Bug 262250

Summary:

ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363)

Product:

WebKit

Reporter:

djinn <1319794503>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

ahmad.saleem792, bfulgham, simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

OS:

Linux

Attachments:

Description	Flags
testcase to trigger the crash	none

Description djinn 2023-09-27 21:18:04 PDT

Created attachment 467926 [details]
testcase to trigger the crash

ASSERTION FAILED: removed
/app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363) : void WebCore::FloatingObjects::removePlacedObject(WebCore::FloatingObject*)
1   0x7f2fcf2053f3 WTFCrash
2   0x7f2fd92c7da9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x8d5eda9) [0x7f2fd92c7da9]
3   0x7f2fdf4e5a34 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xef7ca34) [0x7f2fdf4e5a34]
4   0x7f2fdf4e5c96 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xef7cc96) [0x7f2fdf4e5c96]
5   0x7f2fdf5d3358 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf06a358) [0x7f2fdf5d3358]
6   0x7f2fdf5d6123 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf06d123) [0x7f2fdf5d6123]
7   0x7f2fdf5dfb18 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf076b18) [0x7f2fdf5dfb18]
8   0x7f2fdf5dfbbe /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf076bbe) [0x7f2fdf5dfbbe]
9   0x7f2fdfa120b1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4a90b1) [0x7f2fdfa120b1]
10  0x7f2fdfa1224e /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4a924e) [0x7f2fdfa1224e]
11  0x7f2fdfa30fa2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c7fa2) [0x7f2fdfa30fa2]
12  0x7f2fdfa3111f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c811f) [0x7f2fdfa3111f]
13  0x7f2fdfa2f8cb /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c68cb) [0x7f2fdfa2f8cb]
14  0x7f2fdfa2edbd /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c5dbd) [0x7f2fdfa2edbd]
15  0x7f2fdfa2e66f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c566f) [0x7f2fdfa2e66f]
16  0x7f2fddc040f1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd69b0f1) [0x7f2fddc040f1]
17  0x7f2fddc048d6 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
18  0x7f2fddc04f69 WebCore::Document::updateStyleIfNeeded()
19  0x7f2fddbfb221 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd692221) [0x7f2fddbfb221]
20  0x7f2fddc3f770 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd6d6770) [0x7f2fddc3f770]
21  0x7f2fd9ba1f47 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x9638f47) [0x7f2fd9ba1f47]
22  0x7f2fd9cad1ae /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x97441ae) [0x7f2fd9cad1ae]
23  0x7f2fdee304c4 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8c74c4) [0x7f2fdee304c4]
24  0x7f2fdee2fdb5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8c6db5) [0x7f2fdee2fdb5]
25  0x7f2fdee3327a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8ca27a) [0x7f2fdee3327a]
26  0x7f2fd9ba1f47 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x9638f47) [0x7f2fd9ba1f47]
27  0x7f2fdedd8640 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe86f640) [0x7f2fdedd8640]
28  0x7f2fdeddea28 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe875a28) [0x7f2fdeddea28]
29  0x7f2fdedde9a1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8759a1) [0x7f2fdedde9a1]
30  0x7f2fdedde917 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe875917) [0x7f2fdedde917]
31  0x7f2fdedde8a9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8758a9) [0x7f2fdedde8a9]

** (MiniBrowser:17): WARNING **: 13:58:57.273: WebProcess CRASHED

Comment 1 Radar WebKit Bug Importer 2023-10-04 21:19:13 PDT

<rdar://problem/116502345>

Comment 2 djinn 2023-11-03 23:00:59 PDT

Hello, I would like to ask if a previously submitted bug is still not processed or unconfirmed, was it submitted in the wrong way? Or is it something else? What should I do?

Comment 3 Ahmad Saleem 2024-02-04 16:01:43 PST

Something with similar was fixed in Blink here: https://chromium.googlesource.com/chromium/src.git/+/d97346ebbaff708023638756cb95373eb8f63b22

But it was in LayoutNG so don't know.