[Webkit-unassigned] [Bug 64286] New: Regression: Relayout causes crash with some nested elements (input)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 11 09:03:57 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64286
Summary: Regression: Relayout causes crash with some nested
elements (input)
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.6
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: pdr at google.com
CC: dglazkov at google.com
Created an attachment (id=100308)
--> (https://bugs.webkit.org/attachment.cgi?id=100308&action=review)
Test case of bug (click on the page to trigger crash)
Note that this is a regression, as Safari 5.0.5 does not crash, but Chrome 14.0.803.0 dev and WebKit trunk (@r90470) both do. See the attached test case for an example of the crash.
WebKit will crash if an input element is hidden (display:none) when it is nested in the following scenario:
<div style="position:absolute">
<span style="position:relative">
this_is_text
<div style="position:absolute">
<input id="hideMe"/>
</div>
</span>
</div>
Replacing the input with another element (e.g., a span) causes the crash to go away (possible shadow dom issue? cc'ed dglazkov for this reason) Similarly, the crash will go away if we remove any of the position:relative or position:absolute styles in this nesting, or remove the text node "this_is_text".
The crash occurs due to this failed assert (line 1822, file FrameView.cpp): ASSERT(!m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout());
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list