[Webkit-unassigned] [Bug 224262] New: REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 6 20:30:28 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=224262

            Bug ID: 224262
           Summary: REGRESSION(r274812): Release assert in
                    Document::updateLayout() after calling
                    focus({preventScroll: true}) on a textarea
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: wenson_hsieh at apple.com

e.g.

ASSERTION FAILED: isSafeToUpdateStyleOrLayout(*this)
./dom/Document.cpp(2176) : void WebCore::Document::updateLayout()
1   0x3bd844de9 WTFCrash
2   0x3bd844e09 WTFCrashWithSecurityImplication
3   0x3a375c9ea WebCore::Document::updateLayout()
4   0x3a375e272 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
5   0x3a3b1d560 WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&)
6   0x3a3b1d40a WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity)
7   0x3a3b1db5b WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity)
8   0x3a1057907 WebCore::VisibleSelection::visibleStart() const
9   0x3a3a944c3 WebCore::FrameSelection::recomputeCaretRect()
10  0x3a3a8e1bb WebCore::FrameSelection::updateAppearance()
11  0x3a3a8dead WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&)
12  0x3a3a6dce2 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity)
13  0x3a3a8bd55 WebCore::FrameSelection::moveWithoutValidationTo(WebCore::Position const&, WebCore::Position const&, bool, bool, WebCore::SelectionRevealMode, WebCore::AXTextStateChangeIntent const&)
14  0x3a3d3547d WebCore::HTMLTextFormControlElement::setSelectionRange(int, int, WebCore::TextFieldSelectionDirection, WebCore::SelectionRevealMode, WebCore::AXTextStateChangeIntent const&)
15  0x3a3d3635b WebCore::HTMLTextAreaElement::setValueCommon(WTF::String const&)
16  0x3a3d33ff4 WebCore::HTMLTextAreaElement::setNonDirtyValue(WTF::String const&)
17  0x3a3d33cee WebCore::HTMLTextAreaElement::childrenChanged(WebCore::ContainerNode::ChildChange const&)
18  0x3a36fcf77 WebCore::ContainerNode::removeAllChildrenWithScriptAssertion(WebCore::ContainerNode::ChildChange::Source, WebCore::ContainerNode::DeferChildrenChanged)
19  0x3a3703ac6 WebCore::ContainerNode::replaceChildren(WTF::Vector<WTF::Variant<WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node> >, WTF::String>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)

<rdar://76269714>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210407/58439d10/attachment-0001.htm>

More information about the webkit-unassigned mailing list