262250 – ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363)

Bug 262250 - ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363)

Summary: ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObject...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-09-27 21:18 PDT by djinn
Modified:	2024-02-04 16:01 PST (History)
CC List:	5 users (show)

See Also:

Attachments
testcase to trigger the crash (209.85 KB, text/html) 2023-09-27 21:18 PDT, djinn	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description djinn 2023-09-27 21:18:04 PDT

Created attachment 467926 [details]
testcase to trigger the crash

ASSERTION FAILED: removed
/app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363) : void WebCore::FloatingObjects::removePlacedObject(WebCore::FloatingObject*)
1   0x7f2fcf2053f3 WTFCrash
2   0x7f2fd92c7da9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x8d5eda9) [0x7f2fd92c7da9]
3   0x7f2fdf4e5a34 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xef7ca34) [0x7f2fdf4e5a34]
4   0x7f2fdf4e5c96 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xef7cc96) [0x7f2fdf4e5c96]
5   0x7f2fdf5d3358 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf06a358) [0x7f2fdf5d3358]
6   0x7f2fdf5d6123 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf06d123) [0x7f2fdf5d6123]
7   0x7f2fdf5dfb18 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf076b18) [0x7f2fdf5dfb18]
8   0x7f2fdf5dfbbe /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf076bbe) [0x7f2fdf5dfbbe]
9   0x7f2fdfa120b1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4a90b1) [0x7f2fdfa120b1]
10  0x7f2fdfa1224e /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4a924e) [0x7f2fdfa1224e]
11  0x7f2fdfa30fa2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c7fa2) [0x7f2fdfa30fa2]
12  0x7f2fdfa3111f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c811f) [0x7f2fdfa3111f]
13  0x7f2fdfa2f8cb /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c68cb) [0x7f2fdfa2f8cb]
14  0x7f2fdfa2edbd /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c5dbd) [0x7f2fdfa2edbd]
15  0x7f2fdfa2e66f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c566f) [0x7f2fdfa2e66f]
16  0x7f2fddc040f1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd69b0f1) [0x7f2fddc040f1]
17  0x7f2fddc048d6 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
18  0x7f2fddc04f69 WebCore::Document::updateStyleIfNeeded()
19  0x7f2fddbfb221 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd692221) [0x7f2fddbfb221]
20  0x7f2fddc3f770 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd6d6770) [0x7f2fddc3f770]
21  0x7f2fd9ba1f47 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x9638f47) [0x7f2fd9ba1f47]
22  0x7f2fd9cad1ae /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x97441ae) [0x7f2fd9cad1ae]
23  0x7f2fdee304c4 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8c74c4) [0x7f2fdee304c4]
24  0x7f2fdee2fdb5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8c6db5) [0x7f2fdee2fdb5]
25  0x7f2fdee3327a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8ca27a) [0x7f2fdee3327a]
26  0x7f2fd9ba1f47 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x9638f47) [0x7f2fd9ba1f47]
27  0x7f2fdedd8640 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe86f640) [0x7f2fdedd8640]
28  0x7f2fdeddea28 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe875a28) [0x7f2fdeddea28]
29  0x7f2fdedde9a1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8759a1) [0x7f2fdedde9a1]
30  0x7f2fdedde917 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe875917) [0x7f2fdedde917]
31  0x7f2fdedde8a9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8758a9) [0x7f2fdedde8a9]

** (MiniBrowser:17): WARNING **: 13:58:57.273: WebProcess CRASHED

Comment 1 Radar WebKit Bug Importer 2023-10-04 21:19:13 PDT

<rdar://problem/116502345>

Comment 2 djinn 2023-11-03 23:00:59 PDT

Hello, I would like to ask if a previously submitted bug is still not processed or unconfirmed, was it submitted in the wrong way? Or is it something else? What should I do?

Comment 3 Ahmad Saleem 2024-02-04 16:01:43 PST

Something with similar was fixed in Blink here: https://chromium.googlesource.com/chromium/src.git/+/d97346ebbaff708023638756cb95373eb8f63b22

But it was in LayoutNG so don't know.