0e WebCore::HTMLTreeBuilder::finished() + 30 (HTMLTreeBuilder.cpp:2843)
21  com.apple.WebCore             	0x0000000205e654e8 WebCore::HTMLDocumentParser::end() + 24 (HTMLDocumentParser.cpp:449)
22  com.apple.WebCore             	0x0000000205e62da9 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 57 (HTMLDocumentParser.cpp:458)
23  com.apple.WebCore             	0x0000000205e62cc1 WebCore::HTMLDocumentParser::prepareToStopParsing() + 273 (HTMLDocumentParser.cpp:152)
24  com.apple.WebCore             	0x0000000205e65530 WebCore::HTMLDocumentParser::attemptToEnd() + 64 (HTMLDocumentParser.cpp:470)
25  com.apple.WebCore             	0x0000000205e655ca WebCore::HTMLDocumentParser::finish() + 42 (HTMLDocumentParser.cpp:498)
26  com.apple.WebCore             	0x00000002063aaad1 WebCore::DocumentWriter::end() + 417 (DocumentWriter.cpp:294)
27  com.apple.WebCore             	0x00000002063a9633 WebCore::DocumentLoader::finishedLoading() + 739 (DocumentLoader.cpp:489)
28  com.apple.WebCore             	0x00000002063a8e4e WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) + 1262 (DocumentLoader.cpp:433)
29  com.apple.WebCore             	0x0000000206589060 WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) + 384 (CachedResource.cpp:336)
30  com.apple.WebCore             	0x00000002065835cf WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) + 79 (CachedResource.cpp:352)

<rdar://78570689>
Comment 1 Rob Buis 2021-05-27 22:22:30 PDT 
Needs a testcase :)
Comment 2 Ryosuke Niwa 2021-05-27 22:39:06 PDT 
Created attachment 429987 [details]
Test
Comment 3 Ryosuke Niwa 2021-05-27 22:42:08 PDT 
(In reply to Rob Buis from comment #1)
> Needs a testcase :)

Oops, added.
Comment 4 Rob Buis 2021-05-27 23:11:30 PDT 
This seems related to width: intrinsic usage, will have a look.
Comment 5 Ryosuke Niwa 2021-05-28 00:44:44 PDT 
(In reply to Rob Buis from comment #4)
> This seems related to width: intrinsic usage, will have a look.

Huh, is that feature enabled on trunk?
Comment 6 Rob Buis 2021-05-28 00:47:16 PDT 
(In reply to Ryosuke Niwa from comment #5)
> (In reply to Rob Buis from comment #4)
> > This seems related to width: intrinsic usage, will have a look.
> 
> Huh, is that feature enabled on trunk?

I know very little about this keyword. So far I found it is listed as kind of an alias for max-content here:
https://developer.mozilla.org/en-US/docs/Web/CSS/width

However replacing intrinsic with max-content does not make the test crash, so it is not a pure alias.
Comment 7 Rob Buis 2021-05-28 03:21:20 PDT 
Created attachment 429998 [details]
Patch
Comment 8 Rob Buis 2021-05-28 05:28:26 PDT 
Created attachment 430004 [details]
Patch
Comment 9 EWS 2021-05-31 02:22:20 PDT 
Committed r278275 (238312@main): <https://commits.webkit.org/238312@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 430004 [details].
Comment 10 Sergio Villar Senin 2021-05-31 04:27:21 PDT 
Comment on attachment 430004 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=430004&action=review

> Source/WebCore/rendering/RenderFlexibleBox.cpp:878
> +    if (isColumnFlow() && (flexBasis.isIntrinsic() || flexBasis.type() == LengthType::Intrinsic))

Does the attached test case crash with LenghtType::MinIntrinsic. If so can we replaced this second part with flexBasis.isLegacyIntrinsic() ?