Created attachment 467939 [details] testcase to trigger the crash ASSERTION FAILED: foundAncestor /app/webkit/Source/WebCore/rendering/RenderLayer.cpp(2440) : const WebCore::RenderLayer* WebCore::accumulateOffsetTowardsAncestor(const RenderLayer*, const RenderLayer*, LayoutPoint&, RenderLayer::ColumnOffsetAdjustment) The minimized testcase will be upload as soon as possible.
Fixed similar assertion in Blink here: https://src.chromium.org/viewvc/blink?view=revision&revision=199725
Ahmad, And the companion test seems to be there, but it is passing on all browsers (once normalized for property names.) https://searchfox.org/wubkat/search?q=transform-with-fixedpos&path=&case=false®exp=false So Maybe there's more to it.
<rdar://problem/116503953>
Hello, I would like to ask if a previously submitted bug is still not processed or unconfirmed, was it submitted in the wrong way? Or is it something else? Should I offer more info?
djinn, I haven't reproduced the crash with the attached test case on Safari Release 181 (Safari 17.4, WebKit 19618.1.3.1) The testcase seems to be just the webpage of Outlook. Often it's easier to get a reduced test case which exactly triggers the issue. Some of the past commits on chromium https://github.com/search?q=repo%3Achromium%2Fchromium+accumulateOffsetTowardsAncestor&type=commits The current code on WebKit https://searchfox.org/wubkat/rev/023c54054092dc68c5df3b230ed3137cbd753b16/Source/WebCore/rendering/RenderLayer.cpp#2435
SVN mirror is gone, so putting chromium git link - https://chromium.googlesource.com/chromium/blink/+/973d374bd2935f90e9513377bc6e3c85045207df