32172 2009-12-04 14:11:23 -0800 Fix assertion failure in WebCore::RenderBlock::startDelayUpdateScrollInfo 2012-04-18 16:04:55 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 agl webkit-unassigned hamaji jeffrey+webkit mjs webkit.review.bot oldest_to_newest 168922 0 agl 2009-12-04 14:11:23 -0800 startDelayUpdateScrollInfo calls a function that can end up calling startDelayUpdateScrollInfo again. However, it's static state is inconsistent when this happens leading to an assertion failure (or probably a memory leak if assertions are off). #0 WebCore::RenderBlock::startDelayUpdateScrollInfo () at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:605 #1 0x0000000000f88b9d in WebCore::RenderFlexibleBox::layoutHorizontalBox (this=0x2aaab801ea38, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:336 #2 0x0000000000f8a0c0 in WebCore::RenderFlexibleBox::layoutBlock (this=0x2aaab801ea38, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:242 #3 0x0000000000f49b57 in WebCore::RenderBlock::layout (this=0x2aaab801ea38) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:649 #4 0x0000000000f4d881 in WebCore::RenderObject::layoutIfNeeded (this=0x2aaab801ea38) at third_party/WebKit/WebCore/rendering/RenderObject.h:496 #5 0x0000000000f66caf in WebCore::RenderBlock::layoutInlineChildren (this=0x2aaab801dc68, relayoutChildren=true, repaintTop=@0x7fffffffbd4c, repaintBottom=@0x7fffffffbd48) at third_party/WebKit/WebCore/rendering/RenderBlockLineLayout.cpp:865 #6 0x0000000000f4a1db in WebCore::RenderBlock::layoutBlock (this=0x2aaab801dc68, relayoutChildren=true) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:723 #7 0x0000000000fa42c7 in WebCore::RenderLayer::updateScrollInfoAfterLayout (this=0x2aaab801dd48) at third_party/WebKit/WebCore/rendering/RenderLayer.cpp:1872 #8 0x0000000000f4a90a in WebCore::RenderBlock::finishDelayUpdateScrollInfo () at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:623 #9 0x0000000000f89a58 in WebCore::RenderFlexibleBox::layoutHorizontalBox (this=0x2aaab801c0a8, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:558 168924 1 44335 agl 2009-12-04 14:13:51 -0800 Created attachment 44335 patch 168925 2 webkit.review.bot 2009-12-04 14:15:23 -0800 style-queue ran check-webkit-style on attachment 44335 without any errors. 168962 3 44335 darin 2009-12-04 15:43:23 -0800 Comment on attachment 44335 patch An OwnPtr would be better than an explicit delete. 169851 4 agl 2009-12-08 17:48:21 -0800 Switched to OwnPtr and landed as r51883 175375 5 hamaji 2009-12-28 19:04:58 -0800 *** Bug 32009 has been marked as a duplicate of this bug. *** 44335 2009-12-04 14:13:51 -0800 2009-12-04 15:43:23 -0800 patch patch text/plain 4287 agl ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCA3ODQyMjU1Li4yMTdmYWVhIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjMgQEAKKzIwMDktMTIt MDQgIEFkYW0gTGFuZ2xleSAgPGFnbEBnb29nbGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEZpeCBhc3NlcnRpb24gZmFpbHVyZSBpbiBXZWJD b3JlOjpSZW5kZXJCbG9jazo6c3RhcnREZWxheVVwZGF0ZVNjcm9sbEluZm8KKworICAgICAgICBz dGFydERlbGF5VXBkYXRlU2Nyb2xsSW5mbyBjYWxscyBhIGZ1bmN0aW9uIHRoYXQgY2FuIGVuZCB1 cCBjYWxsaW5nCisgICAgICAgIHN0YXJ0RGVsYXlVcGRhdGVTY3JvbGxJbmZvIGFnYWluLiBIb3dl dmVyLCBpdCdzIHN0YXRpYyBzdGF0ZSBpcworICAgICAgICBpbmNvbnNpc3RlbnQgd2hlbiB0aGlz IGhhcHBlbnMgbGVhZGluZyB0byBhbiBhc3NlcnRpb24gZmFpbHVyZSAob3IKKyAgICAgICAgcHJv YmFibHkgYSBtZW1vcnkgbGVhayBpZiBhc3NlcnRpb25zIGFyZSBvZmYpLgorCisgICAgICAgIFRo YW5rcyB0byBSb2JlcnQgU3dpZWNraSBmb3IgdGhlIHRlc3QgY2FzZS4KKworICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MzIxNzIKKyAgICAgICAgaHR0cDov L2NvZGUuZ29vZ2xlLmNvbS9wL2Nocm9taXVtL2lzc3Vlcy9kZXRhaWw/aWQ9Mjg4ODAKKworCisg ICAgICAgICogZmFzdC9jc3MvcmVjdXJzaXZlLWRlbGF5LXVwZGF0ZS1zY3JvbGwuaHRtbDogQWRk ZWQuCisgICAgICAgICogZmFzdC9jc3MvcmVjdXJzaXZlLWRlbGF5LXVwZGF0ZS1zY3JvbGwtZXhw ZWN0ZWQudHh0OiBBZGRlZC4KKwogMjAwOS0xMi0wNCAgQmVuamFtaW4gUG91bGFpbiAgPGJlbmph bWluLnBvdWxhaW5Abm9raWEuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IEtlbm5ldGggUm9o ZGUgQ2hyaXN0aWFuc2VuLgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC9jc3MvcmVjdXJz aXZlLWRlbGF5LXVwZGF0ZS1zY3JvbGwtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvZmFzdC9j c3MvcmVjdXJzaXZlLWRlbGF5LXVwZGF0ZS1zY3JvbGwtZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1v ZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjdlZjIyZTkKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlv dXRUZXN0cy9mYXN0L2Nzcy9yZWN1cnNpdmUtZGVsYXktdXBkYXRlLXNjcm9sbC1leHBlY3RlZC50 eHQKQEAgLTAsMCArMSBAQAorUEFTUwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC9jc3Mv cmVjdXJzaXZlLWRlbGF5LXVwZGF0ZS1zY3JvbGwuaHRtbCBiL0xheW91dFRlc3RzL2Zhc3QvY3Nz L3JlY3Vyc2l2ZS1kZWxheS11cGRhdGUtc2Nyb2xsLmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA2NDQK aW5kZXggMDAwMDAwMC4uY2MyOWVkMQotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zh c3QvY3NzL3JlY3Vyc2l2ZS1kZWxheS11cGRhdGUtc2Nyb2xsLmh0bWwKQEAgLTAsMCArMSwzMiBA QAorPGh0bWw+CisgPGhlYWQ+CisgICA8c2NyaXB0PgorICAgICBpZiAod2luZG93LmxheW91dFRl c3RDb250cm9sbGVyKQorICAgICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsK KyAgIDwvc2NyaXB0PgorCisgICA8c3R5bGUgbWVkaWE9ImFsbCIgdHlwZT0idGV4dC9jc3MiPgor ICAgICAgYm9keSB7CisgICAgICAgIGRpc3BsYXk6IC13ZWJraXQtYm94OworICAgICAgfQorCisg ICAgICAudGVzdCB7CisgICAgICAgIG1hcmdpbi1yaWdodDogLTEwMDAwMDA7CisgICAgICAgIG92 ZXJmbG93LXk6IGF1dG87CisgICAgICB9CisgICAgPC9zdHlsZT4KKyAgPC9oZWFkPgorCisgIDxi b2R5PgorICAgIDwhLS0gVGhpcyB3b3VsZCBwcmV2aW91c2x5IHRyaWdnZXIgYW4gYXNzZXJ0aW9u IGZhaWx1cmUuIFRoYW5rcyB0byBSb2JlcnQKKyAgICAgICAgIFN3aWVja2kgZm9yIHRoZSB0ZXN0 IGNhc2UuIC0tPgorCisgICAgPGZvcm0gY2xhc3M9InRlc3QiPgorICAgICAgPHNlbGVjdCBjbGFz cz0idGVzdCI+CisgICAgICAgIDxvcHRpb24+MTwvb3B0aW9uPgorICAgICAgPC9zZWxlY3Q+Cisg ICAgPC9mb3JtPgorCisgICAgPHA+UEFTUzwvcD4KKyAgPC9ib2R5PgorPC9odG1sPgpkaWZmIC0t Z2l0IGEvV2ViQ29yZS9DaGFuZ2VMb2cgYi9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA0ZjQ4NjQ1 Li43YjY3OGFhIDEwMDY0NAotLS0gYS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9XZWJDb3JlL0No YW5nZUxvZwpAQCAtMSwzICsxLDI0IEBACisyMDA5LTEyLTA0ICBBZGFtIExhbmdsZXkgIDxhZ2xA Z29vZ2xlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBGaXggYXNzZXJ0aW9uIGZhaWx1cmUgaW4gV2ViQ29yZTo6UmVuZGVyQmxvY2s6OnN0YXJ0 RGVsYXlVcGRhdGVTY3JvbGxJbmZvCisKKyAgICAgICAgc3RhcnREZWxheVVwZGF0ZVNjcm9sbElu Zm8gY2FsbHMgYSBmdW5jdGlvbiB0aGF0IGNhbiBlbmQgdXAgY2FsbGluZworICAgICAgICBzdGFy dERlbGF5VXBkYXRlU2Nyb2xsSW5mbyBhZ2Fpbi4gSG93ZXZlciwgaXQncyBzdGF0aWMgc3RhdGUg aXMKKyAgICAgICAgaW5jb25zaXN0ZW50IHdoZW4gdGhpcyBoYXBwZW5zIGxlYWRpbmcgdG8gYW4g YXNzZXJ0aW9uIGZhaWx1cmUgKG9yCisgICAgICAgIHByb2JhYmx5IGEgbWVtb3J5IGxlYWsgaWYg YXNzZXJ0aW9ucyBhcmUgb2ZmKS4KKworICAgICAgICBUaGFua3MgdG8gUm9iZXJ0IFN3aWVja2kg Zm9yIHRoZSB0ZXN0IGNhc2UuCisKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTMyMTcyCisgICAgICAgIGh0dHA6Ly9jb2RlLmdvb2dsZS5jb20vcC9jaHJv bWl1bS9pc3N1ZXMvZGV0YWlsP2lkPTI4ODgwCisKKyAgICAgICAgVGVzdDogZmFzdC9jc3MvcmVj dXJzaXZlLWRlbGF5LXVwZGF0ZS1zY3JvbGwuaHRtbAorCisgICAgICAgICogcmVuZGVyaW5nL1Jl bmRlckJsb2NrLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlJlbmRlckJsb2NrOjpmaW5pc2hEZWxh eVVwZGF0ZVNjcm9sbEluZm8pOgorCiAyMDA5LTEyLTA0ICBCZW5qYW1pbiBQb3VsYWluICA8YmVu amFtaW4ucG91bGFpbkBub2tpYS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgS2VubmV0aCBS b2hkZSBDaHJpc3RpYW5zZW4uCmRpZmYgLS1naXQgYS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJC bG9jay5jcHAgYi9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJCbG9jay5jcHAKaW5kZXggZjEzMGEx Yy4uMWUwYTVlYyAxMDA2NDQKLS0tIGEvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyQmxvY2suY3Bw CisrKyBiL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlckJsb2NrLmNwcApAQCAtNjE3LDE1ICs2MTcs MTcgQEAgdm9pZCBSZW5kZXJCbG9jazo6ZmluaXNoRGVsYXlVcGRhdGVTY3JvbGxJbmZvKCkKICAg ICBpZiAoZ0RlbGF5VXBkYXRlU2Nyb2xsSW5mbyA9PSAwKSB7CiAgICAgICAgIEFTU0VSVChnRGVs YXllZFVwZGF0ZVNjcm9sbEluZm9TZXQpOwogCi0gICAgICAgIGZvciAoRGVsYXllZFVwZGF0ZVNj cm9sbEluZm9TZXQ6Oml0ZXJhdG9yIGl0ID0gZ0RlbGF5ZWRVcGRhdGVTY3JvbGxJbmZvU2V0LT5i ZWdpbigpOyBpdCAhPSBnRGVsYXllZFVwZGF0ZVNjcm9sbEluZm9TZXQtPmVuZCgpOyArK2l0KSB7 CisgICAgICAgIERlbGF5ZWRVcGRhdGVTY3JvbGxJbmZvU2V0KiBpbmZvU2V0ID0gZ0RlbGF5ZWRV cGRhdGVTY3JvbGxJbmZvU2V0OworICAgICAgICBnRGVsYXllZFVwZGF0ZVNjcm9sbEluZm9TZXQg PSAwOworCisgICAgICAgIGZvciAoRGVsYXllZFVwZGF0ZVNjcm9sbEluZm9TZXQ6Oml0ZXJhdG9y IGl0ID0gaW5mb1NldC0+YmVnaW4oKTsgaXQgIT0gaW5mb1NldC0+ZW5kKCk7ICsraXQpIHsKICAg ICAgICAgICAgIFJlbmRlckJsb2NrKiBibG9jayA9ICppdDsKICAgICAgICAgICAgIGlmIChibG9j ay0+aGFzT3ZlcmZsb3dDbGlwKCkpIHsKICAgICAgICAgICAgICAgICBibG9jay0+bGF5ZXIoKS0+ dXBkYXRlU2Nyb2xsSW5mb0FmdGVyTGF5b3V0KCk7CiAgICAgICAgICAgICB9CiAgICAgICAgIH0K IAotICAgICAgICBkZWxldGUgZ0RlbGF5ZWRVcGRhdGVTY3JvbGxJbmZvU2V0OwotICAgICAgICBn RGVsYXllZFVwZGF0ZVNjcm9sbEluZm9TZXQgPSAwOworICAgICAgICBkZWxldGUgaW5mb1NldDsK ICAgICB9CiB9CiAK