WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED INVALID
261110
Crash in InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes
https://bugs.webkit.org/show_bug.cgi?id=261110
Summary
Crash in InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes
Andrei Bucur
Reported
2023-09-04 04:04:37 PDT
Steps to reproduce: 1. Navigate to
https://new.express.adobe.com
and login or create a new account. 2. Create a new document (Flyer for example). Expected: - The new document with a canvas is displayed. Actual: - Crash in InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes Call stack: #0 0x00000001393edba4 in ::WTFCrash() at /Users/abucur/GitPublic/WebKit/Source/WTF/wtf/Assertions.cpp:327 #1 0x0000000282bb2afc in WTF::CrashOnOverflow::crash() at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/CheckedArithmetic.h:109 #2 0x0000000282bb2c74 in WTF::CrashOnOverflow::overflowed() at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/CheckedArithmetic.h:102 #3 0x000000028319abc0 in WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::at(unsigned long) const at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/Vector.h:784 #4 0x000000028460c61c in WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::operator[](unsigned long) const at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/Vector.h:789 #5 0x00000002845f55f8 in WebCore::Layout::InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes(WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::Layout::Line::Run, 10ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_12::operator()() const at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:902 #6 0x00000002845f34b8 in WebCore::Layout::InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes(WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::Layout::Line::Run, 10ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:911 #7 0x00000002845f50bc in WebCore::Layout::InlineDisplayContentBuilder::processBidiContent(WebCore::Layout::LineLayoutResult const&, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::InlineDisplay::Box, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&)::$_1::operator()() const at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:789 #8 0x00000002845f02b4 in WebCore::Layout::InlineDisplayContentBuilder::processBidiContent(WebCore::Layout::LineLayoutResult const&, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::InlineDisplay::Box, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:791 #9 0x00000002845f002c in WebCore::Layout::InlineDisplayContentBuilder::build(WebCore::Layout::LineLayoutResult const&, WebCore::Layout::LineBox const&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:102 #10 0x000000028458e1b8 in WebCore::Layout::InlineFormattingContext::createDisplayContentForLine(unsigned long, WebCore::Layout::LineLayoutResult const&, WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&, WebCore::InlineDisplay::Content&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:268 #11 0x000000028458d310 in WebCore::Layout::InlineFormattingContext::lineLayout(WebCore::Layout::AbstractLineBuilder&, WTF::Vector<WebCore::Layout::InlineItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Layout::InlineItemRange, std::__1::optional<WebCore::Layout::PreviousLine>, WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&, WebCore::Layout::InlineDamage const*) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:185 #12 0x000000028458c6ec in WebCore::Layout::InlineFormattingContext::layout(WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&, WebCore::Layout::InlineDamage const*) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:114 #13 0x000000028465ddf8 in WebCore::LayoutIntegration::LineLayout::layout() at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:590
Attachments
Add attachment
proposed patch, testcase, etc.
Andrei Bucur
Comment 1
2023-09-04 04:09:38 PDT
The crash is new and may be related to a very recent change
https://github.com/WebKit/WebKit/commit/86bdc446a589be89d1762044237b660ea79564fb#diff-8b557795cfc06ab1c276ece8f0fc44d66e5f7d8c14d0d941468ca0f07a997188R902
Radar WebKit Bug Importer
Comment 2
2023-09-04 07:18:21 PDT
<
rdar://problem/114935494
>
alan
Comment 3
2023-09-05 10:37:17 PDT
I can't reproduce this :(
Andrei Bucur
Comment 4
2023-09-05 12:13:31 PDT
I'm no longer able to reproduce this issue on main or nightly. Likely fixed by one of the patches in this area, as it's being developed.
alan
Comment 5
2023-09-05 12:17:10 PDT
Thank you for confirming it!
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug