[Webkit-unassigned] [Bug 71044] New: RenderLayer::hasVisibleContent() can be called when m_visibleContentStatusDirty is true

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 27 11:50:22 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=71044

           Summary: RenderLayer::hasVisibleContent() can be called when
                    m_visibleContentStatusDirty is true
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: simon.fraser at apple.com
                CC: koivisto at iki.fi


RenderBox::clippedOverflowRectForRepaint() calls enclosingLayer()->hasVisibleContent() in cases where hasVisibleContent() may return incorrect data. Here's one stack trace where this happens:


1   0x1048e712c WebCore::RenderLayer::hasVisibleContent() const
2   0x104a09aca WebCore::RenderReplaced::clippedOverflowRectForRepaint(WebCore::RenderBoxModelObject*) const
3   0x1049f3ff8 WebCore::RenderObject::repaint(bool)
4   0x1049f6fde WebCore::RenderObject::setStyle(WTF::PassRefPtr<WebCore::RenderStyle>)
5   0x1049f664b WebCore::RenderObject::setAnimatableStyle(WTF::PassRefPtr<WebCore::RenderStyle>)
6   0x1047ff7d3 WebCore::Node::setRenderStyle(WTF::PassRefPtr<WebCore::RenderStyle>)
7   0x103e57c09 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
8   0x103e5809f WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
9   0x103e5809f WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
10  0x103e5809f WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
11  0x103c88c91 WebCore::Document::recalcStyle(WebCore::Node::StyleChange)
12  0x103c89d09 WebCore::Document::updateStyleIfNeeded()
13  0x103c89ece WebCore::Document::updateLayout()
14  0x103c8a074 WebCore::Document::updateLayoutIgnorePendingStylesheets()
15  0x103e54e19 WebCore::Element::getBoundingClientRect()
16  0x1043820bf WebCore::jsElementPrototypeFunctionGetBoundingClientRect(JSC::ExecState*)
17  0x5127366014f8
18  0x101b8ef49 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*)
19  0x101b8b866 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
20  0x101ae2bd1 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
21  0x1042799e3 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
22  0x104b36263 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*)
23  0x104b35d49 WebCore::ScheduledAction::execute(WebCore::Document*)
24  0x104b35b74 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*)
25  0x103def266 WebCore::DOMTimer::fired()
26  0x104d8de67 WebCore::ThreadTimers::sharedTimerFiredInternal()
27  0x104d8dc39 WebCore::ThreadTimers::sharedTimerFired()
28  0x104bb7873 _ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv

but I also see it during style updates before event handling.

Detected with:

-    bool hasVisibleContent() const { return m_hasVisibleContent; }
-    bool hasVisibleDescendant() const { return m_hasVisibleDescendant; }
+    bool hasVisibleContent() const { ASSERT(!m_visibleContentStatusDirty); return m_hasVisibleContent; }
+    bool hasVisibleDescendant() const { ASSERT(!m_visibleDescendantStatusDirty); return m_hasVisibleDescendant; }

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list