[Webkit-unassigned] [Bug 235572] New: ASSERTION FAILED: layoutState->renderer() == this ../../Source/WebCore/rendering/RenderBlock.cpp(2866)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 25 04:22:59 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=235572
Bug ID: 235572
Summary: ASSERTION FAILED: layoutState->renderer() == this
../../Source/WebCore/rendering/RenderBlock.cpp(2866)
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: alset0326 at gmail.com
Created attachment 449913
--> https://bugs.webkit.org/attachment.cgi?id=449913&action=review
html that trigger crash
1. build a debug webkit
2. open html
3. crash
ASSERTION FAILED: layoutState->renderer() == this
../../Source/WebCore/rendering/RenderBlock.cpp(2866) : virtual WebCore::LayoutUnit WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
1 0x7f235dcd7964 WTFReportBacktrace
2 0x7f235dcd7c01 WTFCrash
3 0x7f23777ceba1 WTF::CrashOnOverflow::overflowed()
4 0x7f2380f2a522 WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
5 0x7f2380f2ae62 WebCore::RenderBlock::computeFragmentRangeForBoxChild(WebCore::RenderBox const&) const
6 0x7f2380f2b2ca WebCore::RenderBlock::estimateFragmentRangeForBoxChild(WebCore::RenderBox const&) const
7 0x7f2380f0d18f WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool)
8 0x7f2380f0db11 WebCore::RenderBlock::layoutPositionedObjects(bool, bool)
9 0x7f2380fdfaa6 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
10 0x7f2380f088ab WebCore::RenderBlock::layout()
11 0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
12 0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
13 0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
14 0x7f2380f088ab WebCore::RenderBlock::layout()
15 0x7f2380e4be9e WebCore::RenderElement::layoutIfNeeded()
16 0x7f2380ff97af WebCore::RenderBlockFlow::positionNewFloats()
17 0x7f2380fe3c54 WebCore::RenderBlockFlow::adjustFloatingBlock(WebCore::RenderBlockFlow::MarginInfo const&)
18 0x7f2380fe0c6c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
19 0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
20 0x7f2380f088ab WebCore::RenderBlock::layout()
21 0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
22 0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
23 0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
24 0x7f2380f088ab WebCore::RenderBlock::layout()
25 0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
26 0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
27 0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
28 0x7f2380f088ab WebCore::RenderBlock::layout()
29 0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
30 0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
31 0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220125/c0d8e089/attachment-0001.htm>
More information about the webkit-unassigned
mailing list