New issue
Advanced search Search tips

Issue 616059 link

Starred by 1 user
Status: Fixed
Owner:
jfernan...@igalia.com
Closed: Jul 2016
Cc:
cbiesin...@chromium.org
e...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

[css-flex] ASSERTION FAILED: resolvedMainSize >= 0

Project Member Reported by jfernan...@igalia.com, May 31 2016 
Reproduced using latest trunk (r395874) and loading the attached test case.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ff761b7b700 (LWP 2529)]
0x0000000004021bce in blink::LayoutFlexibleBox::adjustChildSizeForMinAndMax (this=0x269ed72dc010, child=..., childSize=...) at ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp:1093
1093	            ASSERT(resolvedMainSize >= 0);
(gdb) bt
#0  0x0000000004021bce in blink::LayoutFlexibleBox::adjustChildSizeForMinAndMax (this=0x269ed72dc010, child=..., childSize=...) at ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp:1093
#1  0x0000000004022704 in blink::LayoutFlexibleBox::computeNextFlexLine (this=0x269ed72dc010, orderedChildren=..., sumFlexBaseSize=..., totalFlexGrow=@0x7ff761b779f0: 0, totalFlexShrink=@0x7ff761b779f8: 0, 
    totalWeightedFlexShrink=@0x7ff761b77a00: 0, sumHypotheticalMainSize=..., relayoutChildren=false) at ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp:1252
#2  0x0000000004020720 in blink::LayoutFlexibleBox::layoutFlexItems (this=0x269ed72dc010, relayoutChildren=false, layoutScope=...) at ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp:858
#3  0x000000000401e2be in blink::LayoutFlexibleBox::layoutBlock (this=0x269ed72dc010, relayoutChildren=false) at ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp:349
#4  0x0000000003fafa95 in blink::LayoutBlock::layout (this=0x269ed72dc010) at ../../third_party/WebKit/Source/core/layout/LayoutBlock.cpp:431
#5  0x0000000003fc3f4d in blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded (this=0x269ed7218128, child=..., newLogicalTop=..., layoutInfo=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:668
#6  0x0000000003fc41bf in blink::LayoutBlockFlow::layoutBlockChild (this=0x269ed7218128, child=..., layoutInfo=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:718
#7  0x0000000003fc63c8 in blink::LayoutBlockFlow::layoutBlockChildren (this=0x269ed7218128, relayoutChildren=true, layoutScope=..., beforeEdge=..., afterEdge=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:1203
#8  0x0000000003fd6340 in blink::LayoutBlockFlow::layoutBlockFlow (this=0x269ed7218128, relayoutChildren=true, pageLogicalHeight=..., layoutScope=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:489
#9  0x0000000003fc34a3 in blink::LayoutBlockFlow::layoutBlock (this=0x269ed7218128, relayoutChildren=false) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:396
#10 0x0000000003fafa95 in blink::LayoutBlock::layout (this=0x269ed7218128) at ../../third_party/WebKit/Source/core/layout/LayoutBlock.cpp:431
#11 0x0000000003fc3f4d in blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded (this=0x269ed7218010, child=..., newLogicalTop=..., layoutInfo=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:668
#12 0x0000000003fc41bf in blink::LayoutBlockFlow::layoutBlockChild (this=0x269ed7218010, child=..., layoutInfo=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:718
#13 0x0000000003fc63c8 in blink::LayoutBlockFlow::layoutBlockChildren (this=0x269ed7218010, relayoutChildren=true, layoutScope=..., beforeEdge=..., afterEdge=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:1203
#14 0x0000000003fd6340 in blink::LayoutBlockFlow::layoutBlockFlow (this=0x269ed7218010, relayoutChildren=true, pageLogicalHeight=..., layoutScope=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:489
#15 0x0000000003fc34a3 in blink::LayoutBlockFlow::layoutBlock (this=0x269ed7218010, relayoutChildren=false) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:396
#16 0x0000000003fafa95 in blink::LayoutBlock::layout (this=0x269ed7218010) at ../../third_party/WebKit/Source/core/layout/LayoutBlock.cpp:431
#17 0x0000000003fc3f4d in blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded (this=0x269ed7204010, child=..., newLogicalTop=..., layoutInfo=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:668
#18 0x0000000003fc41bf in blink::LayoutBlockFlow::layoutBlockChild (this=0x269ed7204010, child=..., layoutInfo=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:718
#19 0x0000000003fc63c8 in blink::LayoutBlockFlow::layoutBlockChildren (this=0x269ed7204010, relayoutChildren=true, layoutScope=..., beforeEdge=..., afterEdge=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:1203
#20 0x0000000003fd6340 in blink::LayoutBlockFlow::layoutBlockFlow (this=0x269ed7204010, relayoutChildren=true, pageLogicalHeight=..., layoutScope=...) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:489
#21 0x0000000003fc34a3 in blink::LayoutBlockFlow::layoutBlock (this=0x269ed7204010, relayoutChildren=false) at ../../third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:396
#22 0x0000000003fafa95 in blink::LayoutBlock::layout (this=0x269ed7204010) at ../../third_party/WebKit/Source/core/layout/LayoutBlock.cpp:431
#23 0x00000000040d8669 in blink::LayoutView::layoutContent (this=0x269ed7204010) at ../../third_party/WebKit/Source/core/layout/LayoutView.cpp:190
#24 0x00000000040d8dd1 in blink::LayoutView::layout (this=0x269ed7204010) at ../../third_party/WebKit/Source/core/layout/LayoutView.cpp:290
#25 0x0000000003baa97c in blink::layoutFromRootObject (root=...) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:818
#26 0x0000000003baafd3 in blink::FrameView::performLayout (this=0x29e797862ca8, inSubtreeLayout=false) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:887
#27 0x0000000003babd64 in blink::FrameView::layout (this=0x29e797862ca8) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:1036
#28 0x0000000003bb2a8a in blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal (this=0x29e797862ca8) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:2588
#29 0x0000000003bb2a05 in blink::FrameView::updateStyleAndLayoutIfNeededRecursive (this=0x29e797862ca8) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:2568
#30 0x0000000003bb1b8e in blink::FrameView::updateLifecyclePhasesInternal (this=0x29e797862ca8, phases=blink::FrameView::AllPhases) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:2427
#31 0x0000000003bb1971 in blink::FrameView::updateAllLifecyclePhases (this=0x29e797862ca8) at ../../third_party/WebKit/Source/core/frame/FrameView.cpp:2382
#32 0x0000000003d63070 in blink::PageAnimator::updateAllLifecyclePhases (this=0x35af3c1e1870, rootFrame=...) at ../../third_party/WebKit/Source/core/page/PageAnimator.cpp:86
#33 0x0000000002afae66 in blink::PageWidgetDelegate::updateAllLifecyclePhases (page=..., root=...) at ../../third_party/WebKit/Source/web/PageWidgetDelegate.cpp:61
#34 0x0000000002aa4cbe in blink::WebViewImpl::updateAllLifecyclePhases (this=0x26fb8e2ec010) at ../../third_party/WebKit/Source/web/WebViewImpl.cpp:1999
#35 0x00000000057ed21f in content::RenderWidget::UpdateVisualState (this=0x3ddce5858020) at ../../content/renderer/render_widget.cc:900
#36 0x0000000005a3ed2f in content::RenderWidgetCompositor::UpdateLayerTreeHost (this=0x3ddce559f180) at ../../content/renderer/gpu/render_widget_compositor.cc:917
#37 0x0000000006375699 in cc::LayerTreeHost::RequestMainFrameUpdate (this=0x3ddce5a15920) at ../../cc/trees/layer_tree_host.cc:396
#38 0x0000000006401e64 in cc::ProxyMain::BeginMainFrame (this=0x3ddce4d8f320, begin_main_frame_state=...) at ../../cc/trees/proxy_main.cc:202
#39 0x00000000064229d6 in base::internal::RunnableAdapter<void (cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >)>::Run<cc::ProxyMain*, std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> > >(cc::ProxyMain*&&, std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >&&) (this=0x7ff761b79570, 
    receiver_ptr=<unknown type in /home/javi/devel/Chromium/src/out/Debug/content_shell, CU 0x742d8fd3, DIE 0x7435db72>) at ../../base/bind_internal.h:186
#40 0x000000000642256f in base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >)> >::MakeItSo<base::WeakPtr<cc::ProxyMain>, std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> > >(base::internal::RunnableAdapter<void (cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >)>, base::WeakPtr<cc::ProxyMain>, std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >&&) (runnable=..., weak_ptr=...)
    at ../../base/bind_internal.h:324
#41 0x000000000642222a in base::internal::Invoker<base::IndexSequence<0ul, 1ul>, base::internal::BindState<base::internal::RunnableAdapter<void (cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >)>, void (cc::ProxyMain*, std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>&, base::internal::PassedWrapper<std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> > > >, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >)> >, void ()>::Run(base::internal::BindStateBase*) (base=0x3ddce73984a0) at ../../base/bind_internal.h:364
#42 0x0000000000aea134 in base::Callback<void (), (base::internal::CopyMode)1>::Run() const (this=0x7ff761b797d8) at ../../base/callback.h:397
#43 0x0000000000e5ca05 in base::debug::TaskAnnotator::RunTask (this=0x3ddce55fb940, queue_function=0xb1e5f29 "TaskQueueManager::PostTask", pending_task=...) at ../../base/debug/task_annotator.cc:51
#44 0x0000000007a5a91f in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue (this=0x3ddce55fb820, work_queue=0x3ddce56009e0, out_previous_task=0x7ff761b79a60) at ../../components/scheduler/base/task_queue_manager.cc:289
#45 0x0000000007a5a002 in scheduler::TaskQueueManager::DoWork (this=0x3ddce55fb820, run_time=..., from_main_thread=false) at ../../components/scheduler/base/task_queue_manager.cc:201
#46 0x0000000007a601bf in base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>::Run<scheduler::TaskQueueManager*, base::TimeTicks const&, bool const&>(scheduler::TaskQueueManager*&&, base::TimeTicks const&, bool const&) (this=0x7ff761b79d00, receiver_ptr=<unknown type in /home/javi/devel/Chromium/src/out/Debug/content_shell, CU 0x88a23930, DIE 0x88a6615d>) at ../../base/bind_internal.h:186
#47 0x0000000007a5f370 in base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)> >::MakeItSo<base::WeakPtr<scheduler::TaskQueueManager>, base::TimeTicks const&, bool const&> (runnable=..., weak_ptr=...) at ../../base/bind_internal.h:324
#48 0x0000000007a5e6e7 in base::internal::Invoker<base::IndexSequence<0ul, 1ul, 2ul>, base::internal::BindState<base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>, void (scheduler::TaskQueueManager*, base::TimeTicks, bool), base::WeakPtr<scheduler::TaskQueueManager>, base::TimeTicks, bool>, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)> >, void ()>::Run(base::internal::BindStateBase*) (base=0x3ddce4d91fa0) at ../../base/bind_internal.h:364

Comment 1 by jfernan...@igalia.com, May 31 2016

crash-flex-fill-available.html
226 bytes View Download

Comment 2 by r...@igalia.com, Jun 6 2016

Components: Blink>Layout>Flexbox
Status: Available (was: Untriaged)

Comment 3 by cbiesin...@chromium.org, Jun 6 2016

Labels: -Pri-3 Pri-2
Owner: cbiesin...@chromium.org
Interesting, this is a version without a percentage padding. I'll investigate.

Comment 4 by cbiesin...@chromium.org, Jun 8 2016

Owner: jfernan...@igalia.com
Your cl will fix this one, too: https://codereview.chromium.org/2022033003/

(tested by applying it and loading the testcase)
Project Member

Comment 5 by bugdroid1@chromium.org, Jun 14 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f7b659ec21315a34e7bb462283d3f007c16a3b7c

commit f7b659ec21315a34e7bb462283d3f007c16a3b7c
Author: jfernandez <jfernandez@igalia.com>
Date: Tue Jun 14 10:23:42 2016

[css-sizing] Adding border and padding to fill-available width

The "fill-available" size is defined as the containing block's size less
the box's border and padding size. However, when used for
min-width we should ensure we don't get negative values as
result of logical width computation.

 http://www.w3.org/TR/css-sizing-3/#fill-available-sizing

This patch ensure fill-available value computed value will be always
greater than box's border and padding width.

BUG= 613354 , 616059 

Review-Url: https://codereview.chromium.org/2022033003
Cr-Commit-Position: refs/heads/master@{#399677}

[add] https://crrev.com/f7b659ec21315a34e7bb462283d3f007c16a3b7c/third_party/WebKit/LayoutTests/fast/css-intrinsic-dimensions/fill-available-with-zero-width-expected.html
[add] https://crrev.com/f7b659ec21315a34e7bb462283d3f007c16a3b7c/third_party/WebKit/LayoutTests/fast/css-intrinsic-dimensions/fill-available-with-zero-width.html
[modify] https://crrev.com/f7b659ec21315a34e7bb462283d3f007c16a3b7c/third_party/WebKit/Source/core/layout/LayoutBox.cpp
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 15 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f7b659ec21315a34e7bb462283d3f007c16a3b7c

commit f7b659ec21315a34e7bb462283d3f007c16a3b7c
Author: jfernandez <jfernandez@igalia.com>
Date: Tue Jun 14 10:23:42 2016

[css-sizing] Adding border and padding to fill-available width

The "fill-available" size is defined as the containing block's size less
the box's border and padding size. However, when used for
min-width we should ensure we don't get negative values as
result of logical width computation.

 http://www.w3.org/TR/css-sizing-3/#fill-available-sizing

This patch ensure fill-available value computed value will be always
greater than box's border and padding width.

BUG= 613354 , 616059 

Review-Url: https://codereview.chromium.org/2022033003
Cr-Commit-Position: refs/heads/master@{#399677}

[add] https://crrev.com/f7b659ec21315a34e7bb462283d3f007c16a3b7c/third_party/WebKit/LayoutTests/fast/css-intrinsic-dimensions/fill-available-with-zero-width-expected.html
[add] https://crrev.com/f7b659ec21315a34e7bb462283d3f007c16a3b7c/third_party/WebKit/LayoutTests/fast/css-intrinsic-dimensions/fill-available-with-zero-width.html
[modify] https://crrev.com/f7b659ec21315a34e7bb462283d3f007c16a3b7c/third_party/WebKit/Source/core/layout/LayoutBox.cpp

Comment 7 by jfernan...@igalia.com, Jul 26 2016

Status: Fixed (was: Available)
This issue should be fixed now.

Sign in to add a comment