[Webkit-unassigned] [Bug 205474] New: ASSERTION FAILED: hasLayer() in RenderLayer::enclosingOverflowClipLayer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 19 14:34:42 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=205474

            Bug ID: 205474
           Summary: ASSERTION FAILED: hasLayer() in
                    RenderLayer::enclosingOverflowClipLayer
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: shihchieh_lee at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 386142

  --> https://bugs.webkit.org/attachment.cgi?id=386142&action=review

Test html

<rdar://57177521>

ASSERTION FAILED: hasLayer()
./rendering/RenderBoxModelObject.cpp(563) : WebCore::LayoutSize WebCore::RenderBoxModelObject::stickyPositionOffset() const
1   0x11a2f0499 WTFCrash
2   0x1358fe240 PAL::AVAssetCacheFunction()
3   0x13ef76075 WebCore::RenderBoxModelObject::stickyPositionOffset() const
4   0x13ee56011 WebCore::RenderBoxModelObject::offsetForInFlowPosition() const
5   0x13ef391ed WebCore::RenderBox::offsetFromContainer(WebCore::RenderElement&, WebCore::LayoutPoint const&, bool*) const
6   0x13ef36686 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
7   0x13f4535fd WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const&, unsigned int, bool*) const
8   0x13f06f791 WebCore::RenderElement::getLeadingCorner(WebCore::FloatPoint&, bool&) const
9   0x13f071fe3 WebCore::RenderElement::absoluteAnchorRect(bool*) const
10  0x13bf518fb WebCore::Element::scrollIntoViewIfNeeded(bool)
11  0x1370b9de7 WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeededBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*, JSC::ThrowScope&)
12  0x136f46218 long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeededBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
13  0x136f45d74 WebCore::jsElementPrototypeFunctionScrollIntoViewIfNeeded(JSC::JSGlobalObject*, JSC::CallFrame*)
14  0x51f27ba0116b
15  0x11b3047c9 llint_entry
16  0x11b3047c9 llint_entry
17  0x11b2e7952 vmEntryToJavaScript
18  0x11d8801e7 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
19  0x11d881261 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
20  0x11e0cbd45 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
21  0x11e0cc2c2 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
22  0x11e0cd04e JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
23  0x13b1475b2 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
24  0x13b195708 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
25  0x13c01aab4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase)
26  0x13c011896 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
27  0x13d9f464d WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*)
28  0x13da103b0 WebCore::DOMWindow::dispatchLoadEvent()
29  0x13bdb9bed WebCore::Document::dispatchWindowLoadEvent()
30  0x13bdb9279 WebCore::Document::implicitClose()
31  0x13d6b657f WebCore::FrameLoader::checkCallImplicitClose()
#CRASHED

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191219/1b6953c2/attachment.htm>

More information about the webkit-unassigned mailing list