145042 2015-05-14 23:55:41 -0700 Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count 2015-05-15 10:20:16 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=144973 P2 Normal --- 1 jer.noble jer.noble abucur commit-queue esprehn+autocc glenn hyatt jonlee kondapallykalyan simon.fraser WebkitBugTracker oldest_to_newest 1095047 0 jer.noble 2015-05-14 23:55:41 -0700 Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count 1095052 1 253180 jer.noble 2015-05-15 00:22:10 -0700 Created attachment 253180 Patch 1095115 2 abucur 2015-05-15 08:31:56 -0700 I wonder why this never crashed before. Do you have a test that reproduces this situation? It sounds a bit strange to call layout twice for a renderer in the same stack. 1095121 3 jonlee 2015-05-15 08:46:24 -0700 Andrei, see bug 144973. 1095125 4 jer.noble 2015-05-15 09:02:59 -0700 (In reply to comment #2) > It sounds a bit strange to call layout twice for a renderer in the same stack. That's true, but it's not necessarily a 1:1 mapping of layout()-to-push(). For example, in the case I mention in the ChangeLog, the FrameView is pushing it's `root` on the stack, the `root` is pushing itself on the stack, and root->layout() is only called once. 1095128 5 253180 hyatt 2015-05-15 09:23:32 -0700 Comment on attachment 253180 Patch r=me 1095130 6 jonlee 2015-05-15 09:27:29 -0700 is it possible to add a test? 1095132 7 jer.noble 2015-05-15 09:30:00 -0700 (In reply to comment #6) > is it possible to add a test? Well, sort of. By adding the proposed changes in the bug you mentioned, we'll be testing this change implicitly in those failing tests (the ones that triggered the roll-out). 1095134 8 abucur 2015-05-15 09:32:15 -0700 Ok, that sounds great, thanks for the clarifications! 1095148 9 253180 commit-queue 2015-05-15 10:16:46 -0700 Comment on attachment 253180 Patch Clearing flags on attachment: 253180 Committed r184394: <http://trac.webkit.org/changeset/184394> 1095149 10 commit-queue 2015-05-15 10:16:57 -0700 All reviewed patches have been landed. Closing bug. 1095152 11 simon.fraser 2015-05-15 10:20:16 -0700 Was this not testable? 253180 2015-05-15 00:22:10 -0700 2015-05-15 10:16:46 -0700 Patch bug-145042-20150515002049.patch text/plain 3019 jer.noble U3VidmVyc2lvbiBSZXZpc2lvbjogMTg0MzU4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYmVmNjZkZTMwZTc2ZGMw ZGY2ZjE3MmFlOTg4Mzk4NDBkOTVhY2ZkYi4uZGJhZDUzYTYwZGZkYzJjNmM2MTA3NzZkYmUzYzlj MGFhYWY3ZmEzMCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI2IEBACisyMDE1LTA1LTE0ICBKZXIg Tm9ibGUgIDxqZXIubm9ibGVAYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIGluIFJlbmRlckZs b3dUaHJlYWQ6OnBvcEZsb3dUaHJlYWRMYXlvdXRTdGF0ZSgpIGR1ZSB0byBtaXNtYXRjaGVkIHB1 c2gvcG9wIGNvdW50CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0xNDUwNDIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBSZW5kZXJGbG93VGhyZWFkIHByZXZpb3VzbHkgdXNlZCBhIExpc3RIYXNoU2V0IHRvIHN0 b3JlIGl0cyBzdGFjayBvZiBhY3RpdmUgb2JqZWN0cy4gVGhpcworICAgICAgICBpcyBwcm9ibGVt YXRpYyBiZWNhdXNlLCBpZiB0aGUgc2FtZSBvYmplY3QgaXMgcHVzaGVkIHR3aWNlLCBvbmx5IGEg c2luZ2xlIGVudHJ5IG9mIHRoYXQKKyAgICAgICAgb2JqZWN0IGlzIGFkZGVkIHRvIHRoZSBzdGFj ay4gQWZ0ZXIgdGhpcyBvY2N1cnMsIGEgbWF0Y2hpbmcgbnVtYmVyIG9mIHB1c2hlcyB3aWxsIHBv cCB0b28KKyAgICAgICAgbWFueSBpdGVtcyBvZmYgdGhlIHN0YWNrLCBjYXVzaW5nIGEgY3Jhc2gg d2hlbiBwb3BwaW5nIGEgc3RhY2sgd2l0aCB6ZXJvIGl0ZW1zLiBUaGlzCisgICAgICAgIHNwZWNp ZmljYWxseSBoYXBwZW5zIGluIEZyYW1lVmlldzo6bGF5b3V0KCksIHdoaWNoIHdpbGwgcHVzaCBp dHMgcm9vdCByZW5kZXJlciBvbiB0aGUgc3RhY2sKKyAgICAgICAgb2YgYWN0aXZlIGl0ZW1zLCBh bmQgdGhlbiBhc2sgdGhlIHJvb3QgdG8gbGF5b3V0KCksIHdoaWNoIHdpbGwgYXR0ZW1wdCB0byBw dXNoIGl0c2VsZiBvbiB0aGUKKyAgICAgICAgc3RhY2sgb2YgYWN0aXZlIGl0ZW1zLgorCisgICAg ICAgIEluc3RlYWQgb2YgYSBMaXN0SGFzaFNldCwgdXNlIGEgVmVjdG9yLCB3aGljaCBoYXMgc2lt aWxhciBtZW1vcnkgY2hhcmFjdGVyaXN0aWNzIGFuZCBubyAKKyAgICAgICAgdW5pcXVlbmVzcyBy ZXF1aXJlbWVudHMuCisKKyAgICAgICAgKiByZW5kZXJpbmcvUmVuZGVyRmxvd1RocmVhZC5jcHA6 CisgICAgICAgIChXZWJDb3JlOjpSZW5kZXJGbG93VGhyZWFkOjpwdXNoRmxvd1RocmVhZExheW91 dFN0YXRlKToKKyAgICAgICAgKFdlYkNvcmU6OlJlbmRlckZsb3dUaHJlYWQ6OnBvcEZsb3dUaHJl YWRMYXlvdXRTdGF0ZSk6CisgICAgICAgICogcmVuZGVyaW5nL1JlbmRlckZsb3dUaHJlYWQuaDoK KwogMjAxNS0wNS0xMyAgUnlvc3VrZSBOaXdhICA8cm5pd2FAd2Via2l0Lm9yZz4KIAogICAgICAg ICBDcmFzaCBpbiBSZXBsYWNlU2VsZWN0aW9uQ29tbWFuZDo6cmVtb3ZlUmVkdW5kYW50U3R5bGVz QW5kS2VlcFN0eWxlU3BhbklubGluZQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcmVuZGVy aW5nL1JlbmRlckZsb3dUaHJlYWQuY3BwIGIvU291cmNlL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRl ckZsb3dUaHJlYWQuY3BwCmluZGV4IGE2ZmQ3MWIzYTQ1ZWE1NjVlNmQxNWE2YzQ4MjdjYTBhOGQx ZjVlYzguLmMyYTNkNzg5OGRiNjllYjU2YTRmNWZiY2YyNWQ4NTFmMTkwYTc3ZDcgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJGbG93VGhyZWFkLmNwcAorKysgYi9T b3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyRmxvd1RocmVhZC5jcHAKQEAgLTExOTMsNyAr MTE5Myw3IEBAIGNvbnN0IFJlbmRlckJveCogUmVuZGVyRmxvd1RocmVhZDo6Y3VycmVudEFjdGl2 ZVJlbmRlckJveCgpIGNvbnN0CiAKIHZvaWQgUmVuZGVyRmxvd1RocmVhZDo6cHVzaEZsb3dUaHJl YWRMYXlvdXRTdGF0ZShjb25zdCBSZW5kZXJPYmplY3QmIG9iamVjdCkKIHsKLSAgICBtX2FjdGl2 ZU9iamVjdHNTdGFjay5hZGQoJm9iamVjdCk7CisgICAgbV9hY3RpdmVPYmplY3RzU3RhY2suYXBw ZW5kKCZvYmplY3QpOwogCiAgICAgaWYgKGNvbnN0IFJlbmRlckJveCogY3VycmVudEJveERlc2Nl bmRhbnQgPSBjdXJyZW50QWN0aXZlUmVuZGVyQm94KCkpIHsKICAgICAgICAgTGF5b3V0U3RhdGUq IGxheW91dFN0YXRlID0gY3VycmVudEJveERlc2NlbmRhbnQtPnZpZXcoKS5sYXlvdXRTdGF0ZSgp OwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlckZsb3dUaHJlYWQu aCBiL1NvdXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJGbG93VGhyZWFkLmgKaW5kZXggMjkw MGVkOGMzMWQ2ZTc0MzZkYmQ1ZjJiNmU4ZmFhNmVlM2YzNDY3Zi4uODQ3MDRmZTE5MDYxMjQyNmVh ZjA5YzA0NzVjY2EwYTkwM2NhMGRjYiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcmVuZGVy aW5nL1JlbmRlckZsb3dUaHJlYWQuaAorKysgYi9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVu ZGVyRmxvd1RocmVhZC5oCkBAIC0zNTEsNyArMzUxLDcgQEAgcHJvdGVjdGVkOgogICAgIFJlbmRl ckJveFRvUmVnaW9uTWFwIG1fYnJlYWtCZWZvcmVUb1JlZ2lvbk1hcDsKICAgICBSZW5kZXJCb3hU b1JlZ2lvbk1hcCBtX2JyZWFrQWZ0ZXJUb1JlZ2lvbk1hcDsKIAotICAgIHR5cGVkZWYgTGlzdEhh c2hTZXQ8Y29uc3QgUmVuZGVyT2JqZWN0Kj4gUmVuZGVyT2JqZWN0U3RhY2s7CisgICAgdHlwZWRl ZiBWZWN0b3I8Y29uc3QgUmVuZGVyT2JqZWN0Kj4gUmVuZGVyT2JqZWN0U3RhY2s7CiAgICAgUmVu ZGVyT2JqZWN0U3RhY2sgbV9hY3RpdmVPYmplY3RzU3RhY2s7CiAKICAgICB0eXBlZGVmIEhhc2hN YXA8Y29uc3QgUmVuZGVyQm94KiwgTGF5b3V0VW5pdD4gUmVuZGVyQm94VG9PZmZzZXRNYXA7Cg==