[Webkit-unassigned] [Bug 166573] New: RenderImages with dirty layout after layout on 4chan.org

Thu Dec 29 07:40:58 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=166573

            Bug ID: 166573
           Summary: RenderImages with dirty layout after layout on
                    4chan.org
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: akling at apple.com
                CC: zalan at apple.com

To reproduce:

Open any thread on http://boards.4chan.org/wg/catalog
For example: http://boards.4chan.org/wg/thread/6803455

SHOULD NEVER BE REACHED
/Volumes/Gala/Users/kling/Source/Safari/OpenSource/Source/WebCore/page/FrameView.cpp(218) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const
1   0x10bff565d WTFCrash
2   0x10f368163 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::'lambda'(WebCore::RenderObject const&)::operator()(WebCore::RenderObject const&) const
3   0x10f3680d2 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
4   0x10f354fb5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
5   0x10f35342d WebCore::FrameView::layout(bool)
6   0x10f363fd9 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive()
7   0x108238c15 WebKit::WebPage::layoutIfNeeded()
8   0x107fbfdcc WebKit::TiledCoreAnimationDrawingArea::flushLayers()
9   0x107fc0529 non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers()
10  0x1103db865 WebCore::LayerFlushScheduler::layerFlushCallback()
11  0x1103dcadb WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const
12  0x1103dca8d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_
13  0x1103dca39 std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()()
14  0x10e8afc3a std::__1::function<void ()>::operator()() const
15  0x110c4385a WebCore::RunLoopObserver::runLoopObserverFired()
16  0x110c437e0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*)
17  0x7fff8ff742d7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
18  0x7fff8ff74247 __CFRunLoopDoObservers
19  0x7fff8ff54b76 CFRunLoopRunSpecific
20  0x7fff8f4dfacc RunCurrentEventLoopInMode
21  0x7fff8f4df901 ReceiveNextEventCommon
22  0x7fff8f4df736 _BlockUntilNextEventMatchingListInModeWithFilter
23  0x7fff8da85abc _DPSNextEvent
24  0x7fff8e2001f7 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
25  0x7fff8da7a43d -[NSApplication run]
26  0x7fff8da44d58 NSApplicationMain
27  0x7fffa57b18c7 _xpc_objc_main
28  0x7fffa57b02e4 xpc_main
29  0x106d2418d main
30  0x7fffa554d255 start
31  0x1

ERROR: post-layout: dirty renderer(s)
/Volumes/Gala/Users/kling/Source/Safari/OpenSource/Source/WebCore/page/FrameView.cpp(216) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const

Render tree is too big for a bugzilla comment, but this guy is the culprit:

BA----L- -+*           IMG RenderImage  (1164.50, 193.31) (0.00, 0.00) renderer->(0x12694e330) node->(0x123290420) layout->[normal child]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161229/8b81ad27/attachment.html>