[Webkit-unassigned] [Bug 161318] Wrong containingBlock() calculation for a multicolumn element inside an SVG which is inside another multicolumn element

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 29 13:43:25 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=161318

--- Comment #2 from Said Abou-Hallawa <sabouhallawa at apple.com> ---
Here is the problematic call stack:

RenderObject::insertedIntoTree() is called for the innermost "<div style="position:absolute;"></div>" in the test case above to insert its renderer in the render tree. The following statement in RenderObject::insertedIntoTree() is the actual problem

    if (RenderFlowThread* flowThread = flowThreadContainingBlock())
        flowThread->flowThreadDescendantInserted(this);


It returns a pointer to the outermost RenderMultiColumnFlowThread which is created for the outermost "<div style="-webkit-columns:2;">". The then-statement "flowThread->flowThreadDescendantInserted(this);" causes RenderFlowThread::invalidateRegions() to be called at the end.

#0    0x0000000108b61520 in WebCore::RenderObject::insertedIntoTree() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderObject.cpp:1495
#1    0x0000000108a0b2b7 in WebCore::RenderElement::insertedIntoTree() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderElement.cpp:1033
#2    0x0000000108963d5f in WebCore::RenderBlockFlow::insertedIntoTree() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:142
#3    0x0000000108a08ee5 in WebCore::RenderElement::insertChildInternal(WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderElement::NotifyChildrenType) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderElement.cpp:569
#4    0x0000000108a08ad3 in WebCore::RenderElement::addChild(WebCore::RenderObject*, WebCore::RenderObject*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderElement.cpp:493
#5    0x000000010892c8b0 in WebCore::RenderBlock::addChildIgnoringContinuation(WebCore::RenderObject*, WebCore::RenderObject*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:636
#6    0x000000010892c386 in WebCore::RenderBlock::addChild(WebCore::RenderObject*, WebCore::RenderObject*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:551
#7    0x00000001089821a6 in WebCore::RenderBlockFlow::addChild(WebCore::RenderObject*, WebCore::RenderObject*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:3869
#8    0x00000001089e7f41 in WebCore::RenderBoxModelObject::moveChildTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBoxModelObject.cpp:2508
#9    0x00000001089e817d in WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBoxModelObject.cpp:2547
#10    0x000000010892cd91 in WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBoxModelObject.h:292
#11    0x0000000108b36782 in WebCore::RenderMultiColumnFlowThread::populate() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:153
#12    0x0000000108963c59 in WebCore::RenderBlockFlow::createMultiColumnFlowThread() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:130
#13    0x00000001089697e7 in WebCore::RenderBlockFlow::setComputedColumnCountAndWidth(int, WebCore::LayoutUnit) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:3932
#14    0x0000000108969719 in WebCore::RenderBlockFlow::computeColumnCountAndWidth() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:428
#15    0x0000000108968ead in WebCore::RenderBlockFlow::recomputeLogicalWidthAndColumnWidth() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:388
#16    0x000000010896999e in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:440
#17    0x000000010892ef79 in WebCore::RenderBlock::layout() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:1075
#18    0x000000010896db66 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:709
#19    0x000000010896b003 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:632
#20    0x0000000108969d0a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:487
#21    0x000000010892ef79 in WebCore::RenderBlock::layout() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:1075
#22    0x0000000108ba99c1 in WebCore::RenderSVGForeignObject::layout() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/svg/RenderSVGForeignObject.cpp:166
#23    0x0000000108ba5761 in WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement&, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:291
#24    0x0000000108bc519d in WebCore::RenderSVGRoot::layout() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/svg/RenderSVGRoot.cpp:179
#25    0x0000000107782f4c in WebCore::RenderElement::layoutIfNeeded() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderElement.h:131
#26    0x0000000108931cd1 in WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:1483
#27    0x00000001089315b6 in WebCore::RenderBlock::layoutPositionedObjects(bool, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:1506
#28    0x000000010896a196 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlockFlow.cpp:526
#29    0x000000010892ef79 in WebCore::RenderBlock::layout() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderBlock.cpp:1075
#30    0x0000000108ca0691 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderView.cpp:244
#31    0x0000000108ca1702 in WebCore::RenderView::layout() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/rendering/RenderView.cpp:370
#32    0x00000001078de9b3 in WebCore::FrameView::layout(bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/page/FrameView.cpp:1438

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160829/34732967/attachment-0001.html>

More information about the webkit-unassigned mailing list