[Webkit-unassigned] [Bug 14494] answers.com crashes in paint with pending layout

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 2 00:31:57 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=14494





------- Comment #3 from koivisto at iki.fi  2007-07-02 00:31 PDT -------
The test case asserts in debug build but does not crash in release build. The
original page crashes in release build too.

This stack shows how layout gets invalidated from within FrameView::layout().
The method returns with layout still pending and subsequent synchronous paint
crashes (or asserts):

#0      0x010c4660 in WebCore::FrameView::scheduleRelayout at FrameView.cpp:658
#1      0x0116f125 in WebCore::RenderObject::scheduleRelayout at
RenderObject.cpp:2725
#2      0x0116f2ed in WebCore::RenderObject::markContainingBlocksForLayout at
RenderObject.cpp:737
#3      0x0116f3bb in WebCore::RenderObject::setNeedsLayout at
RenderObject.cpp:689
#4      0x014e9589 in WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc
at RenderObject.h:380
#5      0x010d4e3c in WebCore::Document::updateStyleSelector at
Document.cpp:1946
#6      0x010d536d in WebCore::Document::updateLayoutIgnorePendingStylesheets
at Document.cpp:1082
#7      0x011ef53c in WebCore::VisiblePosition::canonicalPosition at
VisiblePosition.cpp:141
#8      0x011ef93e in WebCore::VisiblePosition::init at VisiblePosition.cpp:58
#9      0x011efb3a in WebCore::VisiblePosition::VisiblePosition at
VisiblePosition.cpp:45
#10     0x011df628 in WebCore::SelectionController::layout at
SelectionController.cpp:892
#11     0x011df823 in WebCore::SelectionController::caretRect at
SelectionController.cpp:909
#12     0x011dfb34 in WebCore::SelectionController::recomputeCaretRect at
SelectionController.cpp:949
#13     0x010b8b37 in WebCore::Frame::selectionLayoutChanged at Frame.cpp:584
#14     0x010b8d02 in WebCore::Frame::invalidateSelection at Frame.cpp:522
#15     0x010c69ef in WebCore::FrameView::layout at FrameView.cpp:433
#16     0x010ba2d9 in WebCore::Frame::forceLayout at Frame.cpp:1329
#17     0x010dbb70 in -[WebCoreFrameBridge forceLayoutAdjustingViewSize:] at
WebCoreFrameBridge.mm:383
#18     0x0033b686 in -[WebHTMLView
layoutToMinimumPageWidth:maximumPageWidth:adjustingViewSize:] at
WebHTMLView.mm:2494
#19     0x0033b909 in -[WebHTMLView layout] at WebHTMLView.mm:2521
#20     0x0033727e in -[WebHTMLView(WebPrivate) _layoutIfNeeded] at
WebHTMLView.mm:1352
#21     0x00337548 in -[WebHTMLView(WebPrivate)
_web_layoutIfNeededRecursive:testDirtyRect:] at WebHTMLView.mm:1371
#22     0x00335c91 in -[WebHTMLView(WebPrivate)
_recursiveDisplayAllDirtyWithLockFocus:visRect:] at WebHTMLView.mm:885


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list