Bug 141551

Summary: Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: New BugsAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, esprehn+autocc, glenn, hyatt, kondapallykalyan, simon.fraser, thorton, zalan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch zalan: review+

Simon Fraser (smfr)
Reported 2015-02-12 21:06:23 PST
Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()
Attachments
Patch (5.29 KB, patch)
2015-02-12 21:16 PST, Simon Fraser (smfr) 		zalan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2015-02-12 21:16:46 PST
Created attachment 246504 [details] Patch
alan
Comment 2 2015-02-12 21:30:27 PST
Comment on attachment 246504 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=246504&action=review > Source/WebCore/page/FrameView.cpp:2577 > + for (auto& widget : children()) { const auto&? > Source/WebCore/page/FrameView.cpp:4008 > + // A child frame may have dirtied us during its layout. This is what frame flattening does and by judging the assertion above, it manages to resolve it without the extra layout. How is it different from that setup? > Source/WebCore/page/FrameView.h:125 > + bool needsStyleRecalcOrLayout(bool includeSubframes = true) const; We never call this function with includeSubframes = false; Could we drop this parameter?
Simon Fraser (smfr)
Comment 3 2015-02-13 11:05:19 PST
https://trac.webkit.org/r180063
Note You need to log in before you can comment on or make changes to this bug.