[Webkit-unassigned] [Bug 52449] Crash when logging into gmail.com with frame flattening turned on.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 24 07:02:56 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=52449
--- Comment #17 from Yael <yael.aharon at nokia.com> 2011-01-24 07:02:55 PST ---
If we call document::updateLayout() when a style recalc is pending on the iframe document, what happens is
1. We do layout, starting from the main frame.
2. Update the style of the iframe
3. We do a second layout, but this time we don't start from the main frame. We start from the iframe. As a result, when frame flattening is enabled, we get out of updateLayout() with a layout still pending in the main frame, and that can cause all sorts of problems. My patch is preventing that situation by forcing the second layout round to start from the main frame as well if frame flattening is enabled.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list