[Webkit-unassigned] [Bug 97841] Crash re-entering Document layout with frame flattening enabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 27 19:15:11 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=97841
--- Comment #3 from Simon Fraser (smfr) <simon.fraser at apple.com> 2012-09-27 19:15:37 PST ---
The reason we hit the LayoutState crash is that we're re-entering layout on the live Document. This happens as follows:
Cached subframe FrameView does layout from a timer.
Via frame flattening, main cached FrameView does a layout. It gets the document via m_frame->document(), which is the LIVE document, and does layout on it. The live document is a frameset, so does layout on its child frames. The child frame trys to lay outs its parent (beccause of frame flattening), and because the FrameView is different, misses the if (parentView->m_nestedLayoutCount) check, and starts laying out on the Document that is already in the middle of layout.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list