Bug 115412

Summary: [BlackBerry] Crash due to an assert in FrameView::doDeferredRepaints
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKit BlackBerryAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: anilsson, commit-queue, jpetsovits, rwlbuis
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Carlos Garcia Campos
Reported 2013-04-30 05:36:10 PDT
PR 328223 Program terminated with signal 11, Segmentation fault. #0 0x7c65208c in WebCore::FrameView::doDeferredRepaints (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:2227 2227 ASSERT(!m_deferringRepaints); (gdb) bt #0 0x7c65208c in WebCore::FrameView::doDeferredRepaints (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:2227 #1 0x7c652036 in WebCore::FrameView::flushDeferredRepaints (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:2219 #2 0x7c6562a4 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:3625 #3 0x78e27506 in BlackBerry::WebKit::WebPagePrivate::requestLayoutIfNeeded (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1347 #4 0x78e2840e in BlackBerry::WebKit::WebPagePrivate::zoomToInitialScaleOnLoad (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1700 #5 0x78e28008 in BlackBerry::WebKit::WebPagePrivate::layoutFinished (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1608 #6 0x78e5cd90 in WebCore::ChromeClientBlackBerry::layoutUpdated (this=0x8104470, frame=0x80ef3b0) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/WebCoreSupport/ChromeClientBlackBerry.cpp:743 #7 0x7c64fba6 in WebCore::FrameView::layout (this=0x8094400, allowSubtree=true) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:1379 #8 0x7c656242 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:3611 #9 0x78e27506 in BlackBerry::WebKit::WebPagePrivate::requestLayoutIfNeeded (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1347 #10 0x78e2840e in BlackBerry::WebKit::WebPagePrivate::zoomToInitialScaleOnLoad (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1700 #11 0x78e5ce1e in WebCore::ChromeClientBlackBerry::didDiscoverFrameSet (this=0x8104470, frame=0x80ef3b0) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/WebCoreSupport/ChromeClientBlackBerry.cpp:769 #12 0x7c334e2c in WebCore::HTMLFrameSetElement::attach (this=0x82bedb8) at /home/cgarcia/rim/webkit/Source/WebCore/html/HTMLFrameSetElement.cpp:197 #13 0x7c1a65c8 in WebCore::Node::reattach (this=0x82bedb8) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Node.h:896 #14 0x7c1a0506 in WebCore::Element::recalcStyle (this=0x82bedb8, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:1383 #15 0x7c1a0862 in WebCore::Element::recalcStyle (this=0x821cf38, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:1448 #16 0x7c1a0862 in WebCore::Element::recalcStyle (this=0x821ce18, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:1448 #17 0x7c13fcd4 in WebCore::Document::recalcStyle (this=0x826de00, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1840 #18 0x7c13fede in WebCore::Document::updateStyleIfNeeded (this=0x826de00) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1885 #19 0x7c1400ae in WebCore::Document::updateLayout (this=0x826de00) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1916 #20 0x7c1401b2 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x826de00) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1954 #21 0x7c19dc64 in WebCore::Element::offsetTop (this=0x821cf38) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:509 #22 0x7cd83e56 in WebCore::jsElementOffsetTop (exec=0x9300058, slotBase=...) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSElement.cpp:321 #23 0x78f0832a in JSC::PropertySlot::getValue (this=0x7dfddc8, exec=0x9300058, propertyName=...) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/PropertySlot.h:76 #24 0x7cc30c36 in JSC::JSValue::get (this=0x7dfddf8, exec=0x9300058, propertyName=..., slot=...) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:639 #25 0x0bee4cac in JSC::LLInt::llint_slow_path_get_by_id (exec=0x9300058, pc=0x8356608) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:917 #26 0x0beeb8fe in llint_op_get_by_id () from libjavascriptcore.so.0 #27 0x0beeb8fe in llint_op_get_by_id () from libjavascriptcore.so.0
Attachments
Patch (8.94 KB, patch)
2013-04-30 05:44 PDT, Carlos Garcia Campos 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2013-04-30 05:44:21 PDT
Created attachment 200102 [details] Patch
Arvid Nilsson
Comment 2 2013-04-30 06:53:38 PDT
Comment on attachment 200102 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=200102&action=review LGTM with some comments > Source/WebKit/blackberry/Api/BackingStore.cpp:393 > + m_webPage->d->updateLayoutAndStyleIfNeededRecursive(); You could consider calling the BackingStorePrivate::requestLayoutIfNeeded() method, which encapsulates this exact call. > Source/WebKit/blackberry/Api/BackingStore.cpp:1108 > void BackingStorePrivate::requestLayoutIfNeeded() const You could consider renaming this method "updateLayoutAndStyleIfNeededRecursive" to fit with the new naming scheme, but I would say the return on investment is low since we're planning to remove the BackingStore class eventually.
Rob Buis
Comment 3 2013-05-13 08:40:08 PDT
Comment on attachment 200102 [details] Patch Ok.
WebKit Commit Bot
Comment 4 2013-05-14 01:52:23 PDT
Comment on attachment 200102 [details] Patch Clearing flags on attachment: 200102 Committed r150060: <http://trac.webkit.org/changeset/150060>
WebKit Commit Bot
Comment 5 2013-05-14 01:52:25 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.