[Webkit-unassigned] [Bug 71264] New: ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.

Mon Oct 31 21:48:28 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=71264

           Summary: ASSERT(!m_inBeforeLoadEventHandler) triggered when
                    forcing a layout in a beforeload listener.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aestes at apple.com

Created an attachment (id=113125)
 --> (https://bugs.webkit.org/attachment.cgi?id=113125&action=review)
Test case

Since HTMLObjectElement::updateWidget() is called during layout, we can do certain things in a beforeload listener that would trigger a reentrant layout and hence a re-entrant call to HTMLObjectElement::updateWidget(). A simple case would be calling event.target.offsetWidth in the listener for an object's beforeload event. See the attached test case. While this triggers an assertion in debug builds, it has no release symptom that I'm aware of.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.