[Webkit-unassigned] [Bug 219702] New: REGRESSION (r270544): [iOS] Crash in WebCore::LayoutIntegration::LineLayout::collectOverflow

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 9 12:00:36 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=219702

            Bug ID: 219702
           Summary: REGRESSION (r270544): [iOS] Crash in
                    WebCore::LayoutIntegration::LineLayout::collectOverflo
                    w
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ryanhaddad at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

editing/deleting/delete-start-block.html and editing/execCommand/infinite-recursion-computeRectForRepaint.html are consistently crashing on iOS bots with the following backtrace

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x0000000771530c98 WebCore::LayoutIntegration::LineLayout::collectOverflow() + 24 (LayoutIntegrationLineLayout.cpp:297)
1   com.apple.WebCore                   0x00000007719865c1 WebCore::RenderBlock::addOverflowFromChildren() + 129 (RenderBlock.cpp:660)
2   com.apple.WebCore                   0x000000077198667b WebCore::RenderBlock::computeOverflow(WebCore::LayoutUnit, bool) + 107 (RenderBlock.cpp:673)
3   com.apple.WebCore                   0x00000007719a7dd7 WebCore::RenderBlockFlow::computeOverflow(WebCore::LayoutUnit, bool) + 23 (RenderBlockFlow.cpp:2201)
4   com.apple.WebCore                   0x000000077199eaf9 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 2521 (RenderBlockFlow.cpp:561)
5   com.apple.WebCore                   0x000000077198635a WebCore::RenderBlock::layout() + 42 (RenderBlock.cpp:602)
6   com.apple.WebCore                   0x00000007719a0f63 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1139
7   com.apple.WebCore                   0x000000077199f5b5 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 517 (RenderBlockFlow.cpp:661)
8   com.apple.WebCore                   0x000000077199e558 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1080
9   com.apple.WebCore                   0x000000077198635a WebCore::RenderBlock::layout() + 42 (RenderBlock.cpp:602)
10  com.apple.WebCore                   0x00000007719a0f63 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1139
11  com.apple.WebCore                   0x000000077199f5b5 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 517 (RenderBlockFlow.cpp:661)
12  com.apple.WebCore                   0x000000077199e558 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1080
13  com.apple.WebCore                   0x000000077198635a WebCore::RenderBlock::layout() + 42 (RenderBlock.cpp:602)
14  com.apple.WebCore                   0x00000007719a0f63 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1139
15  com.apple.WebCore                   0x000000077199f5b5 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 517 (RenderBlockFlow.cpp:661)
16  com.apple.WebCore                   0x000000077199e558 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1080
17  com.apple.WebCore                   0x000000077198635a WebCore::RenderBlock::layout() + 42 (RenderBlock.cpp:602)
18  com.apple.WebCore                   0x0000000771af0632 WebCore::RenderView::layout() + 594 (RenderView.cpp:191)
19  com.apple.WebCore                   0x0000000771669241 WebCore::FrameViewLayoutContext::layout() + 1185 (FrameViewLayoutContext.cpp:234)
20  com.apple.WebCore                   0x0000000771044675 WebCore::Document::updateLayout() + 325
21  com.apple.WebCore                   0x0000000771045931 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 129 (Document.cpp:2169)
22  com.apple.WebCore                   0x0000000771153959 WebCore::DeleteSelectionCommand::fixupWhitespace() + 25 (DeleteSelectionCommand.cpp:663)
23  com.apple.WebCore                   0x00000007711564a3 WebCore::DeleteSelectionCommand::doApply() + 1331 (DeleteSelectionCommand.cpp:943)
24  com.apple.WebCore                   0x000000077114380b WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand> >&&) + 43 (CompositeEditCommand.cpp:467)
25  com.apple.WebCore                   0x0000000771141583 WebCore::CompositeEditCommand::deleteSelection(bool, bool, bool, bool, bool) + 147 (CompositeEditCommand.cpp:832)
26  com.apple.WebCore                   0x000000077119909e WebCore::InsertParagraphSeparatorCommand::doApply() + 254 (InsertParagraphSeparatorCommand.cpp:160)
27  com.apple.WebCore                   0x000000077114380b WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand> >&&) + 43 (CompositeEditCommand.cpp:467)
28  com.apple.WebCore                   0x00000007711cdf51 WebCore::TypingCommand::insertParagraphSeparator() + 209 (TypingCommand.cpp:572)
29  com.apple.WebCore                   0x00000007711cc960 WebCore::TypingCommand::insertParagraphSeparatorAndNotifyAccessibility() + 48 (TypingCommand.cpp:580)
30  com.apple.WebCore                   0x00000007711326c7 WebCore::CompositeEditCommand::apply() + 327 (CompositeEditCommand.cpp:376)
31  com.apple.WebCore                   0x00000007711cc891 WebCore::TypingCommand::insertParagraphSeparator(WebCore::Document&, unsigned int) + 161 (TypingCommand.cpp:297)
32  com.apple.WebCore                   0x000000077118fc62 WebCore::executeInsertParagraph(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 18 (EditorCommand.cpp:514)
33  com.apple.WebCore                   0x00000007710588cc WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 76 (Document.cpp:5623)
34  com.apple.WebCore                   0x000000077044d185 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 469 (JSDocument.cpp:5852)
35  ???                                 0x00003cca3e201178 0 + 66839323349368
36  com.apple.JavaScriptCore            0x000000010f67d699 llint_entry + 108286
37  com.apple.JavaScriptCore            0x000000010f67d699 llint_entry + 108286
38  com.apple.JavaScriptCore            0x000000010f662da6 vmEntryToJavaScript + 216

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201209/5bfe6176/attachment.htm>

More information about the webkit-unassigned mailing list