Bug 262265

Summary: ASSERTION FAILED: foundAncestor /app/webkit/Source/WebCore/rendering/RenderLayer.cpp(2440)
Product: WebKit Reporter: djinn <1319794503>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ahmad.saleem792, bfulgham, karlcow, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: BrowserCompat, InRadar
Version: WebKit Nightly Build   
Hardware: PC   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=244588
https://bugs.webkit.org/show_bug.cgi?id=135648
Attachments:
Description Flags
testcase to trigger the crash none

Description djinn 2023-09-27 22:17:34 PDT 
Created attachment 467939 [details]
testcase to trigger the crash

ASSERTION FAILED: foundAncestor
/app/webkit/Source/WebCore/rendering/RenderLayer.cpp(2440) : const WebCore::RenderLayer* WebCore::accumulateOffsetTowardsAncestor(const RenderLayer*, const RenderLayer*, LayoutPoint&, RenderLayer::ColumnOffsetAdjustment)

The minimized testcase will be upload as soon as possible.
Comment 1 Ahmad Saleem 2023-09-28 03:47:20 PDT 
Fixed similar assertion in Blink here: https://src.chromium.org/viewvc/blink?view=revision&revision=199725
Comment 2 Karl Dubost 2023-09-28 18:44:55 PDT 
Ahmad, 

And the companion test seems to be there, but it is passing on all browsers (once normalized for property names.)
https://searchfox.org/wubkat/search?q=transform-with-fixedpos&path=&case=false&regexp=false

So Maybe there's more to it.
Comment 3 Radar WebKit Bug Importer 2023-10-04 22:18:32 PDT 
<rdar://problem/116503953>
Comment 4 djinn 2023-11-03 23:03:14 PDT 
Hello, I would like to ask if a previously submitted bug is still not processed or unconfirmed, was it submitted in the wrong way? Or is it something else? Should I offer more info?
Comment 5 Karl Dubost 2023-11-05 17:44:34 PST 
djinn,

I haven't reproduced the crash with the attached test case on Safari Release 181 (Safari 17.4, WebKit 19618.1.3.1)

The testcase seems to be just the webpage of Outlook.
Often it's easier to get a reduced test case which exactly triggers the issue. 


Some of the past commits on chromium
https://github.com/search?q=repo%3Achromium%2Fchromium+accumulateOffsetTowardsAncestor&type=commits

The current code on WebKit
https://searchfox.org/wubkat/rev/023c54054092dc68c5df3b230ed3137cbd753b16/Source/WebCore/rendering/RenderLayer.cpp#2435
Comment 6 Ahmad Saleem 2024-07-09 18:23:43 PDT 
SVN mirror is gone, so putting chromium git link - https://chromium.googlesource.com/chromium/blink/+/973d374bd2935f90e9513377bc6e3c85045207df