253182 – Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCore::RenderBox::nextSiblingBox() const

RESOLVED DUPLICATE of bug 253165253182

Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCore::RenderBox::nextSiblingBox() const

https://bugs.webkit.org/show_bug.cgi?id=253182

Summary Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCo...

Sammy Gill

Reported 2023-03-01 11:49:05 PST

Created attachment 465249 [details] Testcase The assertion gets triggered with the attached test case. The next sibling is a RenderText so nextSiblingBox returns nullptr

Attachments
Testcase (559 bytes, text/html) 2023-03-01 11:49 PST, Sammy Gill	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-03-01 14:05:48 PST

<rdar://problem/106105433>

Alexey Proskuryakov

Comment 2 2023-03-05 12:02:51 PST

This isn't just an assertion failure, but a 100% reproducible crash in production builds. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x1bed1fecc WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 512 1 WebCore 0x1bed2035c WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1680 2 WebCore 0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796 3 WebCore 0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452 4 WebCore 0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76 5 WebCore 0x1c0bbcfac WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 80 6 WebCore 0x1c0bbcd38 WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 128 7 WebCore 0x1bed20298 WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1484 8 WebCore 0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796 9 WebCore 0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452 10 WebCore 0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76 11 WebCore 0x1c0bea950 WebCore::RenderBox::computeLogicalWidthInFragmentUsing(WebCore::SizeType, WebCore::Length, WebCore::LayoutUnit, WebCore::RenderBlock const&, WebCore::RenderFragmentContainer*) const + 596 12 WebCore 0x1c0bf5624 WebCore::RenderBox::computeLogicalWidthInFragment(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderFragmentContainer*) const + 1544 13 WebCore 0x1bec83f80 WebCore::RenderBox::updateLogicalWidth() + 44 14 WebCore 0x1c0bc6a88 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 412 15 WebCore 0x1c0cd4a00 WebCore::RenderRubyRun::layoutBlock(bool, WebCore::LayoutUnit) + 72 16 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 17 WebCore 0x1c0ba2f14 WebCore::LegacyLineLayout::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 9296 18 WebCore 0x1c0bc9398 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 436 19 WebCore 0x1c0bc6d9c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1200 20 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 21 WebCore 0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920 22 WebCore 0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252 23 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 24 WebCore 0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920 25 WebCore 0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252 26 WebCore 0x1bec81b5c WebCore::RenderBlock::layout() + 120 27 WebCore 0x1bec815d4 WebCore::RenderView::layout() + 496 28 WebCore 0x1c0805cdc WebCore::FrameViewLayoutContext::performLayout() + 736 29 WebCore 0x1c0805930 WebCore::FrameViewLayoutContext::layout() + 44 30 WebCore 0x1becd26b4 WebCore::Document::updateLayout() + 476 31 WebCore 0x1c02c7b10 WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) + 48 32 WebCore 0x1bed9be1c WebCore::CompositeEditCommand::apply() + 500 33 WebCore 0x1c02c5f78 WebCore::Editor::applyStyle(WTF::RefPtr<WebCore::EditingStyle, WTF::RawPtrTraits<WebCore::EditingStyle>, WTF::DefaultRefDerefTraits<WebCore::EditingStyle>>&&, WebCore::EditAction, WebCore::Editor::ColorFilterMode) + 496 34 WebCore 0x1c02f19b4 WebCore::executeToggleStyle(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSPropertyID, WTF::ASCIILiteral, WTF::ASCIILiteral) + 240 35 WebCore 0x1bedefe7c WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 100 36 WebCore 0x1bf2a0ac4 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 532 37 ??? 0x110810204 ??? 38 ??? 0x110808248 ??? 39 ??? 0x110808248 ??? 40 ??? 0x110808728 ??? 41 JavaScriptCore 0x1bbf75420 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 520 42 JavaScriptCore 0x1bc269c54 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 104 43 WebCore 0x1bfe59f6c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 132 44 WebCore 0x1bfe75ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1080 45 WebCore 0x1c02049e4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 444 46 WebCore 0x1c01fcbdc WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 336 47 WebCore 0x1c07b0d24 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 368 48 WebCore 0x1becafd50 WebCore::DOMWindow::dispatchLoadEvent() + 316 49 WebCore 0x1bec7d738 WebCore::Document::implicitClose() + 476 50 WebCore 0x1bec7d210 WebCore::FrameLoader::checkCompleted() + 312 51 WebCore 0x1bec7c598 WebCore::FrameLoader::finishedParsing() + 340 52 WebCore 0x1bec7b354 WebCore::Document::finishedParsing() + 608 53 WebCore 0x1bec74300 WebCore::HTMLDocumentParser::prepareToStopParsing() + 296 54 WebCore 0x1bec73fa0 WebCore::HTMLDocumentParser::finish() + 236 55 WebCore 0x1bec73bd4 WebCore::DocumentWriter::end() + 148 56 WebCore 0x1c06cfa2c WebCore::DocumentLoader::finishedLoading() + 308

alan

Comment 3 2023-03-05 12:48:49 PST

Not crashing on 261244@main.

alan

Comment 4 2023-03-05 12:50:27 PST

(must have progressed at 261063@main)

Sammy Gill

Comment 5 2023-12-20 15:01:56 PST

I don't think this bugzilla should have ever been created and must have been a mistake on my end. Quite literally a duplicate of https://bugs.webkit.org/show_bug.cgi?id=253165 considering the exact same test case was used *** This bug has been marked as a duplicate of bug 253165 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 253165

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Sammy Gill

Reported

2023-03-01 11:49 PST

Modified

2023-12-20 15:01 PST History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks