<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [iOS] Scroll snap points trigger reentrant layout"

   href="https://bugs.webkit.org/show_bug.cgi?id=144644">144644</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[iOS] Scroll snap points trigger reentrant layout

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>528+ (Nightly build)

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>iOS

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Layout and Rendering

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>bfulgham&#64;webkit.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=252417" name="attach_252417" title="Simple test case that crashes on Debug iOS builds">attachment 252417</a> <a href="attachment.cgi?id=252417&amp;action=edit" title="Simple test case that crashes on Debug iOS builds">[details]</a></span>

Simple test case that crashes on Debug iOS builds

The attached test case triggers a crash in the WebProcess in debug builds, because it is attempting to trigger layout while in the middle of performing the initial layout.

This bad behavior was caused by the improper use of 'offsetLeft' and 'offsetTop' in the iOS code path for handling scroll snap-points. Instead, it should have just used the same code path as OS X. Apparently, the original author of that code had the misapprehension that the RenderBox::localToContainerPoint method did not work properly under iOS, which is certainly not true (at least today).

The fix here is to delete the bad iOS-only code path and use the standard drawing code.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>