[Webkit-unassigned] [Bug 11672] REGRESSION (r17068): Repro crash due to painting without layout
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 22 00:41:34 PST 2006
http://bugs.webkit.org/show_bug.cgi?id=11672
------- Comment #1 from mitz at webkit.org 2006-11-22 00:41 PDT -------
RenderBlock::layoutPositionedObjects() calls setChildNeedsLayout() on the
positioned objects without passing false for the markParents flag. This is
wrong and it leads to the block (in this case, the RenderView) having its child
re-marked as needing layout after the block finished laying out its children.
While it's nice that most objects other than tables manage to paint while
needing layout, it's a condition that shouldn't occur. Perhaps this can be
asserted in some of the more popular paint() methods.
I wonder if it's possible to make a reduction that will crash builds from
before r17068. I think it should be possible.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list