[Webkit-unassigned] [Bug 218205] New: Assert in BoxTree::layoutBoxForRenderer() under RenderLayer::updateScrollCornerStyle()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 26 14:03:43 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=218205
Bug ID: 218205
Summary: Assert in BoxTree::layoutBoxForRenderer() under
RenderLayer::updateScrollCornerStyle()
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: simon.fraser at apple.com
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
fast/css-generated-content/text-before-table-col-crash.html can assert:
0 com.apple.JavaScriptCore 0x000000063e2de1ce WTFCrash + 14
1 com.apple.WebCore 0x0000000645a78eeb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2 com.apple.WebCore 0x00000006490662f9 WebCore::LayoutIntegration::BoxTree::layoutBoxForRenderer(WebCore::RenderObject const&) + 217
3 com.apple.WebCore 0x000000064906613d WebCore::LayoutIntegration::BoxTree::updateStyle(WebCore::RenderBoxModelObject const&) + 45
4 com.apple.WebCore 0x000000064906a166 WebCore::LayoutIntegration::LineLayout::updateStyle(WebCore::RenderBoxModelObject const&) + 38
5 com.apple.WebCore 0x0000000649ae77d5 WebCore::RenderBox::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 2661
6 com.apple.WebCore 0x0000000649ae6cae WebCore::RenderBlock::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 62
7 com.apple.WebCore 0x0000000649d0c73d WebCore::RenderScrollbarPart::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 45
8 com.apple.WebCore 0x0000000649b9bec1 WebCore::RenderElement::setStyle(WebCore::RenderStyle&&, WebCore::StyleDifference) + 609
9 com.apple.WebCore 0x0000000649c40517 WebCore::RenderLayer::updateScrollCornerStyle() + 487
10 com.apple.WebCore 0x0000000649c5356f WebCore::RenderLayer::styleChanged(WebCore::StyleDifference, WebCore::RenderStyle const*) + 1263
11 com.apple.WebCore 0x0000000649c82ca6 WebCore::RenderLayerModelObject::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 710
12 com.apple.WebCore 0x0000000649ae6db7 WebCore::RenderBox::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 71
13 com.apple.WebCore 0x0000000649ae6cae WebCore::RenderBlock::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 62
14 com.apple.WebCore 0x0000000649b11103 WebCore::RenderBlockFlow::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 51
15 com.apple.WebCore 0x0000000649b9bec1 WebCore::RenderElement::setStyle(WebCore::RenderStyle&&, WebCore::StyleDifference) + 609
16 com.apple.WebCore 0x0000000649f22953 WebCore::RenderTreeUpdater::updateRendererStyle(WebCore::RenderElement&, WebCore::RenderStyle&&, WebCore::StyleDifference) + 99
17 com.apple.WebCore 0x0000000649f21f76 WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate const&) + 998
18 com.apple.WebCore 0x0000000649f2141f WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) + 1087
19 com.apple.WebCore 0x0000000649f20cb3 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) + 483
20 com.apple.WebCore 0x000000064857a8ad WebCore::Document::updateRenderTree(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) + 253
21 com.apple.WebCore 0x000000064857ae1d WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 1213
22 com.apple.WebCore 0x000000064857b7bd WebCore::Document::updateStyleIfNeeded() + 509
23 com.apple.WebCore 0x000000064933e387 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 183
24 com.apple.WebCore 0x00000006493b6e6e WebCore::Page::layoutIfNeeded() + 62
25 com.apple.WebCore 0x00000006493b75ac WebCore::Page::updateRendering() + 412
26 com.apple.WebKit 0x0000000629b43fa6 WebKit::WebPage::updateRendering() + 38
27 com.apple.WebKit 0x00000006286b86fb WebKit::RemoteLayerTreeDrawingArea::updateRendering() + 171
28 com.apple.WebKit 0x00000006286c24e7 decltype(*(std::__1::forward<WebKit::RemoteLayerTreeDrawingArea*&>(fp0)).*fp()) std::__1::__invoke<void (WebKit::RemoteLayerTreeDrawingArea::*&)(), WebKit::RemoteLayerTreeDrawingArea*&, void>(void (WebKit::RemoteLayerTreeDrawingArea::*&)(), WebKit::RemoteLayerTreeDrawingArea*&) + 119
29 com.apple.WebKit 0x00000006286c2460 std::__1::__bind_return<void (WebKit::RemoteLayerTreeDrawingArea::*)(), std::__1::tuple<WebKit::RemoteLayerTreeDrawingArea*>, std::__1::tuple<>, __is_valid_bind_return<void (WebKit::RemoteLayerTreeDrawingArea::*)(), std::__1::tuple<WebKit::RemoteLayerTreeDrawingArea*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebKit::RemoteLayerTreeDrawingArea::*)(), std::__1::tuple<WebKit::RemoteLayerTreeDrawingArea*>, 0ul, std::__1::tuple<> >(void (WebKit::RemoteLayerTreeDrawingArea::*&)(), std::__1::tuple<WebKit::RemoteLayerTreeDrawingArea*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64
30 com.apple.WebKit 0x00000006286c2419 std::__1::__bind_return<void (WebKit::RemoteLayerTreeDrawingArea::*)(), std::__1::tuple<WebKit::RemoteLayerTreeDrawingArea*>, std::__1::tuple<>, __is_valid_bind_return<void (WebKit::RemoteLayerTreeDrawingArea::*)(), std::__1::tuple<WebKit::RemoteLayerTreeDrawingArea*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebKit::RemoteLayerTreeDrawingArea::*&)(), WebKit::RemoteLayerTreeDrawingArea*>::operator()<>() + 41
31 com.apple.WebKit 0x00000006286c23be WTF::Detail::CallableWrapper<std::__1::__bind<void (WebKit::RemoteLayerTreeDrawingArea::*&)(), WebKit::RemoteLayerTreeDrawingArea*>, void>::call() + 30
32 com.apple.WebKit 0x00000006280ca5e2 WTF::Function<void ()>::operator()() const + 130
33 com.apple.WebKit 0x00000006286bdb0e WebCore::Timer::fired() + 30
34 com.apple.WebCore 0x0000000649599644 WebCore::ThreadTimers::sharedTimerFiredInternal() + 644
35 com.apple.WebCore 0x00000006495a0b31 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33
36 com.apple.WebCore 0x00000006495a0ade WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 30
37 com.apple.WebCore 0x0000000645a8ed42 WTF::Function<void ()>::operator()() const + 130
38 com.apple.WebCore 0x0000000649558c4b WebCore::MainThreadSharedTimer::fired() + 139
39 com.apple.WebCore 0x00000006495fe886 WebCore::timerFired(__CFRunLoopTimer*, void*) + 38
40 com.apple.CoreFoundation 0x00000006353be112 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
41 com.apple.CoreFoundation 0x00000006353bdbe5 __CFRunLoopDoTimer + 926
42 com.apple.CoreFoundation 0x00000006353bd198 __CFRunLoopDoTimers + 265
43 com.apple.CoreFoundation 0x00000006353b7826 __CFRunLoopRun + 1949
44 com.apple.CoreFoundation 0x00000006353b6b9e CFRunLoopRunSpecific + 567
45 com.apple.Foundation 0x000000010eb80e61 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 209
46 com.apple.Foundation 0x000000010eb81075 -[NSRunLoop(NSRunLoop) run] + 76
47 libxpc.dylib 0x0000000636cdf506 _xpc_objc_main + 591
48 libxpc.dylib 0x0000000636ce14aa xpc_main + 143
49 com.apple.WebKit 0x0000000628b19175 WebKit::XPCServiceMain(int, char const**) + 1077
50 com.apple.WebKit 0x0000000629f115cb WKXPCServiceMain + 27
51 com.apple.WebKit.WebContent 0x000000010ea62d42 main + 34
52 libdyld.dylib 0x0000000636977415 start + 1
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201026/cba400e2/attachment-0001.htm>
More information about the webkit-unassigned
mailing list