Bug 296687
| Summary: | REGRESSION(297834@main): [Grid] vimeo.com/watch not loading, crashing webprocess | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Philippe Normand <philn> |
| Component: | Layout and Rendering | Assignee: | Claudio Saavedra <csaavedra> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bfulgham, bugs-noreply, fantasai.bugs, simon.fraser, webkit-bug-importer, zalan |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | All | ||
Philippe Normand
ASSERTION FAILED: !currentGrid().needsItemsPlacement()
/var/home/phil/WebKit/Source/WebCore/rendering/RenderGrid.cpp(2526) : unsigned int WebCore::RenderGrid::numTracks(Style::GridTrackSizingDirection) const
1 0x7f519ddea13c WebCore::RenderGrid::numTracks(WebCore::Style::GridTrackSizingDirection) const
2 0x7f519ddf6529 WebCore::RenderGrid::gridAreaRangeForOutOfFlow(WebCore::RenderBox const&, WebCore::Style::GridTrackSizingDirection) const
3 0x7f519dd1527f WebCore::PositionedLayoutConstraints::captureGridArea()
4 0x7f519dd14580 WebCore::PositionedLayoutConstraints::PositionedLayoutConstraints(WebCore::RenderBox const&, WebCore::RenderStyle const&, WebCore::LogicalBoxAxis)
5 0x7f519dd70fd5 WebCore::RenderBox::computePositionedLogicalHeight(WebCore::RenderBox::LogicalExtentComputedValues&) const
6 0x7f519dd6f8b2 WebCore::RenderBox::computeLogicalHeight(WebCore::LayoutUnit, WebCore::LayoutUnit) const
7 0x7f519dd3bdc1 WebCore::RenderBlock::availableLogicalHeightForPercentageComputation() const
8 0x7f519dd7c236 WebCore::RenderBox::hasAutoHeightOrContainingBlockWithAutoHeight(WebCore::RenderBox::UpdatePercentageHeightDescendants) const
9 0x7f519deb3daa WebCore::RenderReplaced::setNeedsLayoutIfNeededAfterIntrinsicSizeChange()
10 0x7f519de00ad1 WebCore::RenderImage::repaintOrMarkForLayout(WebCore::ImageSizeChangeType, WebCore::IntRect const*)
11 0x7f519de011c3 WebCore::RenderImage::imageChanged(void const*, WebCore::IntRect const*)
12 0x7f519d584b20 WebCore::CachedImage::didAddClient(WebCore::CachedResourceClient&)
13 0x7f519de0519e WebCore::RenderImageResource::setCachedImage(WebCore::CachedResourceHandle<WebCore::CachedImage>&&)
14 0x7f519d03578e WebCore::HTMLImageElement::didAttachRenderers()
15 0x7f519e081470 WebCore::RenderTreeUpdater::popParent()
16 0x7f519e07f888 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&)
17 0x7f519e07d5e2 WebCore::RenderTreeUpdater::commit(std::unique_ptr<WebCore::Style::Update, std::default_delete<WebCore::Style::Update> >)
18 0x7f519cc0a239 WebCore::Document::updateRenderTree(std::unique_ptr<WebCore::Style::Update, std::default_delete<WebCore::Style::Update> >)
19 0x7f519cc0a8ea WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
20 0x7f519cc0b406 WebCore::Document::updateStyleIfNeeded()
21 0x7f519cc5dae6 WTF::Detail::CallableWrapper<WebCore::Document::Document(WebCore::LocalFrame*, WebCore::Settings const&, WTF::URL const&, WTF::OptionSet<WebCore::DocumentClass>, WTF::OptionSet<WebCore::Document::ConstructionFlag>, std::optional<WebCore::ProcessQualified<WTF::UUID> >)::$_0, void>::call()
22 0x7f519d893593 WebCore::ThreadTimers::sharedTimerFiredInternal()
23 0x7f5194e10b22 WTF::RunLoop::TimerBase::TimerBase(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WTF::ASCIILiteral)::$_0::__invoke(void*)
24 0x7f5194e0fa3d WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*)
25 0x7f5191eeb880 g_main_context_dispatch_unlocked.lto_priv.0
26 0x7f5191ef47c8 g_main_context_iterate_unlocked.isra.0
27 0x7f5191ef4a6f g_main_loop_run
28 0x7f5194e0ff95 WTF::RunLoop::run()
29 0x7f519acebc36 WebKit::WebProcessMain(int, char**)
30 0x7f518f1235f5 __libc_start_call_main
31 0x7f518f1236a8 __libc_start_main
After commenting out this assert, the webprocess still crashes.
#0 0x00007f625f6ee239 in WTFCrash () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1
#1 0x00007f62649be3f9 in WTF::CrashOnOverflow::crash() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#2 0x00007f62649be3e9 in WTF::CrashOnOverflow::overflowed() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#3 0x00007f62689f65d9 in WebCore::RenderGrid::gridAreaRangeForOutOfFlow(WebCore::RenderBox const&, WebCore::Style::GridTrackSizingDirection) const ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#4 0x00007f626891527f in WebCore::PositionedLayoutConstraints::captureGridArea() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#5 0x00007f6268914580 in WebCore::PositionedLayoutConstraints::PositionedLayoutConstraints(WebCore::RenderBox const&, WebCore::RenderStyle const&, WebCore::LogicalBoxAxis) ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#6 0x00007f6268970fd5 in WebCore::RenderBox::computePositionedLogicalHeight(WebCore::RenderBox::LogicalExtentComputedValues&) const ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#7 0x00007f626896f8b2 in WebCore::RenderBox::computeLogicalHeight(WebCore::LayoutUnit, WebCore::LayoutUnit) const () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#8 0x00007f626893bdc1 in WebCore::RenderBlock::availableLogicalHeightForPercentageComputation() const () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#9 0x00007f626897c236 in WebCore::RenderBox::hasAutoHeightOrContainingBlockWithAutoHeight(WebCore::RenderBox::UpdatePercentageHeightDescendants) const ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#10 0x00007f6268ab3b9a in WebCore::RenderReplaced::setNeedsLayoutIfNeededAfterIntrinsicSizeChange() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#11 0x00007f6268a008c1 in WebCore::RenderImage::repaintOrMarkForLayout(WebCore::ImageSizeChangeType, WebCore::IntRect const*) ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#12 0x00007f6268a00fb3 in WebCore::RenderImage::imageChanged(void const*, WebCore::IntRect const*) () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#13 0x00007f6268184b20 in WebCore::CachedImage::didAddClient(WebCore::CachedResourceClient&) () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#14 0x00007f6268a04f8e in WebCore::RenderImageResource::setCachedImage(WebCore::CachedResourceHandle<WebCore::CachedImage>&&) ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#15 0x00007f6267c3578e in WebCore::HTMLImageElement::didAttachRenderers() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#16 0x00007f6268c81260 in WebCore::RenderTreeUpdater::popParent() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#17 0x00007f6268c7f678 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#18 0x00007f6268c7d3d2 in WebCore::RenderTreeUpdater::commit(std::unique_ptr<WebCore::Style::Update, std::default_delete<WebCore::Style::Update> >) ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#19 0x00007f626780a239 in WebCore::Document::updateRenderTree(std::unique_ptr<WebCore::Style::Update, std::default_delete<WebCore::Style::Update> >) ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#20 0x00007f626780a8ea in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#21 0x00007f626780b406 in WebCore::Document::updateStyleIfNeeded() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#22 0x00007f626785dae6 in WTF::Detail::CallableWrapper<WebCore::Document::Document(WebCore::LocalFrame*, WebCore::Settings const&, WTF::URL const&, WTF::OptionSet<WebCore::DocumentClass>, WTF::OptionSet<WebCore::Document::ConstructionFlag>, std::optional<WebCore::ProcessQualified<WTF::UUID> >)::$_0, void>::call() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#23 0x00007f6268493593 in WebCore::ThreadTimers::sharedTimerFiredInternal() () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4
#24 0x00007f625f810b22 in WTF::RunLoop::TimerBase::TimerBase(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WTF::ASCIILiteral)::$_0::__invoke(void*) ()
at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1
#25 0x00007f625f80fa3d in WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) () at /var/home/phil/WebKit/local-build-gtk/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1
#26 0x00007f625a4eb880 in g_main_dispatch (context=0x3c389720) at ../glib/gmain.c:3398
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Philippe Normand
Claudio reports, MiniBrowser crashes from main, stable Safari doesn't.
Claudio Saavedra
Pull request: https://github.com/WebKit/WebKit/pull/48711
EWS
Committed 298027@main (13150084c749): <https://commits.webkit.org/298027@main>
Reviewed commits have been landed. Closing PR #48711 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/157104909>
fantasai
For future reference, this line in availableLogicalHeightForPercentageComputation() is hiding a lot of work:
if (isOutOfFlowPositionedWithSpecifiedHeight) {
// Don't allow this to affect the block' size() member variable, since this
// can get called while the block is still laying out its kids.
return std::max(0_lu, computeLogicalHeight(logicalHeight(), 0_lu).m_extent - borderAndPaddingLogicalHeight() - scrollbarLogicalHeight());
}
I think it should probably be doing a lot less work.