[Webkit-unassigned] [Bug 202848] REGRESSION (Safari 13): Reproducible crash in RenderFlexibleBox::layoutFlexItems

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 11 09:58:57 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=202848

Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |InRadar
                 CC|                            |webkit-bug-importer at group.a
                   |                            |pple.com
            Version|Safari 12                   |WebKit Local Build
            Summary|Safari 13 crashes with the  |REGRESSION (Safari 13):
                   |follow set of html and css  |Reproducible crash in
                   |styles (no javascript)      |RenderFlexibleBox::layoutFl
                   |                            |exItems

--- Comment #2 from Alexey Proskuryakov <ap at webkit.org> ---
Thank you for the report! I can reproduce.

rdar://problem/55871633

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x00007fff40a71ac7 WebCore::RenderFlexibleBox::layoutFlexItems(bool) + 25271
1   com.apple.WebCore                   0x00007fff3f14c760 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) + 2336
2   com.apple.WebCore                   0x00007fff3f0339da WebCore::RenderBlock::layout() + 42
3   com.apple.WebCore                   0x00007fff40a0db5d WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 4029
4   com.apple.WebCore                   0x00007fff40a0bb97 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 2167
5   com.apple.WebCore                   0x00007fff3f0339da WebCore::RenderBlock::layout() + 42
6   com.apple.WebCore                   0x00007fff40a0db5d WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 4029
7   com.apple.WebCore                   0x00007fff40a0bb97 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 2167
8   com.apple.WebCore                   0x00007fff3f0339da WebCore::RenderBlock::layout() + 42
9   com.apple.WebCore                   0x00007fff40a0db5d WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 4029
10  com.apple.WebCore                   0x00007fff40a0bb97 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 2167
11  com.apple.WebCore                   0x00007fff3f0339da WebCore::RenderBlock::layout() + 42
12  com.apple.WebCore                   0x00007fff3f033730 WebCore::RenderView::layout() + 1120
13  com.apple.WebCore                   0x00007fff4077cebc WebCore::FrameViewLayoutContext::layout() + 1532
14  com.apple.WebCore                   0x00007fff3f0ad4e7 WebCore::Document::updateLayout() + 279
15  com.apple.WebCore                   0x00007fff3f0f46fd WebCore::Element::getBoundingClientRect() + 109
16  com.apple.WebCore                   0x00007fff3f0f4580 WebCore::jsElementPrototypeFunctionGetBoundingClientRect(JSC::ExecState*) + 160

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191011/8e0f14ea/attachment.html>

More information about the webkit-unassigned mailing list