Bug 217143

Summary: REGRESSION(r267781): ASSERTION FAILED: Optional.h(525) : T *WTF::Optional<WebCore::Layout::LineRun::Text>::operator->() on 16 fast/layoutformattingcontext/* tests
Product: WebKit Reporter: Hector Lopez <hector_i_lopez>
Component: Layout and RenderingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, simon.fraser, webkit-bot-watchers-bugzilla, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Hector Lopez 2020-09-30 13:18:23 PDT 
fast/layoutformattingcontext/block-only/replaced-as-inline-block-simple.html
fast/layoutformattingcontext/br-and-wbr-simple.html 
fast/layoutformattingcontext/br-in-inline-content-simple.html
fast/layoutformattingcontext/float-and-br-inline-content-only.html
fast/layoutformattingcontext/inline-box-overlaps-multiple-lines.html
fast/layoutformattingcontext/replaced-box-with-margin-on-baseline.html
fast/layoutformattingcontext/subframe-with-display-none-html.html
fast/layoutformattingcontext/table-basic-row-baseline-align.html
fast/layoutformattingcontext/table-basic-row-vertical-align-baseline.html
fast/layoutformattingcontext/table-cell-vertical-alignment-simple.html
fast/layoutformattingcontext/table-min-max-width-simple.html
fast/layoutformattingcontext/vertical-align-bottom-nested.html
fast/layoutformattingcontext/vertical-align-top-nested.html
fast/layoutformattingcontext/out-of-flow-positioned-line-breaks.html
fast/layoutformattingcontext/fit-content-width-simple.html
fast/layoutformattingcontext/simple-inline-block.html


Test are all constant crashes according to history on macOS wk2 Debug. First occurrence of constant crashes is at https://trac.webkit.org/changeset/267781/webkit
Also, the last three are associated with https://bugs.webkit.org/show_bug.cgi?id=216668 and corresponding rdar://69101155

History:

https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=fast%2Flayoutformattingcontext%2Fblock-only%2Freplaced-as-inline-block-simple.html&test=fast%2Flayoutformattingcontext%2Fbr-and-wbr-simple.html&test=fast%2Flayoutformattingcontext%2Fbr-in-inline-content-simple.html&test=fast%2Flayoutformattingcontext%2Ffit-content-width-simple.html&test=fast%2Flayoutformattingcontext%2Ffloat-and-br-inline-content-only.html&test=fast%2Flayoutformattingcontext%2Finline-box-overlaps-multiple-lines.html&test=fast%2Flayoutformattingcontext%2Fout-of-flow-positioned-line-breaks.html&test=fast%2Flayoutformattingcontext%2Freplaced-box-with-margin-on-baseline.html&test=fast%2Flayoutformattingcontext%2Fsimple-inline-block.html&test=fast%2Flayoutformattingcontext%2Fsubframe-with-display-none-html.html&test=fast%2Flayoutformattingcontext%2Ftable-basic-row-baseline-align.html&test=fast%2Flayoutformattingcontext%2Ftable-basic-row-vertical-align-baseline.html&test=fast%2Flayoutformattingcontext%2Ftable-cell-vertical-alignment-simple.html&test=fast%2Flayoutformattingcontext%2Ftable-min-max-width-simple.html&test=fast%2Flayoutformattingcontext%2Fvertical-align-bottom-nested.html&test=fast%2Flayoutformattingcontext%2Fvertical-align-top-nested.html&style=debug&flavor=wk2

Crash log for one example, fast/layoutformattingcontext/block-only/replaced-as-inline-block-simple.html:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x00000001a5b01abe WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebCore             	0x0000000188aa6da9 WTF::Optional<WebCore::Layout::LineRun::Text>::operator->() + 73 (Optional.h:525)
2   com.apple.WebCore             	0x0000000188ab91ab WebCore::Display::TextBox::debugDescription() const + 235 (DisplayTextBox.cpp:49)
3   com.apple.WebCore             	0x0000000188aab478 WebCore::Display::outputDisplayBox(WTF::TextStream&, WebCore::Display::Box const&, unsigned int) + 56 (DisplayTreeBuilder.cpp:203)
4   com.apple.WebCore             	0x0000000188aa5ac3 WebCore::Display::outputDisplayTree(WTF::TextStream&, WebCore::Display::Box const&, unsigned int) + 35 (DisplayTreeBuilder.cpp:211)
5   com.apple.WebCore             	0x0000000188aa5b20 WebCore::Display::outputDisplayTree(WTF::TextStream&, WebCore::Display::Box const&, unsigned int) + 128 (DisplayTreeBuilder.cpp:213)
6   com.apple.WebCore             	0x0000000188aa5b20 WebCore::Display::outputDisplayTree(WTF::TextStream&, WebCore::Display::Box const&, unsigned int) + 128 (DisplayTreeBuilder.cpp:213)
7   com.apple.WebCore             	0x0000000188aa5b20 WebCore::Display::outputDisplayTree(WTF::TextStream&, WebCore::Display::Box const&, unsigned int) + 128 (DisplayTreeBuilder.cpp:213)
Comment 1 Radar WebKit Bug Importer 2020-09-30 13:19:05 PDT 
<rdar://problem/69805462>
Comment 2 Simon Fraser (smfr) 2020-09-30 13:35:40 PDT 
Created attachment 410150 [details]
Patch
Comment 3 EWS 2020-10-01 10:42:39 PDT 
Committed r267842: <https://trac.webkit.org/changeset/267842>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 410150 [details].