[Webkit-unassigned] [Bug 204648] [iOS] Crash in RenderLayerBacking::updateCompositedBounds from using cleared WeakPtr from m_backingSharingLayers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 4 13:02:56 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=204648
--- Comment #4 from Ali Juma <ajuma at chromium.org> ---
(In reply to Simon Fraser (smfr) from comment #2)
> > Is a null check the right fix here, or is this a symptom of a deeper problem?
>
> It's a symptom of a deeper problem.
Debugging this, a RenderLayer's m_backingProviderLayer is getting cleared in RenderLayerCompositor::BackingSharingState::updateBeforeDescendantTraversal without ever getting removed from the corresponding RenderLayerBacking's m_backingSharingLayers.
At the point where this happens in RenderLayerCompositor::BackingSharingState::updateBeforeDescendantTraversal, the RenderLayer's m_backingProviderLayer is different from the current m_backingProviderCandidate. For some reason (not clear yet) there's no other point where that m_backingProviderLayer has its backingSharingLayers cleared.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191204/53fdac25/attachment.htm>
More information about the webkit-unassigned
mailing list