[Webkit-unassigned] [Bug 235567] New: ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.outlineBoundsRect == renderer().outlineBoundsForRepaint(renderer().containerForRepaint())

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=235567

            Bug ID: 235567
           Summary: ASSERTION FAILED: m_repaintRectsValid =>
                    m_repaintRects.outlineBoundsRect ==
                    renderer().outlineBoundsForRepaint(renderer().containe
                    rForRepaint())
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: alset0326 at gmail.com

Created attachment 449909

  --> https://bugs.webkit.org/attachment.cgi?id=449909&action=review

the html can make crash

1. build a debug webkit
2. open the html
3. crash

ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.outlineBoundsRect == renderer().outlineBoundsForRepaint(renderer().containerForRepaint())
../../Source/WebCore/rendering/RenderLayer.cpp(1172) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
1   0x7f944677c964 WTFReportBacktrace
2   0x7f944677cc01 WTFCrash
3   0x7f9469cbbaaf WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
4   0x7f9469cbbaee WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
5   0x7f9469cbbaee WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
6   0x7f9469cbbaee WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
7   0x7f9469de679f WebCore::RenderLayerScrollableArea::updateLayerPositionsAfterDocumentScroll()
8   0x7f9468a5a9f2 WebCore::FrameView::updateLayerPositionsAfterScrolling()
9   0x7f9468ec06fc WebCore::ScrollView::completeUpdatesAfterScrollTo(WebCore::IntSize const&)
10  0x7f9468ebfcf6 WebCore::ScrollView::handleDeferredScrollUpdateAfterContentSizeChange()
11  0x7f9468a482b2 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::EmptyCounter>)
12  0x7f9468a7ce21 WebCore::FrameViewLayoutContext::layout()
13  0x7f9468a7e458 WebCore::FrameViewLayoutContext::layoutTimerFired()
14  0x7f9468ade7d8 void std::__invoke_impl<void, void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&>(std::__invoke_memfun_deref, void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&)
15  0x7f9468ade4ab std::__invoke_result<void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&>::type std::__invoke<void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&>(void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*&)
16  0x7f9468adcd0d void std::_Bind<void (WebCore::FrameViewLayoutContext::*(WebCore::FrameViewLayoutContext*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
17  0x7f9468adb944 void std::_Bind<void (WebCore::FrameViewLayoutContext::*(WebCore::FrameViewLayoutContext*))()>::operator()<, void>()
18  0x7f9468ada50c WTF::Detail::CallableWrapper<std::_Bind<void (WebCore::FrameViewLayoutContext::*(WebCore::FrameViewLayoutContext*))()>, void>::call()
19  0x7f946036ce95 WTF::Function<void ()>::operator()() const
20  0x7f946131201e WebCore::Timer::fired()
21  0x7f9468f100d4 WebCore::ThreadTimers::sharedTimerFiredInternal()
22  0x7f9468f0efdd /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x1d2fdfdd) [0x7f9468f0efdd]
23  0x7f9468f15800 /home/lxc/fuzz/webkit/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x1d304800) [0x7f9468f15800]
24  0x7f946036ce95 WTF::Function<void ()>::operator()() const
25  0x7f9468e79457 WebCore::MainThreadSharedTimer::fired()
26  0x7f9468e93ef6 void std::__invoke_impl<void, void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>(std::__invoke_memfun_deref, void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&)
27  0x7f9468e93d73 std::__invoke_result<void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>::type std::__invoke<void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>(void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&)
28  0x7f9468e93c9f void std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
29  0x7f9468e93b72 void std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>::operator()<, void>()
30  0x7f9468e93aa0 WTF::Detail::CallableWrapper<std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>, void>::call()
31  0x7f946036ce95 WTF::Function<void ()>::operator()() const

** (MiniBrowser:917450): WARNING **: 17:21:37.584: WebProcess CRASHED

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220125/079a975d/attachment-0001.htm>