[Webkit-unassigned] [Bug 251015] New: [ResizeObserver] ASSERT(m_callback->hasCallback()) under ResizeObserver::deliverObservations

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 23 09:06:43 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=251015

            Bug ID: 251015
           Summary: [ResizeObserver] ASSERT(m_callback->hasCallback())
                    under ResizeObserver::deliverObservations
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cathiechen at igalia.com

There is a ASSERTION FAILED if we set the initial last reported size of ResizeObservation to -1 x -1, which is updated in the speciation, see  https://github.com/WebKit/WebKit/pull/8839

If the initial size is 0x0, even ResizeObserver observe a disconnected target, it won't trigger ResizeObserver::deliverObservations.
If the initial size is -1x-1, observing a disconnected target would trigger ResizeObserver::deliverObservations, then there we meet a ASSERTION FAILED.
ResizeObserver needs a fix similar to https://bugs.webkit.org/show_bug.cgi?id=231235 


stderr:
ASSERTION FAILED: m_callback->hasCallback()
page/ResizeObserver.cpp(145) : void WebCore::ResizeObserver::deliverObservations()
1   0x13a15a5e4 WTFCrash
2   0x2808333e0 WTFCrashWithInfo(int, char const*, char const*, int)
3   0x284c63440 WebCore::ResizeObserver::deliverObservations()
4   0x283aa9074 WebCore::Document::deliverResizeObservations()
5   0x283aa937c WebCore::Document::updateResizeObservations(WebCore::Page&)
6   0x284bd6850 WebCore::Page::updateRendering()::$_29::operator()(WebCore::Document&) const
7   0x284bd67cc WTF::Detail::CallableWrapper<WebCore::Page::updateRendering()::$_29, void, WebCore::Document&>::call(WebCore::Document&)
8   0x283cc64b0 WTF::Function<void (WebCore::Document&)>::operator()(WebCore::Document&) const
9   0x284b90688 WebCore::Page::forEachDocumentFromMainFrame(WebCore::Frame const&, WTF::Function<void (WebCore::Document&)> const&)
10  0x284b80840 WebCore::Page::forEachDocument(WTF::Function<void (WebCore::Document&)> const&) const
11  0x284b88468 WebCore::Page::updateRendering()::$_20::operator()(WebCore::RenderingUpdateStep, WTF::Function<void (WebCore::Document&)> const&) const
12  0x284b88134 WebCore::Page::updateRendering()
13  0x11d05eb10 WebKit::WebPage::updateRendering()
14  0x11c1d7b94 WebKit::TiledCoreAnimationDrawingArea::updateRendering(WebKit::TiledCoreAnimationDrawingArea::UpdateRenderingType)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230123/69a45e58/attachment.htm>

More information about the webkit-unassigned mailing list