Bug 99656 - ASSERT in RenderLayer::hitTestContents can fire
Summary: ASSERT in RenderLayer::hitTestContents can fire
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks: 66687
  Show dependency treegraph
 
Reported: 2012-10-17 16:46 PDT by Adam Barth
Modified: 2020-03-14 17:07 PDT (History)
9 users (show)

See Also:

Attachments
Patch (4.94 KB, patch)
2012-10-17 16:48 PDT, Adam Barth 		no flags Details | Formatted Diff | Diff
Some attempts at a test (624 bytes, text/html)
2012-10-17 17:36 PDT, Adam Barth 		no flags Details
test case (312 bytes, text/html)
2012-10-28 21:03 PDT, Arun Patole 		no flags Details
LayoutTest that hits the ASSERT (639 bytes, text/html)
2012-11-02 10:46 PDT, Adam Barth 		no flags Details
Patch (7.10 KB, patch)
2012-11-02 10:59 PDT, Adam Barth 		no flags Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2012-10-17 16:46:27 PDT 
ASSERT in RenderLayer::hitTestContents can fire
Comment 1 Adam Barth 2012-10-17 16:48:40 PDT 
Created attachment 169298 [details]
Patch
Comment 2 Adam Barth 2012-10-17 16:50:34 PDT 
This patch comes from 6034d2de096bbdaf1be3474b0141c4d57094a956 in the chromium-android branch (for those with access to that source tree).
Comment 3 Adam Barth 2012-10-17 17:01:01 PDT 
    if (!renderer()->hitTest(request, result, hitTestLocation,
                            toLayoutPoint(layerBounds.location() - renderBoxLocation()),
                            hitTestFilter)) {
        // It's wrong to set innerNode, but then claim that you didn't hit anything, unless it is
        // a rect-based test.
        ASSERT(!result.innerNode() || (result.isRectBasedTest() && result.rectBasedTestResult().size()));
        return false;
    }

Apparently that is the ASSERT that fires.
Comment 4 Adam Barth 2012-10-17 17:36:50 PDT 
Created attachment 169313 [details]
Some attempts at a test
Comment 5 Allan Sandfeld Jensen 2012-10-18 02:00:56 PDT 
Comment on attachment 169298 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=169298&action=review

The patch makes sense. 

This is is one of those cases that makes me think addNodeToRectBasedResult really should be called from inside updateHitTestResult().

> Source/WebCore/rendering/RenderBlock.h:570
> +    Node* nodeForHitTest();

Could be const.
Comment 6 Arun Patole 2012-10-28 21:03:02 PDT 
Created attachment 171151 [details]
test case

I could repro this issue on android JB stock browser and chromium content shell(I had some weeks old content shell code but not the latest one) with attached small test case. You need to touch exactly at the border of image element. Looks to be a problem when hit test point falls in anonymous block.

As Adam rightly pointed out, Assert is because we are setting inner node of HitTestResult and also saying that HitTest doesn't found anything by returning false in HitTest function which is incorrect. This is happening because we are using different nodes in RenderBlock::nodeAtPoint and when setting innerNode in RenderBlock::updateHitTestResult. 

In RenderBlock::updateHitTestResult, in case of anonymous block continuation, we are using continuation()->node() which returns enclosing node i.e. <a> in our case. But in RenderBlock::nodeAtPoint, while calling addNodeToRectBasedTestResult we use "node()" which returns NULL for anonymous blocks. Using same node at both the places fixes the problem. Patch on this bug looks good to me,  Antonio can confirm this as from file revisions, looks like mainly he had implememented rect based hittest.
Comment 7 Arun Patole 2012-10-28 21:05:00 PDT 
cc Antonio
Comment 8 Antonio Gomes 2012-10-29 21:49:21 PDT 
Comment on attachment 169298 [details]
Patch

could not Internals::nodesFromRect be used to trigger this assert?
Comment 9 Adam Barth 2012-10-30 15:07:06 PDT 
Comment on attachment 169298 [details]
Patch

I'm going to try to construct a test based on the comments above.
Comment 10 Adam Barth 2012-11-02 10:46:54 PDT 
Created attachment 172085 [details]
LayoutTest that hits the ASSERT
Comment 11 Adam Barth 2012-11-02 10:48:20 PDT 
Comment on attachment 169298 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=169298&action=review

>> Source/WebCore/rendering/RenderBlock.h:570
>> +    Node* nodeForHitTest();
> 
> Could be const.

Done.
Comment 12 Antonio Gomes 2012-11-02 10:54:54 PDT 
CC'ing some BlackBerry people, since it gets hitten for them as well.
Comment 13 Adam Barth 2012-11-02 10:59:15 PDT 
Created attachment 172087 [details]
Patch
Comment 14 Eric Seidel (no email) 2012-11-02 11:45:19 PDT 
Comment on attachment 172087 [details]
Patch

Yay!
Comment 15 WebKit Review Bot 2012-11-02 12:15:52 PDT 
Comment on attachment 172087 [details]
Patch

Clearing flags on attachment: 172087

Committed r133330: <http://trac.webkit.org/changeset/133330>
Comment 16 WebKit Review Bot 2012-11-02 12:15:57 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 17 Antonio Gomes 2012-11-04 15:12:34 PST 
Comment on attachment 172087 [details]
Patch

Nice fix!
Comment 18 Adam Barth 2012-11-04 15:51:39 PST 
Thanks.  :)