[Webkit-unassigned] [Bug 261110] New: REGRESSION(267538 at main) Crash in InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Sep 4 04:04:37 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=261110

            Bug ID: 261110
           Summary: REGRESSION(267538 at main) Crash in
                    InlineDisplayContentBuilder::setGeometryForBlockLevelO
                    utOfFlowBoxes
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: abucur at adobe.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Steps to reproduce:
1. Navigate to https://new.express.adobe.com and login or create a new account.
2. Create a new document (Flyer for example).

Expected:
- The new document with a canvas is displayed.

Actual:
- Crash in InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes

Call stack:

#0      0x00000001393edba4 in ::WTFCrash() at /Users/abucur/GitPublic/WebKit/Source/WTF/wtf/Assertions.cpp:327
#1      0x0000000282bb2afc in WTF::CrashOnOverflow::crash() at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/CheckedArithmetic.h:109
#2      0x0000000282bb2c74 in WTF::CrashOnOverflow::overflowed() at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/CheckedArithmetic.h:102
#3      0x000000028319abc0 in WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::at(unsigned long) const at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/Vector.h:784
#4      0x000000028460c61c in WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::operator[](unsigned long) const at /Users/abucur/GitPublic/WebKit/WebKitBuild/Debug/usr/local/include/wtf/Vector.h:789
#5      0x00000002845f55f8 in WebCore::Layout::InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes(WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::Layout::Line::Run, 10ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)::$_12::operator()() const at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:902
#6      0x00000002845f34b8 in WebCore::Layout::InlineDisplayContentBuilder::setGeometryForBlockLevelOutOfFlowBoxes(WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::Layout::Line::Run, 10ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:911
#7      0x00000002845f50bc in WebCore::Layout::InlineDisplayContentBuilder::processBidiContent(WebCore::Layout::LineLayoutResult const&, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::InlineDisplay::Box, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&)::$_1::operator()() const at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:789
#8      0x00000002845f02b4 in WebCore::Layout::InlineDisplayContentBuilder::processBidiContent(WebCore::Layout::LineLayoutResult const&, WebCore::Layout::LineBox const&, WTF::Vector<WebCore::InlineDisplay::Box, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:791
#9      0x00000002845f002c in WebCore::Layout::InlineDisplayContentBuilder::build(WebCore::Layout::LineLayoutResult const&, WebCore::Layout::LineBox const&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:102
#10     0x000000028458e1b8 in WebCore::Layout::InlineFormattingContext::createDisplayContentForLine(unsigned long, WebCore::Layout::LineLayoutResult const&, WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&, WebCore::InlineDisplay::Content&) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:268
#11     0x000000028458d310 in WebCore::Layout::InlineFormattingContext::lineLayout(WebCore::Layout::AbstractLineBuilder&, WTF::Vector<WebCore::Layout::InlineItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Layout::InlineItemRange, std::__1::optional<WebCore::Layout::PreviousLine>, WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&, WebCore::Layout::InlineDamage const*) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:185
#12     0x000000028458c6ec in WebCore::Layout::InlineFormattingContext::layout(WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&, WebCore::Layout::InlineDamage const*) at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:114
#13     0x000000028465ddf8 in WebCore::LayoutIntegration::LineLayout::layout() at /Users/abucur/GitPublic/WebKit/Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:590

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230904/abb15285/attachment.htm>

More information about the webkit-unassigned mailing list