253182 – Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCore::RenderBox::nextSiblingBox() const

Bug 253182 - Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCore::RenderBox::nextSiblingBox() const

Summary: Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCo...

Status:	RESOLVED DUPLICATE of bug 253165

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Sammy Gill

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-03-01 11:49 PST by Sammy Gill
Modified:	2023-12-20 15:01 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Testcase (559 bytes, text/html) 2023-03-01 11:49 PST, Sammy Gill	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sammy Gill 2023-03-01 11:49:05 PST

Created attachment 465249 [details]
Testcase

The assertion gets triggered with the attached test case. The next sibling is a RenderText so nextSiblingBox returns nullptr

Comment 1 Radar WebKit Bug Importer 2023-03-01 14:05:48 PST

<rdar://problem/106105433>

Comment 2 Alexey Proskuryakov 2023-03-05 12:02:51 PST

This isn't just an assertion failure, but a 100% reproducible crash in production builds.

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                       	       0x1bed1fecc WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 512
1   WebCore                       	       0x1bed2035c WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1680
2   WebCore                       	       0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796
3   WebCore                       	       0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452
4   WebCore                       	       0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76
5   WebCore                       	       0x1c0bbcfac WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 80
6   WebCore                       	       0x1c0bbcd38 WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 128
7   WebCore                       	       0x1bed20298 WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1484
8   WebCore                       	       0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796
9   WebCore                       	       0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452
10  WebCore                       	       0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76
11  WebCore                       	       0x1c0bea950 WebCore::RenderBox::computeLogicalWidthInFragmentUsing(WebCore::SizeType, WebCore::Length, WebCore::LayoutUnit, WebCore::RenderBlock const&, WebCore::RenderFragmentContainer*) const + 596
12  WebCore                       	       0x1c0bf5624 WebCore::RenderBox::computeLogicalWidthInFragment(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderFragmentContainer*) const + 1544
13  WebCore                       	       0x1bec83f80 WebCore::RenderBox::updateLogicalWidth() + 44
14  WebCore                       	       0x1c0bc6a88 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 412
15  WebCore                       	       0x1c0cd4a00 WebCore::RenderRubyRun::layoutBlock(bool, WebCore::LayoutUnit) + 72
16  WebCore                       	       0x1bec81b5c WebCore::RenderBlock::layout() + 120
17  WebCore                       	       0x1c0ba2f14 WebCore::LegacyLineLayout::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 9296
18  WebCore                       	       0x1c0bc9398 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 436
19  WebCore                       	       0x1c0bc6d9c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1200
20  WebCore                       	       0x1bec81b5c WebCore::RenderBlock::layout() + 120
21  WebCore                       	       0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920
22  WebCore                       	       0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252
23  WebCore                       	       0x1bec81b5c WebCore::RenderBlock::layout() + 120
24  WebCore                       	       0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920
25  WebCore                       	       0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252
26  WebCore                       	       0x1bec81b5c WebCore::RenderBlock::layout() + 120
27  WebCore                       	       0x1bec815d4 WebCore::RenderView::layout() + 496
28  WebCore                       	       0x1c0805cdc WebCore::FrameViewLayoutContext::performLayout() + 736
29  WebCore                       	       0x1c0805930 WebCore::FrameViewLayoutContext::layout() + 44
30  WebCore                       	       0x1becd26b4 WebCore::Document::updateLayout() + 476
31  WebCore                       	       0x1c02c7b10 WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) + 48
32  WebCore                       	       0x1bed9be1c WebCore::CompositeEditCommand::apply() + 500
33  WebCore                       	       0x1c02c5f78 WebCore::Editor::applyStyle(WTF::RefPtr<WebCore::EditingStyle, WTF::RawPtrTraits<WebCore::EditingStyle>, WTF::DefaultRefDerefTraits<WebCore::EditingStyle>>&&, WebCore::EditAction, WebCore::Editor::ColorFilterMode) + 496
34  WebCore                       	       0x1c02f19b4 WebCore::executeToggleStyle(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSPropertyID, WTF::ASCIILiteral, WTF::ASCIILiteral) + 240
35  WebCore                       	       0x1bedefe7c WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 100
36  WebCore                       	       0x1bf2a0ac4 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 532
37  ???                           	       0x110810204 ???
38  ???                           	       0x110808248 ???
39  ???                           	       0x110808248 ???
40  ???                           	       0x110808728 ???
41  JavaScriptCore                	       0x1bbf75420 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 520
42  JavaScriptCore                	       0x1bc269c54 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 104
43  WebCore                       	       0x1bfe59f6c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 132
44  WebCore                       	       0x1bfe75ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1080
45  WebCore                       	       0x1c02049e4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 444
46  WebCore                       	       0x1c01fcbdc WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 336
47  WebCore                       	       0x1c07b0d24 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 368
48  WebCore                       	       0x1becafd50 WebCore::DOMWindow::dispatchLoadEvent() + 316
49  WebCore                       	       0x1bec7d738 WebCore::Document::implicitClose() + 476
50  WebCore                       	       0x1bec7d210 WebCore::FrameLoader::checkCompleted() + 312
51  WebCore                       	       0x1bec7c598 WebCore::FrameLoader::finishedParsing() + 340
52  WebCore                       	       0x1bec7b354 WebCore::Document::finishedParsing() + 608
53  WebCore                       	       0x1bec74300 WebCore::HTMLDocumentParser::prepareToStopParsing() + 296
54  WebCore                       	       0x1bec73fa0 WebCore::HTMLDocumentParser::finish() + 236
55  WebCore                       	       0x1bec73bd4 WebCore::DocumentWriter::end() + 148
56  WebCore                       	       0x1c06cfa2c WebCore::DocumentLoader::finishedLoading() + 308

Comment 3 zalan 2023-03-05 12:48:49 PST

Not crashing on 261244@main.

Comment 4 zalan 2023-03-05 12:50:27 PST

(must have progressed at 261063@main)

Comment 5 Sammy Gill 2023-12-20 15:01:56 PST

I don't think this bugzilla should have ever been created and must have been a mistake on my end. Quite literally a duplicate of https://bugs.webkit.org/show_bug.cgi?id=253165 considering the exact same test case was used

*** This bug has been marked as a duplicate of bug 253165 ***