[Webkit-unassigned] [Bug 222021] Crash under RenderLayerBacking::updateGeometry()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 22 04:47:31 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=222021
--- Comment #3 from Nikolas Zimmermann <zimmermann at kde.org> ---
Do we have any testcase for this? How was this backtrace obtained? (I suspect Apple crash reports for the STP builds?)
If I read the backtrace correctly, m_scrollableArea is null in line 1376, and we see a nullptr crash in a release build.
However I fail to see how it can be null:
According to the backtrace RenderLayerBacking::updateGeometry() is called for a RenderLayerBacking object that has a non-zero m_scrollContainerLayer. A m_scrollContainerLayer is only created if the associated RenderLayer (m_owningLayer) is using composited scrolling (that is checked via the RenderLayer::hasCompositedScrollableOverflow() condition).
However RenderLayer::hasCompositedScrollableOverflow() only returns true if the RenderLayer has an associated RenderLayerScrollableArea, which in turn means the crash shouldn't be there ;-)
I probably fail to understand something, hence a bug in the current code and thus the crash....
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210222/cb3c2a5c/attachment.htm>
More information about the webkit-unassigned
mailing list