search

LadybirdBrowser / ladybird

Truly independent web browser
https://ladybird.org
BSD 2-Clause "Simplified" License
19.48k stars 788 forks source link

LibWeb: resetera.com repeatedly zooms in until it crashes #139

Open awesomekling opened 3 months ago

awesomekling commented 3 months ago

To reproduce, open https://resetera.com Notice how the text on the page keeps getting larger until it crashes like so:

VERIFICATION FAILED: !height.might_be_saturated() at /home/kling/src/ladybird/Userland/Libraries/LibWeb/Layout/LayoutState.cpp:535
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-ak.so.0(ak_verification_failed+0xef) [0x7ff4ee1c3bcf]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0(+0xb21a06) [0x7ff4ed121a06]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FormattingContext::calculate_max_content_height(Web::Layout::Box const&, Web::CSSPixels) const 0x194) [0x7ff4ed102094]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::compute_height(Web::Layout::Box const&, Web::Layout::AvailableSpace const&) 0x8c) [0x7ff4ed0e3a6c]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0xd64) [0x7ff4ed0e4d14]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x90) [0x7ff4ed0de620]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x5a) [0x7ff4ed0dde9a]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FormattingContext::calculate_max_content_height(Web::Layout::Box const&, Web::CSSPixels) const 0x194) [0x7ff4ed102094]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::determine_flex_base_size_and_hypothetical_main_size(Web::Layout::FlexFormattingContext::FlexItem&) 0x59a) [0x7ff4ed0ebbca]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0xab) [0x7ff4ed0ea25b]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FormattingContext::calculate_min_content_width(Web::Layout::Box const&) const 0x1a6) [0x7ff4ed0f6806]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::content_size_suggestion(Web::Layout::FlexFormattingContext::FlexItem const&) const 0x14) [0x7ff4ed0f01b4]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::content_based_minimum_size(Web::Layout::FlexFormattingContext::FlexItem const&) const 0x30) [0x7ff4ed0eff50]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::determine_flex_base_size_and_hypothetical_main_size(Web::Layout::FlexFormattingContext::FlexItem&) 0x776) [0x7ff4ed0ebda6]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0xab) [0x7ff4ed0ea25b]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FormattingContext::calculate_max_content_height(Web::Layout::Box const&, Web::CSSPixels) const 0x194) [0x7ff4ed102094]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::determine_flex_base_size_and_hypothetical_main_size(Web::Layout::FlexFormattingContext::FlexItem&) 0x59a) [0x7ff4ed0ebbca]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FlexFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0xab) [0x7ff4ed0ea25b]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::FormattingContext::calculate_max_content_height(Web::Layout::Box const&, Web::CSSPixels) const 0x194) [0x7ff4ed102094]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::compute_height(Web::Layout::Box const&, Web::Layout::AvailableSpace const&) 0x8c) [0x7ff4ed0e3a6c]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0xd64) [0x7ff4ed0e4d14]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x90) [0x7ff4ed0de620]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0xe9a) [0x7ff4ed0e4e4a]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x90) [0x7ff4ed0de620]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0xe9a) [0x7ff4ed0e4e4a]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x90) [0x7ff4ed0de620]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x5a) [0x7ff4ed0dde9a]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0xd98) [0x7ff4ed0e4d48]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x90) [0x7ff4ed0de620]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::DOM::Document::update_layout() 0x2cd) [0x7ff4ece9ae1d]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::CSS::ResolvedCSSStyleDeclaration::property(Web::CSS::PropertyID) const 0x50) [0x7ff4ece38b00]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-web.so.0 Web::CSS::CSSStyleDeclaration::internal_get(JS::PropertyKey const&, JS::Value, JS::CacheablePropertyMetadata*, JS::Object::PropertyLookupPhase) const 0x20b) [0x7ff4ecdc3bbb]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-js.so.0(+0x277cf9) [0x7ff4ec277cf9]
/home/kling/src/ladybird/Build/ladybird/libexec/../lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x5d5b) [0x7ff4ec257c5b]
utf-4096 commented 2 months ago

I've come across another site where the opposite happens (text keeps shrinking). I'm fairly certain this is due to the fact these sites specify the font size of the root element <html> as rem, even though rem is already a size relative to the root element, so whenever parts of the page get redrawn we re-calculate the size from the previous value, hence the size keeps changing.

Minimal repro (move your cursor around):

<style>
html {
    font-size: 0.5rem; /* text keeps shrinking */
    /* font-size: 1.5rem; */ /* text keeps growing */
}
</style>
<p>content</p>
<p>content</p>
<p>content</p>

With the growing text, I'm able to reproduce the same crash with minimal repro:

VERIFICATION FAILED: !height.might_be_saturated() at /opt/ladybird/Userland/Libraries/LibWeb/Layout/LayoutState.cpp:535
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-ak.so.0(ak_verification_failed+0xbd) [0x7f0740bbfa4d]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::LayoutState::UsedValues::set_content_height(Web::CSSPixels) 0x1b) [0x7f0741bb27eb]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0x367) [0x7f0741b79e97]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x77) [0x7f0741b7aae7]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0x77f) [0x7f0741b7a2af]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x77) [0x7f0741b7aae7]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::run(Web::Layout::Box const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x39) [0x7f0741b7ae99]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::CSSPixels&, Web::Layout::AvailableSpace const&) 0x33d) [0x7f0741b79e6d]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::LayoutMode, Web::Layout::AvailableSpace const&) 0x77) [0x7f0741b7aae7]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0 Web::DOM::Document::update_layout() 0x268) [0x7f074187d288]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0(+0xdb2893) [0x7f07419b2893]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-web.so.0(+0x1077a09) [0x7f0741c77a09]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-core.so.0 Core::Timer::timer_event(Core::TimerEvent&) 0xb2) [0x7f07431e5432]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-core.so.0 Core::EventReceiver::dispatch_event(Core::Event&, Core::EventReceiver*) 0x4d) [0x7f07431c750d]
/opt/ladybird/Build/ladybird/libexec/WebContent(+0x9c669) [0x555f3d6ef669]
/usr/lib/libQt6Core.so.6(+0x1afe26) [0x7f07437afe26]
/usr/lib/libQt6Core.so.6 QTimer::timeout(QTimer::QPrivateSignal) 0x3a) [0x7f07437bcb2a]
/usr/lib/libQt6Core.so.6 QObject::event(QEvent*) 0x1bf) [0x7f07437a725f]
/usr/lib/libQt6Core.so.6 QCoreApplication::notifyInternal2(QObject*, QEvent*) 0xed) [0x7f074375d41d]
/usr/lib/libQt6Core.so.6 QTimerInfoList::activateTimers() 0x559) [0x7f07438c79f9]
/usr/lib/libQt6Core.so.6(+0x3af2ac) [0x7f07439af2ac]
/usr/lib/libglib-2.0.so.0(+0x57cc4) [0x7f073cb10cc4]
/usr/lib/libglib-2.0.so.0(+0x5ad47) [0x7f073cb13d47]
/usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x2c) [0x7f073cb1433c]
/usr/lib/libQt6Core.so.6 QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) 0x6c) [0x7f07439af54c]
/usr/lib/libQt6Core.so.6 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) 0x133) [0x7f0743769103]
/opt/ladybird/Build/ladybird/libexec/../lib64/liblagom-core.so.0 Core::EventLoop::exec() 0x46) [0x7f07431c0406]
/opt/ladybird/Build/ladybird/libexec/WebContent(+0xa8d2e) [0x555f3d6fbd2e]
/opt/ladybird/Build/ladybird/libexec/WebContent(+0x17bb12) [0x555f3d7ceb12]
/usr/lib/libc.so.6(+0x29c4c) [0x7f073d63fc4c]
/usr/lib/libc.so.6(__libc_start_main+0x85) [0x7f073d63fd05]
/opt/ladybird/Build/ladybird/libexec/WebContent(+0x9b821) [0x555f3d6ee821]