[Webkit-unassigned] [Bug 191824] New: Should never be reached failure in WebCore::RenderElement::visibleInViewportStateChanged

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Nov 18 01:17:52 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=191824

            Bug ID: 191824
           Summary: Should never be reached failure in
                    WebCore::RenderElement::visibleInViewportStateChanged
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: hodovan at inf.u-szeged.hu
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 355234

  --> https://bugs.webkit.org/attachment.cgi?id=355234&action=review

Test

Load the attached test with debug WebKitTestRunner / MiniBrowser:

<audio controls style="padding: 119vh 71vh 33vh">

The failure can be triggered both with Mac and GTK builds.

Checked revision: bd74428d9fb

Backtrace:

SHOULD NEVER BE REACHED
./rendering/RenderElement.cpp(1267) : virtual void WebCore::RenderElement::visibleInViewportStateChanged()
1   0x1388e0d39 WTFCrash
2   0x117ac00b0 WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul>::Vector()
3   0x1200b3cc4 WebCore::RenderElement::visibleInViewportStateChanged()
4   0x1200b3c5b WebCore::RenderElement::setVisibleInViewportState(WebCore::VisibleInViewportState)
5   0x12070df94 WebCore::RenderView::updateVisibleViewportRect(WebCore::IntRect const&)
6   0x11ec13c4b WebCore::FrameView::viewportContentsChanged()::$_2::operator()(WebCore::FrameView&, WebCore::IntRect const&) const
7   0x11ec13b54 WTF::Function<void (WebCore::FrameView&, WebCore::IntRect const&)>::CallableWrapper<WebCore::FrameView::viewportContentsChanged()::$_2>::call(WebCore::FrameView&, WebCore::IntRect const&)
8   0x11eb93efc WTF::Function<void (WebCore::FrameView&, WebCore::IntRect const&)>::operator()(WebCore::FrameView&, WebCore::IntRect const&) const
9   0x11eb8ae8a WebCore::FrameView::applyRecursivelyWithVisibleRect(WTF::Function<void (WebCore::FrameView&, WebCore::IntRect const&)> const&)
10  0x11eb670d4 WebCore::FrameView::viewportContentsChanged()
11  0x11eb9a465 WebCore::FrameView::performPostLayoutTasks()
12  0x11ebc1cbb WebCore::FrameViewLayoutContext::runAsynchronousTasks()
13  0x11ebc2ce2 WebCore::FrameViewLayoutContext::runOrScheduleAsynchronousTasks()
14  0x11eb57a2c WebCore::FrameViewLayoutContext::layout()
15  0x11eb95e8d WebCore::FrameView::updateContentsSize()
16  0x11f078c23 WebCore::ScrollView::updateScrollbars(WebCore::IntPoint const&)
17  0x11f07f74c WebCore::ScrollView::setContentsSize(WebCore::IntSize const&)
18  0x11eb64d6e WebCore::FrameView::setContentsSize(WebCore::IntSize const&)
19  0x11eb50822 WebCore::FrameView::adjustViewSize()
20  0x11eb577ab WebCore::FrameViewLayoutContext::layout()
21  0x11d163663 WebCore::Document::updateLayout()
22  0x11d166fda WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
23  0x11ca39c0f WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout)
24  0x11ca3957e WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const
25  0x11ca77c7a WebCore::CSSComputedStyleDeclaration::getPropertyCSSValueInternal(WebCore::CSSPropertyID)
26  0x11cc3f6b5 WebCore::CSSStyleDeclaration::namedItem(WTF::AtomicString const&)
27  0x1186e628d std::optional<WTF::Variant<WTF::String, double> > WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0::operator()<WebCore::JSCSSStyleDeclaration, JSC::PropertyName>(WebCore::JSCSSStyleDeclaration&, JSC::PropertyName) const
28  0x1186b7ed9 decltype(fp2(fp0, fp1)) WebCore::accessVisibleNamedProperty<(WebCore::OverrideBuiltins)0, WebCore::JSCSSStyleDeclaration, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&>(JSC::ExecState&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName, WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)::$_0&&&)
29  0x1186b4e88 WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
30  0x1398fde3c JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
31  0x1398fb93f bool JSC::JSObject::getPropertySlot<false>(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181118/fd441b07/attachment.html>

More information about the webkit-unassigned mailing list