[Webkit-unassigned] [Bug 253182] Release crash + ASSERTION FAILED: !nextSibling() in WebCore::RenderBox *WebCore::RenderBox::nextSiblingBox() const

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 5 12:02:51 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=253182

Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bfulgham at webkit.org,
                   |                            |mmaxfield at apple.com,
                   |                            |simon.fraser at apple.com,
                   |                            |zalan at apple.com
          Component|HTML Editing                |Layout and Rendering
            Summary|ASSERTION FAILED:           |Release crash + ASSERTION
                   |!nextSibling() in           |FAILED: !nextSibling() in
                   |WebCore::RenderBox          |WebCore::RenderBox
                   |*WebCore::RenderBox::nextSi |*WebCore::RenderBox::nextSi
                   |blingBox() const            |blingBox() const

--- Comment #2 from Alexey Proskuryakov <ap at webkit.org> ---
This isn't just an assertion failure, but a 100% reproducible crash in production builds.

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                                    0x1bed1fecc WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 512
1   WebCore                                    0x1bed2035c WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1680
2   WebCore                                    0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796
3   WebCore                                    0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452
4   WebCore                                    0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76
5   WebCore                                    0x1c0bbcfac WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 80
6   WebCore                                    0x1c0bbcd38 WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 128
7   WebCore                                    0x1bed20298 WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 1484
8   WebCore                                    0x1c0bc4bdc WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const + 796
9   WebCore                                    0x1becf0534 WebCore::RenderBlock::computePreferredLogicalWidths() + 452
10  WebCore                                    0x1becccb74 WebCore::RenderBox::minPreferredLogicalWidth() const + 76
11  WebCore                                    0x1c0bea950 WebCore::RenderBox::computeLogicalWidthInFragmentUsing(WebCore::SizeType, WebCore::Length, WebCore::LayoutUnit, WebCore::RenderBlock const&, WebCore::RenderFragmentContainer*) const + 596
12  WebCore                                    0x1c0bf5624 WebCore::RenderBox::computeLogicalWidthInFragment(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderFragmentContainer*) const + 1544
13  WebCore                                    0x1bec83f80 WebCore::RenderBox::updateLogicalWidth() + 44
14  WebCore                                    0x1c0bc6a88 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 412
15  WebCore                                    0x1c0cd4a00 WebCore::RenderRubyRun::layoutBlock(bool, WebCore::LayoutUnit) + 72
16  WebCore                                    0x1bec81b5c WebCore::RenderBlock::layout() + 120
17  WebCore                                    0x1c0ba2f14 WebCore::LegacyLineLayout::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 9296
18  WebCore                                    0x1c0bc9398 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 436
19  WebCore                                    0x1c0bc6d9c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1200
20  WebCore                                    0x1bec81b5c WebCore::RenderBlock::layout() + 120
21  WebCore                                    0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920
22  WebCore                                    0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252
23  WebCore                                    0x1bec81b5c WebCore::RenderBlock::layout() + 120
24  WebCore                                    0x1c0bc9ccc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 1920
25  WebCore                                    0x1c0bc6dd0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1252
26  WebCore                                    0x1bec81b5c WebCore::RenderBlock::layout() + 120
27  WebCore                                    0x1bec815d4 WebCore::RenderView::layout() + 496
28  WebCore                                    0x1c0805cdc WebCore::FrameViewLayoutContext::performLayout() + 736
29  WebCore                                    0x1c0805930 WebCore::FrameViewLayoutContext::layout() + 44
30  WebCore                                    0x1becd26b4 WebCore::Document::updateLayout() + 476
31  WebCore                                    0x1c02c7b10 WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) + 48
32  WebCore                                    0x1bed9be1c WebCore::CompositeEditCommand::apply() + 500
33  WebCore                                    0x1c02c5f78 WebCore::Editor::applyStyle(WTF::RefPtr<WebCore::EditingStyle, WTF::RawPtrTraits<WebCore::EditingStyle>, WTF::DefaultRefDerefTraits<WebCore::EditingStyle>>&&, WebCore::EditAction, WebCore::Editor::ColorFilterMode) + 496
34  WebCore                                    0x1c02f19b4 WebCore::executeToggleStyle(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSPropertyID, WTF::ASCIILiteral, WTF::ASCIILiteral) + 240
35  WebCore                                    0x1bedefe7c WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 100
36  WebCore                                    0x1bf2a0ac4 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 532
37  ???                                        0x110810204 ???
38  ???                                        0x110808248 ???
39  ???                                        0x110808248 ???
40  ???                                        0x110808728 ???
41  JavaScriptCore                             0x1bbf75420 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 520
42  JavaScriptCore                             0x1bc269c54 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 104
43  WebCore                                    0x1bfe59f6c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 132
44  WebCore                                    0x1bfe75ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1080
45  WebCore                                    0x1c02049e4 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 444
46  WebCore                                    0x1c01fcbdc WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 336
47  WebCore                                    0x1c07b0d24 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 368
48  WebCore                                    0x1becafd50 WebCore::DOMWindow::dispatchLoadEvent() + 316
49  WebCore                                    0x1bec7d738 WebCore::Document::implicitClose() + 476
50  WebCore                                    0x1bec7d210 WebCore::FrameLoader::checkCompleted() + 312
51  WebCore                                    0x1bec7c598 WebCore::FrameLoader::finishedParsing() + 340
52  WebCore                                    0x1bec7b354 WebCore::Document::finishedParsing() + 608
53  WebCore                                    0x1bec74300 WebCore::HTMLDocumentParser::prepareToStopParsing() + 296
54  WebCore                                    0x1bec73fa0 WebCore::HTMLDocumentParser::finish() + 236
55  WebCore                                    0x1bec73bd4 WebCore::DocumentWriter::end() + 148
56  WebCore                                    0x1c06cfa2c WebCore::DocumentLoader::finishedLoading() + 308

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230305/d5d42ed4/attachment.htm>

More information about the webkit-unassigned mailing list