Summary: | Crashes in RenderLayerBacking::paintingGoesToWindow | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | James Robinson <jamesr> | ||||
Component: | New Bugs | Assignee: | Simon Fraser (smfr) <simon.fraser> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | cmarrin, enne, simon.fraser, vangelis, willchan | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
James Robinson
2011-05-19 17:56:06 PDT
I'm planning to add a check for layer()->isCompositing() on this line: http://trac.webkit.org/browser/trunk/Source/WebCore/rendering/RenderObject.cpp?rev=86705#L1187 in a chromium release branch to see if that has any impact on the crash rate. Hey James, I ran into this crash a few minutes ago. It was reproducible for me on Google Maps by looking up directions. I was able to crash it twice. After looking up this bug report, I stopped being able to reproduce it =/ (In reply to comment #3) > Hey James, I ran into this crash a few minutes ago. It was reproducible for me on Google Maps by looking up directions. I was able to crash it twice. After looking up this bug report, I stopped being able to reproduce it =/ Were you in debug or release? It'd be useful to know if the ASSERT()s we have in place already are tripping or not. Google Chrome Mac dev channel (Release build) Created attachment 96613 [details]
Patch
Early indications from our crash reports indicate that this may have fixed the crash. Any idea on how we get to this function when isComposited() is false? This only seems possible if repaintUsingContainer() is called when compositing is active with a repaintContainer that is not a RenderView. (In reply to comment #8) > Early indications from our crash reports indicate that this may have fixed the crash. Any idea on how we get to this function when isComposited() is false? This only seems possible if repaintUsingContainer() is called when compositing is active with a repaintContainer that is not a RenderView. It's probably one of those cases where painting plugins runs script or something. |