[Webkit-unassigned] [Bug 235194] New: <dialog> with transformed ancestor asserts under RenderGeometryMap

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 13 11:31:39 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=235194

            Bug ID: 235194
           Summary: <dialog> with transformed ancestor asserts under
                    RenderGeometryMap
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com

imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/top-layer-parent-transform.html triggers an assertion:

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                             0x7bf6ddf9e WTFCrash + 14
1   WebCore                                    0x7d2e0f49b WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   WebCore                                    0x7d77b6ca6 WebCore::RenderObject::offsetFromAncestorContainer(WebCore::RenderElement&) const + 262
3   WebCore                                    0x7d7628382 WebCore::RenderBox::pushMappingToContainer(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap&) const + 226 (RenderBox.cpp:2361)
4   WebCore                                    0x7d76daa8f WebCore::RenderGeometryMap::pushMappingsToAncestor(WebCore::RenderObject const*, WebCore::RenderLayerModelObject const*) + 79 (RenderGeometryMap.cpp:140)
5   WebCore                                    0x7d76dae5d WebCore::RenderGeometryMap::pushMappingsToAncestor(WebCore::RenderLayer const*, WebCore::RenderLayer const*, bool) + 557 (RenderGeometryMap.cpp:197)
6   WebCore                                    0x7d7702142 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 162 (RenderLayer.cpp:962)
7   WebCore                                    0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053)
8   WebCore                                    0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053)
9   WebCore                                    0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053)
10  WebCore                                    0x7d7702bda WebCore::RenderLayer::updateLayerPositionsAfterLayout(bool, bool) + 218 (RenderLayer.cpp:952)
11  WebCore                                    0x7d6ca51e1 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::EmptyCounter>) + 129 (FrameView.cpp:1319)
12  WebCore                                    0x7d6c9abf8 WebCore::FrameViewLayoutContext::layout() + 2728 (FrameViewLayoutContext.cpp:259)
13  WebCore                                    0x7d5f8ac56 WebCore::Document::implicitClose() + 1046 (Document.cpp:3218)
14  WebCore                                    0x7d6aa428b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:942)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220113/c9fec21f/attachment.htm>

More information about the webkit-unassigned mailing list