ladybird
ladybird copied to clipboard
Published
3 weeks ago
•
LadybirdBrowser
LadybirdBrowser
SVG: Crash due to null layout node masking with SVGCircleElement
Reduced repro from: https://www.w3.org/TR/web-animations-1/
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200">
<g mask="url(#excludedEndPoints)"></g>
<mask id="excludedEndPoints">
<circle cx="50" cy="50" r="4" fill="black" stroke="black"/>
</mask>
</svg>
Backtrace:
ASSERTION FAILED: m_ptr at /home/shannon/personal/ladybird/Userland/Libraries/LibJS/Heap/GCPtr.h:168
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-ak.so.0(ak_assertion_failed+0xef) [0x7f5d3e4d231f]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::SVG::SVGCircleElement::get_path(Gfx::Size<Web::CSSPixels>) 0x33a) [0x7f5d43512fda]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::SVGFormattingContext::layout_path_like_element(Web::Layout::SVGGraphicsBox const&) 0x147) [0x7f5d43443077]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::SVGFormattingContext::layout_graphics_element(Web::Layout::SVGGraphicsBox const&) 0x162) [0x7f5d43442972]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::SVGFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x932) [0x7f5d43442212]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::SVGFormattingContext::layout_mask_or_clip(Web::Layout::SVGBox const&) 0x226) [0x7f5d43443a76]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::SVGFormattingContext::layout_graphics_element(Web::Layout::SVGGraphicsBox const&) 0x1ab) [0x7f5d434429bb]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::SVGFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x932) [0x7f5d43442212]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_viewport(Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0xc2) [0x7f5d433ed412]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::DOM::Document::update_layout() 0x28a) [0x7f5d431789ba]
/home/shannon/personal/ladybird/Build/ladybird-debug/libexec/../lib/liblagom-web.so.0 Web::HTML::EventLoop::process() 0x42b) [0x7f5d4329151b
cc @MacDue
I have now started seeing the same crash on reddit.com, though it's likely to have a different reproducer.
Backtrace:
ASSERTION FAILED: m_ptr at /Users/shannonbooth/Developer/ladybird/Libraries/LibGC/Ptr.h:168
0 liblagom-ak.0.0.0.dylib 0x00000001016ac5bc ak_trap + 56
1 liblagom-ak.0.0.0.dylib 0x00000001016ac964 AK::ErrorOr<void, AK::Error> AK::__format_value<char const*>(AK::TypeErasedFormatParams&, AK::FormatBuilder&, AK::FormatParser&, void const*) + 0
2 liblagom-web.0.0.0.dylib 0x00000001037a523c Web::SVG::SVGCircleElement::get_path(Gfx::Size<Web::CSSPixels>) + 772
3 liblagom-web.0.0.0.dylib 0x00000001036c2e1c Web::Layout::SVGFormattingContext::layout_path_like_element(Web::Layout::SVGGraphicsBox const&) + 248
4 liblagom-web.0.0.0.dylib 0x00000001036c28a0 Web::Layout::SVGFormattingContext::layout_graphics_element(Web::Layout::SVGGraphicsBox const&) + 588
5 liblagom-web.0.0.0.dylib 0x00000001036c1f54 Web::Layout::SVGFormattingContext::run(Web::Layout::AvailableSpace const&) + 3396
6 liblagom-web.0.0.0.dylib 0x00000001036a2d24 Web::Layout::InlineFormattingContext::dimension_box_on_line(Web::Layout::Box const&, Web::Layout::LayoutMode) + 452
7 liblagom-web.0.0.0.dylib 0x00000001036a45ac Web::Layout::InlineLevelIterator::next_without_lookahead() + 324
8 liblagom-web.0.0.0.dylib 0x00000001036a21c0 Web::Layout::InlineFormattingContext::generate_line_boxes() + 332
9 liblagom-web.0.0.0.dylib 0x00000001036a1fdc Web::Layout::InlineFormattingContext::run(Web::Layout::AvailableSpace const&) + 72
10 liblagom-web.0.0.0.dylib 0x000000010366b914 Web::Layout::BlockFormattingContext::layout_inline_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 112
11 liblagom-web.0.0.0.dylib 0x000000010366b440 Web::Layout::BlockFormattingContext::run(Web::Layout::AvailableSpace const&) + 132
12 liblagom-web.0.0.0.dylib 0x00000001036a306c Web::Layout::InlineFormattingContext::dimension_box_on_line(Web::Layout::Box const&, Web::Layout::LayoutMode) + 1292
13 liblagom-web.0.0.0.dylib 0x00000001036a45ac Web::Layout::InlineLevelIterator::next_without_lookahead() + 324
14 liblagom-web.0.0.0.dylib 0x00000001036a495c Web::Layout::InlineLevelIterator::next_without_lookahead() + 1268
15 liblagom-web.0.0.0.dylib 0x00000001036a5ce0 Web::Layout::InlineLevelIterator::next_non_whitespace_sequence_width() + 112
16 liblagom-web.0.0.0.dylib 0x00000001036a22a4 Web::Layout::InlineFormattingContext::generate_line_boxes() + 560
17 liblagom-web.0.0.0.dylib 0x00000001036a1fdc Web::Layout::InlineFormattingContext::run(Web::Layout::AvailableSpace const&) + 72
18 liblagom-web.0.0.0.dylib 0x000000010366b914 Web::Layout::BlockFormattingContext::layout_inline_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 112
19 liblagom-web.0.0.0.dylib 0x000000010366b440 Web::Layout::BlockFormattingContext::run(Web::Layout::AvailableSpace const&) + 132
20 liblagom-web.0.0.0.dylib 0x0000000103675f54 Web::Layout::FlexFormattingContext::run(Web::Layout::AvailableSpace const&) + 944
21 liblagom-web.0.0.0.dylib 0x0000000103671478 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1536
22 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
23 liblagom-web.0.0.0.dylib 0x00000001036715a8 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1840
24 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
25 liblagom-web.0.0.0.dylib 0x00000001036715a8 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1840
26 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
27 liblagom-web.0.0.0.dylib 0x000000010366b49c Web::Layout::BlockFormattingContext::run(Web::Layout::AvailableSpace const&) + 224
28 liblagom-web.0.0.0.dylib 0x0000000103675f54 Web::Layout::FlexFormattingContext::run(Web::Layout::AvailableSpace const&) + 944
29 liblagom-web.0.0.0.dylib 0x0000000103671478 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1536
30 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
31 liblagom-web.0.0.0.dylib 0x000000010366b49c Web::Layout::BlockFormattingContext::run(Web::Layout::AvailableSpace const&) + 224
32 liblagom-web.0.0.0.dylib 0x000000010369ac9c Web::Layout::GridFormattingContext::run(Web::Layout::AvailableSpace const&) + 1376
33 liblagom-web.0.0.0.dylib 0x0000000103675f54 Web::Layout::FlexFormattingContext::run(Web::Layout::AvailableSpace const&) + 944
34 liblagom-web.0.0.0.dylib 0x000000010369ac9c Web::Layout::GridFormattingContext::run(Web::Layout::AvailableSpace const&) + 1376
35 liblagom-web.0.0.0.dylib 0x0000000103671478 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1536
36 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
37 liblagom-web.0.0.0.dylib 0x00000001036715a8 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1840
38 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
39 liblagom-web.0.0.0.dylib 0x00000001036715a8 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1840
40 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
41 liblagom-web.0.0.0.dylib 0x00000001036715a8 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1840
42 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
43 liblagom-web.0.0.0.dylib 0x000000010366b49c Web::Layout::BlockFormattingContext::run(Web::Layout::AvailableSpace const&) + 224
44 liblagom-web.0.0.0.dylib 0x0000000103671478 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 1536
45 liblagom-web.0.0.0.dylib 0x000000010366bc40 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 424
46 liblagom-web.0.0.0.dylib 0x0000000103363e7c Web::DOM::Document::update_layout(Web::DOM::UpdateLayoutReason) + 1004
47 liblagom-web.0.0.0.dylib 0x00000001036fae80 Web::EventHandler::handle_mousewheel(Gfx::Point<Web::CSSPixels>, Gfx::Point<Web::CSSPixels>, unsigned int, unsigned int, unsigned int, int, int) + 216
48 liblagom-web.0.0.0.dylib 0x00000001034cc0d0 Web::HTML::EventLoop::process_input_events() const + 640
49 liblagom-web.0.0.0.dylib 0x00000001034cc61c Web::HTML::EventLoop::update_the_rendering() + 76
50 liblagom-web.0.0.0.dylib 0x00000001034ced84 Web::HTML::Task::execute() + 88
51 liblagom-web.0.0.0.dylib 0x00000001034cb7d8 Web::HTML::EventLoop::process() + 96
52 liblagom-web.0.0.0.dylib 0x000000010374aec8 AK::Function<void ()>::CallableWrapper<Web::Platform::TimerSerenity::TimerSerenity()::$_0>::call() + 96
53 liblagom-core.0.0.0.dylib 0x0000000101296180 Core::Timer::timer_event(Core::TimerEvent&) + 176
54 liblagom-core.0.0.0.dylib 0x00000001012886fc Core::EventReceiver::dispatch_event(Core::Event&, Core::EventReceiver*) + 108
55 liblagom-core.0.0.0.dylib 0x0000000101294ed8 Core::ThreadEventQueue::process() + 452
56 liblagom-core.0.0.0.dylib 0x000000010129d744 Core::EventLoopImplementationUnix::exec() + 44
57 liblagom-core.0.0.0.dylib 0x00000001012865f8 Core::EventLoop::exec() + 68
58 WebContent 0x0000000100c11e1c serenity_main(Main::Arguments) + 7156
Is this still an issue? I can not reproduce this on current master 11dc254d27e8f98ef95ef07d36da4610f0502299
