Bug 145042

Summary: Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count
Product: WebKit Reporter: Jer Noble <jer.noble>
Component: New BugsAssignee: Jer Noble <jer.noble>
Status: RESOLVED FIXED    
Severity: Normal CC: abucur, commit-queue, esprehn+autocc, glenn, hyatt, jonlee, kondapallykalyan, simon.fraser, WebkitBugTracker
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=144973
Attachments:
Description Flags
Patch none

Jer Noble
Reported 2015-05-14 23:55:41 PDT
Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count
Attachments
Patch (2.95 KB, patch)
2015-05-15 00:22 PDT, Jer Noble 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jer Noble
Comment 1 2015-05-15 00:22:10 PDT
Created attachment 253180 [details] Patch
Andrei Bucur
Comment 2 2015-05-15 08:31:56 PDT
I wonder why this never crashed before. Do you have a test that reproduces this situation? It sounds a bit strange to call layout twice for a renderer in the same stack.
Jon Lee
Comment 3 2015-05-15 08:46:24 PDT
Andrei, see bug 144973.
Jer Noble
Comment 4 2015-05-15 09:02:59 PDT
(In reply to comment #2) > It sounds a bit strange to call layout twice for a renderer in the same stack. That's true, but it's not necessarily a 1:1 mapping of layout()-to-push(). For example, in the case I mention in the ChangeLog, the FrameView is pushing it's `root` on the stack, the `root` is pushing itself on the stack, and root->layout() is only called once.
Dave Hyatt
Comment 5 2015-05-15 09:23:32 PDT
Comment on attachment 253180 [details] Patch r=me
Jon Lee
Comment 6 2015-05-15 09:27:29 PDT
is it possible to add a test?
Jer Noble
Comment 7 2015-05-15 09:30:00 PDT
(In reply to comment #6) > is it possible to add a test? Well, sort of. By adding the proposed changes in the bug you mentioned, we'll be testing this change implicitly in those failing tests (the ones that triggered the roll-out).
Andrei Bucur
Comment 8 2015-05-15 09:32:15 PDT
Ok, that sounds great, thanks for the clarifications!
WebKit Commit Bot
Comment 9 2015-05-15 10:16:46 PDT
Comment on attachment 253180 [details] Patch Clearing flags on attachment: 253180 Committed r184394: <http://trac.webkit.org/changeset/184394>
WebKit Commit Bot
Comment 10 2015-05-15 10:16:57 PDT
All reviewed patches have been landed. Closing bug.
Simon Fraser (smfr)
Comment 11 2015-05-15 10:20:16 PDT
Was this not testable?
Note You need to log in before you can comment on or make changes to this bug.