[Webkit-unassigned] [Bug 186752] New: [WPE] Three CSS Grid Layout tests crash due to valueless std::optional access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jun 17 22:56:34 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=186752
Bug ID: 186752
Summary: [WPE] Three CSS Grid Layout tests crash due to
valueless std::optional access
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: LayoutTestFailure
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: zan at falconsigh.net
Following three CSS Grid Layout tests crash due to valueless std::optional<> access:
fast/css-grid-layout/flex-sizing-rows-min-max-height.html [ Crash ]
fast/css-grid-layout/grid-indefinite-size-auto-repeat-crash.html [ Crash ]
fast/css-grid-layout/maximize-tracks-definite-indefinite-height.html [ Crash ]
Backtrace:
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007f68835f4231 in __GI_abort () at abort.c:79
#2 0x00007f688f060854 in WebCore::IndefiniteSizeStrategy::freeSpaceForStretchAutoTracksStep() const () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#3 0x00007f688f06270e in WebCore::GridTrackSizingAlgorithm::stretchAutoTracks() () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#4 0x00007f688f06b25e in WebCore::GridTrackSizingAlgorithm::run() () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#5 0x00007f688f13986e in WebCore::RenderGrid::computeTrackSizesForIndefiniteSize(WebCore::GridTrackSizingAlgorithm&, WebCore::GridTrackSizingDirection, WebCore::Grid&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#6 0x00007f688f13ffae in WebCore::RenderGrid::layoutBlock(bool, WebCore::LayoutUnit) () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#7 0x00007f688f09197c in WebCore::RenderBlock::layout() () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#8 0x00007f688f09df58 in WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#9 0x00007f688f24b25f in WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#10 0x00007f688f24c0f9 in WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
#11 0x00007f688f0ed6b3 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) () from /home/zan/Work/webkit/git/WebKitBuild/Release/lib/libWPEWebKit-0.1.so.2
(More stack frames follow...)
IndefiniteSizeStrategy::freeSpaceForStretchAutoTracksStep() doesn't properly handle potentially-valueless std::optional<> returned from RenderBox::computeLogicalHeightUsing().
CC-ing Rego since git blame marks him as the last one changing IndefiniteSizeStrategy method.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180618/dc4f39dd/attachment-0001.html>
More information about the webkit-unassigned
mailing list