49022 – Assertion reached in RenderBlock::FloatingObject::bottom()

Bug 49022 - Assertion reached in RenderBlock::FloatingObject::bottom()

Summary: Assertion reached in RenderBlock::FloatingObject::bottom()

Status:	RESOLVED CONFIGURATION CHANGED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC All

Importance:	P2 Normal
Assignee:	Nobody

URL:	http://www.indiatimes.com/Obama-comes...
Keywords:

Depends on:
Blocks:

Reported:	2010-11-04 14:21 PDT by zalan
Modified:	2023-07-03 06:30 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
somewhat reduced testcase (65.80 KB, application/x-gzip) 2010-11-04 14:37 PDT, zalan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zalan 2010-11-04 14:21:17 PDT

assertion was introduced in http://trac.webkit.org/changeset/69082

backtrace:

#0  0xb678bfa9 in WebCore::RenderBlock::FloatingObject::bottom (this=0xa692618) at ../../../WebCore/rendering/RenderBlock.h:391
#1  0xb678c150 in WebCore::RenderBlock::logicalBottomForFloat (this=0xa5d8a44, child=0xa692618) at ../../../WebCore/rendering/RenderBlock.h:413
#2  0xb679ba0e in WebCore::RenderBlock::nextFloatLogicalBottomBelow (this=0xa5d8a44, logicalHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:3318
#3  0xb67c31a3 in WebCore::RenderBlock::fitBelowFloats (this=0xa5d8a44, widthToFit=3, firstLine=true, availableWidth=@0xbff414f4) at ../../../WebCore/rendering/RenderBlockLineLayout.cpp:1347
#4  0xb67c5588 in WebCore::RenderBlock::findNextLineBreak (this=0xa5d8a44, resolver=..., firstLine=true, isLineEmpty=@0xbff41805, previousLineBrokeCleanly=@0xbff41809, hyphenated=@0xbff41803, clear=0xbff417a4, 
    lastFloatFromPreviousLine=0xa6947a8) at ../../../WebCore/rendering/RenderBlockLineLayout.cpp:1918
#5  0xb67bff8d in WebCore::RenderBlock::layoutInlineChildren (this=0xa5d8a44, relayoutChildren=true, repaintLogicalTop=@0xbff41948, repaintLogicalBottom=@0xbff41944) at ../../../WebCore/rendering/RenderBlockLineLayout.cpp:665
#6  0xb6792426 in WebCore::RenderBlock::layoutBlock (this=0xa5d8a44, relayoutChildren=true, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1207
#7  0xb6791e3e in WebCore::RenderBlock::layout (this=0xa5d8a44) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#8  0xb6794e00 in WebCore::RenderBlock::layoutBlockChild (this=0xa5d4ce4, child=0xa5d8a44, marginInfo=..., previousFloatLogicalBottom=@0xbff41b04, maxFloatLogicalBottom=@0xbff41c50) at ../../../WebCore/rendering/RenderBlock.cpp:1877
#9  0xb6794abb in WebCore::RenderBlock::layoutBlockChildren (this=0xa5d4ce4, relayoutChildren=true, maxFloatLogicalBottom=@0xbff41c50) at ../../../WebCore/rendering/RenderBlock.cpp:1815
#10 0xb6792445 in WebCore::RenderBlock::layoutBlock (this=0xa5d4ce4, relayoutChildren=true, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1209
#11 0xb6791e3e in WebCore::RenderBlock::layout (this=0xa5d4ce4) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#12 0xb678a29f in WebCore::RenderObject::layoutIfNeeded (this=0xa5d4ce4) at ../../../WebCore/rendering/RenderObject.h:494
#13 0xb6799fcd in WebCore::RenderBlock::insertFloatingObject (this=0xa5d3b74, o=0xa5d4ce4) at ../../../WebCore/rendering/RenderBlock.cpp:2955
#14 0xb679319b in WebCore::RenderBlock::handleFloatingChild (this=0xa5d3b74, child=0xa5d4ce4, marginInfo=...) at ../../../WebCore/rendering/RenderBlock.cpp:1407
#15 0xb67930d6 in WebCore::RenderBlock::handleSpecialChild (this=0xa5d3b74, child=0xa5d4ce4, marginInfo=...) at ../../../WebCore/rendering/RenderBlock.cpp:1390
#16 0xb6794a90 in WebCore::RenderBlock::layoutBlockChildren (this=0xa5d3b74, relayoutChildren=true, maxFloatLogicalBottom=@0xbff41f50) at ../../../WebCore/rendering/RenderBlock.cpp:1811
#17 0xb6792445 in WebCore::RenderBlock::layoutBlock (this=0xa5d3b74, relayoutChildren=true, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1209
#18 0xb6791e3e in WebCore::RenderBlock::layout (this=0xa5d3b74) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#19 0xb678a29f in WebCore::RenderObject::layoutIfNeeded (this=0xa5d3b74) at ../../../WebCore/rendering/RenderObject.h:494
#20 0xb6799fcd in WebCore::RenderBlock::insertFloatingObject (this=0xa58dbec, o=0xa5d3b74) at ../../../WebCore/rendering/RenderBlock.cpp:2955
#21 0xb679319b in WebCore::RenderBlock::handleFloatingChild (this=0xa58dbec, child=0xa5d3b74, marginInfo=...) at ../../../WebCore/rendering/RenderBlock.cpp:1407
#22 0xb67930d6 in WebCore::RenderBlock::handleSpecialChild (this=0xa58dbec, child=0xa5d3b74, marginInfo=...) at ../../../WebCore/rendering/RenderBlock.cpp:1390
#23 0xb6794a90 in WebCore::RenderBlock::layoutBlockChildren (this=0xa58dbec, relayoutChildren=true, maxFloatLogicalBottom=@0xbff42250) at ../../../WebCore/rendering/RenderBlock.cpp:1811
#24 0xb6792445 in WebCore::RenderBlock::layoutBlock (this=0xa58dbec, relayoutChildren=true, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1209
#25 0xb6791e3e in WebCore::RenderBlock::layout (this=0xa58dbec) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#26 0xb6794e00 in WebCore::RenderBlock::layoutBlockChild (this=0xa364e54, child=0xa58dbec, marginInfo=..., previousFloatLogicalBottom=@0xbff42414, maxFloatLogicalBottom=@0xbff42560) at ../../../WebCore/rendering/RenderBlock.cpp:1877
#27 0xb6794abb in WebCore::RenderBlock::layoutBlockChildren (this=0xa364e54, relayoutChildren=false, maxFloatLogicalBottom=@0xbff42560) at ../../../WebCore/rendering/RenderBlock.cpp:1815
#28 0xb6792445 in WebCore::RenderBlock::layoutBlock (this=0xa364e54, relayoutChildren=false, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1209
#29 0xb6791e3e in WebCore::RenderBlock::layout (this=0xa364e54) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#30 0xb6794e00 in WebCore::RenderBlock::layoutBlockChild (this=0xa355b44, child=0xa364e54, marginInfo=..., previousFloatLogicalBottom=@0xbff42724, maxFloatLogicalBottom=@0xbff42870) at ../../../WebCore/rendering/RenderBlock.cpp:1877
#31 0xb6794abb in WebCore::RenderBlock::layoutBlockChildren (this=0xa355b44, relayoutChildren=false, maxFloatLogicalBottom=@0xbff42870) at ../../../WebCore/rendering/RenderBlock.cpp:1815
#32 0xb6792445 in WebCore::RenderBlock::layoutBlock (this=0xa355b44, relayoutChildren=false, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1209
#33 0xb6791e3e in WebCore::RenderBlock::layout (this=0xa355b44) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#34 0xb6794e00 in WebCore::RenderBlock::layoutBlockChild (this=0xa28d17c, child=0xa355b44, marginInfo=..., previousFloatLogicalBottom=@0xbff42a34, maxFloatLogicalBottom=@0xbff42b80) at ../../../WebCore/rendering/RenderBlock.cpp:1877
#35 0xb6794abb in WebCore::RenderBlock::layoutBlockChildren (this=0xa28d17c, relayoutChildren=false, maxFloatLogicalBottom=@0xbff42b80) at ../../../WebCore/rendering/RenderBlock.cpp:1815
#36 0xb6792445 in WebCore::RenderBlock::layoutBlock (this=0xa28d17c, relayoutChildren=false, pageHeight=0) at ../../../WebCore/rendering/RenderBlock.cpp:1209
#37 0xb6791e3e in WebCore::RenderBlock::layout (this=0xa28d17c) at ../../../WebCore/rendering/RenderBlock.cpp:1105
#38 0xb6889f0b in WebCore::RenderView::layout (this=0xa28d17c) at ../../../WebCore/rendering/RenderView.cpp:130
#39 0xb6679768 in WebCore::FrameView::layout (this=0xa2658c8, allowSubtree=true) at ../../../WebCore/page/FrameView.cpp:788
#40 0xb667e3d1 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0xa2658c8) at ../../../WebCore/page/FrameView.cpp:2104
#41 0xb6950543 in QWebFramePrivate::renderRelativeCoords (this=0xa289d78, context=0xbff42ef8, layer=QWebFrame::AllLayers, clip=...) at ../../../WebKit/qt/Api/qwebframe.cpp:345
#42 0xb69535ba in QWebFrame::render (this=0xa271b58, painter=0xbff42f38, clip=...) at ../../../WebKit/qt/Api/qwebframe.cpp:1149
#43 0xb696c35d in QWebView::paintEvent (this=0xa10b400, ev=0xbff434b4) at ../../../WebKit/qt/Api/qwebview.cpp:930
#44 0xb45ec606 in QWidget::event (this=0xa10b400, event=0xbff434b4) at kernel/qwidget.cpp:8333
#45 0xb696c120 in QWebView::event (this=0xa10b400, e=0xbff434b4) at ../../../WebKit/qt/Api/qwebview.cpp:834
#46 0xb458e84c in QApplicationPrivate::notify_helper (this=0xa0bcb88, receiver=0xa10b400, e=0xbff434b4) at kernel/qapplication.cpp:4396
#47 0xb4594939 in QApplication::notify (this=0xbff44190, receiver=0xa10b400, e=0xbff434b4) at kernel/qapplication.cpp:4361
#48 0xb42fe8cb in QCoreApplication::notifyInternal (this=0xbff44190, receiver=0xa10b400, event=0xbff434b4) at kernel/qcoreapplication.cpp:732
#49 0xb45f3836 in QCoreApplication::sendSpontaneousEvent (this=0xa24a668, pdev=0xa2913ac, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0xa291350)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#50 QWidgetPrivate::drawWidget (this=0xa24a668, pdev=0xa2913ac, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0xa291350) at kernel/qwidget.cpp:5420
#51 0xb47e1d87 in QWidgetBackingStore::sync (this=0xa291350) at painting/qbackingstore.cpp:1320
#52 0xb45e5ba3 in QWidgetPrivate::syncBackingStore (this=0xa1fb568) at kernel/qwidget.cpp:1805
#53 0xb45ecda6 in QWidget::event (this=0xa1f9ff0, event=0xa312658) at kernel/qwidget.cpp:8480
#54 0xb4a25b87 in QMainWindow::event (this=0xa1f9ff0, event=0xa312658) at widgets/qmainwindow.cpp:1417
#55 0xb458e84c in QApplicationPrivate::notify_helper (this=0xa0bcb88, receiver=0xa1f9ff0, e=0xa312658) at kernel/qapplication.cpp:4396
#56 0xb4594939 in QApplication::notify (this=0xbff44190, receiver=0xa1f9ff0, e=0xa312658) at kernel/qapplication.cpp:4361
#57 0xb42fe8cb in QCoreApplication::notifyInternal (this=0xbff44190, receiver=0xa1f9ff0, event=0xa312658) at kernel/qcoreapplication.cpp:732
#58 0xb4301b2b in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0xa0bcc80) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#59 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xa0bcc80) at kernel/qcoreapplication.cpp:1373
#60 0xb4301ced in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1266
#61 0xb432d5b4 in QCoreApplication::sendPostedEvents (s=0xa0c2910) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#62 postEventSourceDispatch (s=0xa0c2910) at kernel/qeventdispatcher_glib.cpp:277
#63 0xb364c5e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#64 0xb36502d8 in ?? () from /lib/libglib-2.0.so.0

--------------------------------------------------------------------------------------------------------------------------------------
I debugged it and what i found was that

1, findNextLineBreak loops through the render objects to find line breaks
2, finds a float box
3, creates a floating object by calling insertFloatingObject()
4, the floating object does not fit the current line, so it does not get positioned (newLine() is supposed to position)
5, still inside the while loop in findNextLineBreak(), next object is a textbox
6, while checking the textbox, fitBelowFloats() gets called, which calls nextFloatLogicalBottomBelow()
7, nextFloatLogicalBottomBelow() loops through the floating object list (m_floatingObjects) and finds the not-yet-positioned floating object, which was added at step #3.
8, asserts RenderBlock::FloatingObject::bottom()

Comment 1 zalan 2010-11-04 14:37:50 PDT

Created attachment 72983 [details]
somewhat reduced testcase

couldn't reduce the page any further

Comment 2 Antti Koivisto 2010-11-05 07:04:44 PDT

Asserts on Safari too.

Comment 3 Caio Marcelo de Oliveira Filho 2011-04-13 09:42:24 PDT

Could reproduce using QtWebKit from trunk r83733 and loading the URL in the bug, but not the reduced test case. I'm investigating.

Comment 4 Ahmad Saleem 2023-07-02 04:13:02 PDT

It does not assert on WebKit ToT (265693@main) using ‘run-minibrowser —debug’, it does not do anything while loading HTML test case from local. I think this might have been resolved since 2011 now and can be closed. Thanks!