262250 – ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363)

NEW262250

ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363)

https://bugs.webkit.org/show_bug.cgi?id=262250

Summary ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObject...

djinn

Reported 2023-09-27 21:18:04 PDT

Created attachment 467926 [details] testcase to trigger the crash ASSERTION FAILED: removed /app/webkit/Source/WebCore/rendering/FloatingObjects.cpp(363) : void WebCore::FloatingObjects::removePlacedObject(WebCore::FloatingObject*) 1 0x7f2fcf2053f3 WTFCrash 2 0x7f2fd92c7da9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x8d5eda9) [0x7f2fd92c7da9] 3 0x7f2fdf4e5a34 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xef7ca34) [0x7f2fdf4e5a34] 4 0x7f2fdf4e5c96 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xef7cc96) [0x7f2fdf4e5c96] 5 0x7f2fdf5d3358 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf06a358) [0x7f2fdf5d3358] 6 0x7f2fdf5d6123 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf06d123) [0x7f2fdf5d6123] 7 0x7f2fdf5dfb18 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf076b18) [0x7f2fdf5dfb18] 8 0x7f2fdf5dfbbe /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf076bbe) [0x7f2fdf5dfbbe] 9 0x7f2fdfa120b1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4a90b1) [0x7f2fdfa120b1] 10 0x7f2fdfa1224e /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4a924e) [0x7f2fdfa1224e] 11 0x7f2fdfa30fa2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c7fa2) [0x7f2fdfa30fa2] 12 0x7f2fdfa3111f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c811f) [0x7f2fdfa3111f] 13 0x7f2fdfa2f8cb /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c68cb) [0x7f2fdfa2f8cb] 14 0x7f2fdfa2edbd /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c5dbd) [0x7f2fdfa2edbd] 15 0x7f2fdfa2e66f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xf4c566f) [0x7f2fdfa2e66f] 16 0x7f2fddc040f1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd69b0f1) [0x7f2fddc040f1] 17 0x7f2fddc048d6 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 18 0x7f2fddc04f69 WebCore::Document::updateStyleIfNeeded() 19 0x7f2fddbfb221 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd692221) [0x7f2fddbfb221] 20 0x7f2fddc3f770 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xd6d6770) [0x7f2fddc3f770] 21 0x7f2fd9ba1f47 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x9638f47) [0x7f2fd9ba1f47] 22 0x7f2fd9cad1ae /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x97441ae) [0x7f2fd9cad1ae] 23 0x7f2fdee304c4 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8c74c4) [0x7f2fdee304c4] 24 0x7f2fdee2fdb5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8c6db5) [0x7f2fdee2fdb5] 25 0x7f2fdee3327a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8ca27a) [0x7f2fdee3327a] 26 0x7f2fd9ba1f47 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x9638f47) [0x7f2fd9ba1f47] 27 0x7f2fdedd8640 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe86f640) [0x7f2fdedd8640] 28 0x7f2fdeddea28 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe875a28) [0x7f2fdeddea28] 29 0x7f2fdedde9a1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8759a1) [0x7f2fdedde9a1] 30 0x7f2fdedde917 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe875917) [0x7f2fdedde917] 31 0x7f2fdedde8a9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe8758a9) [0x7f2fdedde8a9] ** (MiniBrowser:17): WARNING **: 13:58:57.273: WebProcess CRASHED

Attachments
testcase to trigger the crash (209.85 KB, text/html) 2023-09-27 21:18 PDT, djinn	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-10-04 21:19:13 PDT

<rdar://problem/116502345>

djinn

Comment 2 2023-11-03 23:00:59 PDT

Hello, I would like to ask if a previously submitted bug is still not processed or unconfirmed, was it submitted in the wrong way? Or is it something else? What should I do?

Ahmad Saleem

Comment 3 2024-02-04 16:01:43 PST

Something with similar was fixed in Blink here: https://chromium.googlesource.com/chromium/src.git/+/d97346ebbaff708023638756cb95373eb8f63b22 But it was in LayoutNG so don't know.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware PC

OS Linux

Product WebKit

Component Layout and Rendering

Assignee

Nobody

Reported

2023-09-27 21:18 PDT

Modified

2024-02-04 16:01 PST History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks