[Webkit-unassigned] [Bug 81607] New: Assertion failure in RenderBox::mapAbsoluteToLocalPoint() when a <marquee> is in a subframe with frame flattening enabled.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 19 18:22:23 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=81607
Summary: Assertion failure in
RenderBox::mapAbsoluteToLocalPoint() when a <marquee>
is in a subframe with frame flattening enabled.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aestes at apple.com
CC: hyatt at apple.com, mitz at webkit.org,
simon.fraser at apple.com
Created an attachment (id=132739)
--> (https://bugs.webkit.org/attachment.cgi?id=132739&action=review)
Test case
When a <marquee> tag (possibly any scrollable area) is in a subframe with frame flattening enabled, the following assertion in RenderBox::mapAbsoluteToLocalPoint() is triggered during layout:
ASSERT(!view() || !view()->layoutStateEnabled());
It looks like frame flattening causes the subframe to be laid out recursively, which results in updateLayerPositions() being called on the subframe while the parent frame has the layoutState optimization enabled.
A test case that triggers this assertion is attached. Note that it must be run from DumpRenderTree or from a port that has frame flattening enabled. Here is the full backtrace from DumpRenderTree:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000011005cd16 WebCore::RenderBox::mapAbsoluteToLocalPoint(bool, bool, WebCore::TransformState&) const + 150 (RenderBox.cpp:1463)
1 com.apple.WebCore 0x000000011013c1a5 WebCore::RenderObject::absoluteToLocal(WebCore::FloatPoint const&, bool, bool) const + 117 (RenderObject.cpp:2017)
2 com.apple.WebCore 0x000000010f6009c3 WebCore::FrameView::convertToRenderer(WebCore::RenderObject const*, WebCore::IntPoint const&) const + 163 (FrameView.cpp:3193)
3 com.apple.WebCore 0x000000010f600f89 WebCore::FrameView::convertFromContainingView(WebCore::IntPoint const&) const + 201 (FrameView.cpp:3279)
4 com.apple.WebCore 0x00000001105ec592 WebCore::Widget::convertFromContainingWindow(WebCore::IntPoint const&) const + 98 (Widget.cpp:130)
5 com.apple.WebCore 0x00000001102e5766 WebCore::ScrollView::windowToContents(WebCore::IntPoint const&) const + 86 (ScrollView.cpp:714)
6 com.apple.WebCore 0x000000010f529d29 WebCore::EventHandler::dispatchFakeMouseMoveEventSoonInQuad(WebCore::FloatQuad const&) + 89 (EventHandler.cpp:2578)
7 com.apple.WebCore 0x00000001100e11e2 WebCore::RenderLayer::scrollTo(int, int) + 866 (RenderLayer.cpp:1512)
8 com.apple.WebCore 0x00000001100e368e WebCore::RenderLayer::setScrollOffset(WebCore::IntPoint const&) + 62 (RenderLayer.cpp:1788)
9 com.apple.WebCore 0x00000001102c7366 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 54 (ScrollableArea.cpp:138)
10 com.apple.WebCore 0x00000001102c7601 WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&) + 81 (ScrollableArea.cpp:181)
11 com.apple.WebCore 0x00000001102c90ab WebCore::ScrollAnimator::notifyPositionChanged() + 59 (ScrollAnimator.cpp:144)
12 com.apple.WebCore 0x00000001102cd049 WebCore::ScrollAnimatorMac::notifyPositionChanged() + 41 (ScrollAnimatorMac.mm:667)
13 com.apple.WebCore 0x00000001102ccbe3 WebCore::ScrollAnimatorMac::immediateScrollTo(WebCore::FloatPoint const&) + 211 (ScrollAnimatorMac.mm:646)
14 com.apple.WebCore 0x00000001102ccb03 WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 67 (ScrollAnimatorMac.mm:622)
15 com.apple.WebCore 0x00000001102c71dc WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 60 (ScrollableArea.cpp:117)
16 com.apple.WebCore 0x00000001100e0dad WebCore::RenderLayer::scrollToOffset(int, int, WebCore::RenderLayer::ScrollOffsetClamping) + 941 (RenderLayer.cpp:1441)
17 com.apple.WebCore 0x0000000110121fdd WebCore::RenderMarquee::start() + 301 (RenderMarquee.cpp:170)
18 com.apple.WebCore 0x00000001101221e7 WebCore::RenderMarquee::updateMarqueePosition() + 247 (RenderMarquee.cpp:207)
19 com.apple.WebCore 0x00000001100dc627 WebCore::RenderLayer::updateLayerPositions(WebCore::IntPoint*, unsigned int) + 1815 (RenderLayer.cpp:424)
20 com.apple.WebCore 0x00000001100dc593 WebCore::RenderLayer::updateLayerPositions(WebCore::IntPoint*, unsigned int) + 1667 (RenderLayer.cpp:412)
21 com.apple.WebCore 0x00000001100dc593 WebCore::RenderLayer::updateLayerPositions(WebCore::IntPoint*, unsigned int) + 1667 (RenderLayer.cpp:412)
22 com.apple.WebCore 0x000000010f5f7b40 WebCore::FrameView::layout(bool) + 3680 (FrameView.cpp:1101)
23 com.apple.WebCore 0x000000010f5ffdc5 WebCore::FrameView::forceLayout(bool) + 37 (FrameView.cpp:3079)
24 com.apple.WebKit 0x000000010e91cf06 -[WebHTMLView layoutToMinimumPageWidth:height:originalPageWidth:originalPageHeight:maximumShrinkRatio:adjustingViewSize:] + 470 (WebHTMLView.mm:3057)
25 com.apple.WebKit 0x000000010e91cf6d -[WebHTMLView layout] + 77 (WebHTMLView.mm:3071)
26 com.apple.WebKit 0x000000010e8bb7cc -[WebDynamicScrollBarsView(WebInternal) updateScrollers] + 2940 (WebDynamicScrollBarsView.mm:377)
27 com.apple.WebKit 0x000000010e8bb9c4 -[WebDynamicScrollBarsView(WebInternal) reflectScrolledClipView:] + 228 (WebDynamicScrollBarsView.mm:408)
28 com.apple.AppKit 0x00007fff94a6fa45 -[NSClipView _reflectDocumentViewFrameChange] + 175
29 com.apple.AppKit 0x00007fff94a5cc92 -[NSView _postFrameChangeNotification] + 211
30 com.apple.AppKit 0x00007fff949822d9 -[NSView setFrameSize:] + 1114
31 com.apple.AppKit 0x00007fff94a5cde7 -[NSControl setFrameSize:] + 83
32 com.apple.WebCore 0x00000001102eb473 WebCore::ScrollView::platformSetContentsSize() + 723 (ScrollViewMac.mm:127)
33 com.apple.WebCore 0x00000001102e3f46 WebCore::ScrollView::setContentsSize(WebCore::IntSize const&) + 134 (ScrollView.cpp:302)
34 com.apple.WebCore 0x000000010f5f587c WebCore::FrameView::setContentsSize(WebCore::IntSize const&) + 124 (FrameView.cpp:501)
35 com.apple.WebCore 0x000000010f5f5b19 WebCore::FrameView::adjustViewSize() + 457 (FrameView.cpp:528)
36 com.apple.WebCore 0x000000010f5f7a68 WebCore::FrameView::layout(bool) + 3464 (FrameView.cpp:1091)
37 com.apple.WebCore 0x000000010f5ffdc5 WebCore::FrameView::forceLayout(bool) + 37 (FrameView.cpp:3079)
38 com.apple.WebKit 0x000000010e91cf06 -[WebHTMLView layoutToMinimumPageWidth:height:originalPageWidth:originalPageHeight:maximumShrinkRatio:adjustingViewSize:] + 470 (WebHTMLView.mm:3057)
39 com.apple.WebKit 0x000000010e91cf6d -[WebHTMLView layout] + 77 (WebHTMLView.mm:3071)
40 com.apple.WebKit 0x000000010e8bad58 -[WebDynamicScrollBarsView(WebInternal) updateScrollers] + 264 (WebDynamicScrollBarsView.mm:266)
41 com.apple.WebKit 0x000000010e8bb9c4 -[WebDynamicScrollBarsView(WebInternal) reflectScrolledClipView:] + 228 (WebDynamicScrollBarsView.mm:408)
42 com.apple.AppKit 0x00007fff94a6e4bf -[NSClipView _selfBoundsChanged] + 713
43 com.apple.AppKit 0x00007fff94a6bb75 -[NSClipView setFrameSize:] + 247
44 com.apple.AppKit 0x00007fff94981aef -[NSView setFrame:] + 268
45 com.apple.AppKit 0x00007fff94a6b61a -[NSScrollView _applyContentAreaLayout:] + 136
46 com.apple.AppKit 0x00007fff94a6a750 -[NSScrollView tile] + 2154
47 com.apple.WebKit 0x000000010e8ba909 -[WebDynamicScrollBarsView(WebInternal) tile] + 57 (WebDynamicScrollBarsView.mm:212)
48 com.apple.AppKit 0x00007fff94a69e58 -[NSScrollView _tileWithoutRecursing] + 42
49 com.apple.AppKit 0x00007fff94a69e10 -[NSScrollView _update] + 27
50 com.apple.AppKit 0x00007fff94a6f942 -[NSScrollView resizeSubviewsWithOldSize:] + 107
51 com.apple.AppKit 0x00007fff9498223a -[NSView setFrameSize:] + 955
52 com.apple.AppKit 0x00007fff94a6f5f8 -[NSScrollView setFrameSize:] + 506
53 com.apple.AppKit 0x00007fff94981aef -[NSView setFrame:] + 268
54 com.apple.AppKit 0x00007fff94a5c514 -[NSView resizeWithOldSuperviewSize:] + 1324
55 com.apple.AppKit 0x00007fff94a5bf6d -[NSView resizeSubviewsWithOldSize:] + 200
56 com.apple.AppKit 0x00007fff9498223a -[NSView setFrameSize:] + 955
57 com.apple.WebKit 0x000000010e8ea84b -[WebFrameView setFrameSize:] + 267 (WebFrameView.mm:511)
58 com.apple.AppKit 0x00007fff94981aef -[NSView setFrame:] + 268
59 com.apple.WebCore 0x00000001105ed51f WebCore::Widget::setFrameRect(WebCore::IntRect const&) + 607 (WidgetMac.mm:178)
60 com.apple.WebCore 0x00000001102e612f WebCore::ScrollView::setFrameRect(WebCore::IntRect const&) + 95 (ScrollView.cpp:848)
61 com.apple.WebCore 0x000000010f5f52af WebCore::FrameView::setFrameRect(WebCore::IntRect const&) + 95 (FrameView.cpp:405)
62 com.apple.WebCore 0x000000011023cf5f WebCore::RenderWidget::setWidgetGeometry(WebCore::IntRect const&) + 287 (RenderWidget.cpp:162)
63 com.apple.WebCore 0x000000011023d17f WebCore::RenderWidget::updateWidgetGeometry() + 399 (RenderWidget.cpp:178)
64 com.apple.WebCore 0x000000011023e193 WebCore::RenderWidget::updateWidgetPosition() + 83 (RenderWidget.cpp:333)
65 com.apple.WebCore 0x00000001100c4f2b WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) + 315 (RenderFrameBase.cpp:57)
66 com.apple.WebCore 0x00000001100c80d1 WebCore::RenderFrameSet::positionFramesWithFlattening() + 833 (RenderFrameSet.cpp:595)
67 com.apple.WebCore 0x00000001100c7bb2 WebCore::RenderFrameSet::layout() + 770 (RenderFrameSet.cpp:488)
68 com.apple.WebCore 0x000000010fffadba WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 1274 (RenderBlock.cpp:2337)
69 com.apple.WebCore 0x000000010fff36de WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1502 (RenderBlock.cpp:2271)
70 com.apple.WebCore 0x000000010fff0e70 WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) + 2192 (RenderBlock.cpp:1538)
71 com.apple.WebCore 0x000000010fff037c WebCore::RenderBlock::layout() + 92 (RenderBlock.cpp:1401)
72 com.apple.WebCore 0x000000010fffadba WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 1274 (RenderBlock.cpp:2337)
73 com.apple.WebCore 0x000000010fff36de WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1502 (RenderBlock.cpp:2271)
74 com.apple.WebCore 0x000000010fff0e70 WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) + 2192 (RenderBlock.cpp:1538)
75 com.apple.WebCore 0x000000010fff037c WebCore::RenderBlock::layout() + 92 (RenderBlock.cpp:1401)
76 com.apple.WebCore 0x000000011022ec9c WebCore::RenderView::layout() + 860 (RenderView.cpp:137)
77 com.apple.WebCore 0x000000010f5f79d6 WebCore::FrameView::layout(bool) + 3318 (FrameView.cpp:1078)
78 com.apple.WebCore 0x000000010f3082a4 WebCore::Document::implicitClose() + 980 (Document.cpp:2349)
79 com.apple.WebCore 0x000000010f5cf67b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:800)
80 com.apple.WebCore 0x000000010f5cf473 WebCore::FrameLoader::checkCompleted() + 323 (FrameLoader.cpp:747)
81 com.apple.WebCore 0x000000010f5cf74e WebCore::FrameLoader::completed() + 190 (FrameLoader.cpp:1088)
82 com.apple.WebCore 0x000000010f5cf490 WebCore::FrameLoader::checkCompleted() + 352 (FrameLoader.cpp:750)
83 com.apple.WebCore 0x000000010f5ce333 WebCore::FrameLoader::finishedParsing() + 179 (FrameLoader.cpp:680)
84 com.apple.WebCore 0x000000010f313114 WebCore::Document::finishedParsing() + 532 (Document.cpp:4487)
85 com.apple.WebCore 0x000000010f79fcac WebCore::HTMLTreeBuilder::finished() + 140 (HTMLTreeBuilder.cpp:2819)
86 com.apple.WebCore 0x000000010f6dbd83 WebCore::HTMLDocumentParser::end() + 211 (HTMLDocumentParser.cpp:382)
87 com.apple.WebCore 0x000000010f6dae26 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 262 (HTMLDocumentParser.cpp:391)
88 com.apple.WebCore 0x000000010f6dac22 WebCore::HTMLDocumentParser::prepareToStopParsing() + 242 (HTMLDocumentParser.cpp:154)
89 com.apple.WebCore 0x000000010f6dbdd3 WebCore::HTMLDocumentParser::attemptToEnd() + 67 (HTMLDocumentParser.cpp:403)
90 com.apple.WebCore 0x000000010f6dbe28 WebCore::HTMLDocumentParser::finish() + 72 (HTMLDocumentParser.cpp:430)
91 com.apple.WebCore 0x000000010f36eed9 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 297 (DocumentWriter.cpp:250)
92 com.apple.WebCore 0x000000010f36e540 WebCore::DocumentWriter::end() + 48 (DocumentWriter.cpp:225)
93 com.apple.WebCore 0x000000010f34ee5b WebCore::DocumentLoader::finishedLoading() + 91 (DocumentLoader.cpp:296)
94 com.apple.WebCore 0x000000010f5d7609 WebCore::FrameLoader::finishedLoading() + 73 (FrameLoader.cpp:2074)
95 com.apple.WebCore 0x000000010fe91766 WebCore::MainResourceLoader::didFinishLoading(double) + 278 (MainResourceLoader.cpp:485)
96 com.apple.WebCore 0x000000011025bb76 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 182 (ResourceLoader.cpp:453)
97 com.apple.WebCore 0x00000001102584bb -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 251 (ResourceHandleMac.mm:887)
98 com.apple.Foundation 0x00007fff95d30662 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 122
99 com.apple.Foundation 0x00007fff95d305e2 _NSURLConnectionDidFinishLoading + 81
100 com.apple.CFNetwork 0x00007fff97ce64fe URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 296
101 com.apple.CFNetwork 0x00007fff97d9691e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 862
102 com.apple.CFNetwork 0x00007fff97d96b0a URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354
103 com.apple.CFNetwork 0x00007fff97cc1389 URLConnectionClient::processEvents() + 185
104 com.apple.CFNetwork 0x00007fff97cc122e MultiplexerSource::perform() + 212
105 com.apple.CoreFoundation 0x00007fff9138f511 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
106 com.apple.CoreFoundation 0x00007fff9138ed7d __CFRunLoopDoSources0 + 253
107 com.apple.CoreFoundation 0x00007fff913b5b69 __CFRunLoopRun + 905
108 com.apple.CoreFoundation 0x00007fff913b54a6 CFRunLoopRunSpecific + 230
109 com.apple.Foundation 0x00007fff95cd3f9f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267
110 DumpRenderTree 0x000000010daef699 _ZL7runTestRKNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE + 5657 (DumpRenderTree.mm:1354)
111 DumpRenderTree 0x000000010daedfda _ZL20runTestingServerLoopv + 282 (DumpRenderTree.mm:817)
112 DumpRenderTree 0x000000010daed86a dumpRenderTree(int, char const**) + 394 (DumpRenderTree.mm:866)
113 DumpRenderTree 0x000000010daefed9 main + 105 (DumpRenderTree.mm:903)
114 DumpRenderTree 0x000000010dad9184 start + 52
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list