Bug 15405

Summary: ASSERTION FAILED: d->m_view && !d->m_view->needsLayout() in Frame::Paint
Product: WebKit Reporter: Matt Lilek <dev+webkit>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P1 Keywords: HasReduction, Regression
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
URL: http://broadband.tsn.ca
Attachments:
Description Flags
Defer updateWidget() until after attach() mitz: review-

Matt Lilek
Reported 2007-10-06 15:41:27 PDT
Without Flip4Mac installed, this ASSERT is hit at <http://broadband.tsn.ca/> after the sheet that lets you know you don't have the plugin installed pops up. Not reproducible with Flip4Mac installed or in a release build. See also bug 14899 and bug 14339. ASSERTION FAILED: d->m_view && !d->m_view->needsLayout() (WebKit/WebCore/page/Frame.cpp:1350 void WebCore::Frame::paint(WebCore::GraphicsContext*, const WebCore::IntRect&)) Thread 0 Crashed: 0 com.apple.WebCore 0x010b92a6 WebCore::Frame::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) + 516 1 com.apple.WebCore 0x010c4406 WebCore::FrameView::updateControlTints() + 502 2 com.apple.WebKit 0x00344867 -[WebHTMLView _windowChangedKeyState] + 83 3 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 4 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 5 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 6 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 7 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 8 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 9 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 10 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 11 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 12 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 13 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 14 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 15 com.apple.AppKit 0x9339269e -[NSTabView _windowChangedKeyState] + 50 16 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 17 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 18 com.apple.CoreFoundation 0x9083eb30 CFArrayApplyFunction + 307 19 com.apple.AppKit 0x9334327a -[NSView _windowChangedKeyState] + 114 20 com.apple.AppKit 0x933431e9 -[NSFrameView _windowChangedKeyState] + 92 21 com.apple.AppKit 0x932949ec -[NSWindow _reallyDoOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 2877 22 com.apple.AppKit 0x9333d9d8 -[NSApplication _orderFrontModalWindow:relativeToWindow:] + 1074 23 com.apple.AppKit 0x9333d33a -[NSApplication _commonBeginModalSessionForWindow:relativeToWindow:modalDelegate:didEndSelector:contextInfo:] + 678 24 com.apple.AppKit 0x93369f7d -[NSApplication beginSheet:modalForWindow:modalDelegate:didEndSelector:contextInfo:] + 122 25 com.apple.AppKit 0x933643bf _NXDoLocalRunAlertSheet + 922 26 com.apple.AppKit 0x934faaf8 NSBeginInformationalAlertSheet + 100 27 com.apple.Safari 0x0008e854 0x1000 + 579668 28 com.apple.WebKit 0x0036c5ef CallDelegate(objc_object* (*)(objc_object*, objc_selector*, ...), WebView*, objc_object*, objc_selector*, objc_object*, objc_object*) + 297 29 com.apple.WebKit 0x0036d166 CallResourceLoadDelegate(objc_object* (*)(objc_object*, objc_selector*, ...), WebView*, objc_selector*, objc_object*, objc_object*) + 46 30 com.apple.WebKit 0x003245c0 -[WebNullPluginView viewDidMoveToWindow] + 302 31 com.apple.AppKit 0x93287b3d -[NSView _setWindow:] + 916 32 com.apple.AppKit 0x9328de09 -[NSControl _setWindow:] + 94 33 com.apple.AppKit 0x9328ad4d -[NSView addSubview:] + 416 34 com.apple.WebKit 0x0033c238 -[WebHTMLView addSubview:] + 60 35 com.apple.WebCore 0x011d2b0e WebCore::Widget::addToSuperview(NSView*) + 504 36 com.apple.WebCore 0x011e1ae5 WebCore::ScrollView::addChild(WebCore::Widget*) + 369 37 com.apple.WebCore 0x01257dd3 WebCore::RenderWidget::setWidget(WebCore::Widget*) + 571 38 com.apple.WebCore 0x012516d2 WebCore::RenderPart::setWidget(WebCore::Widget*) + 94 39 com.apple.WebCore 0x0136ab7c WebCore::FrameLoader::loadPlugin(WebCore::RenderPart*, WebCore::KURL const&, WebCore::String const&, WTF::Vector<WebCore::String, (unsigned long)0> const&, WTF::Vector<WebCore::String, (unsigned long)0> const&, bool) + 462 40 com.apple.WebCore 0x01377127 WebCore::FrameLoader::requestObject(WebCore::RenderPart*, WebCore::String const&, WebCore::AtomicString const&, WebCore::String const&, WTF::Vector<WebCore::String, (unsigned long)0> const&, WTF::Vector<WebCore::String, (unsigned long)0> const&) + 419 41 com.apple.WebCore 0x01255875 WebCore::RenderPartObject::updateWidget(bool) + 2853 42 com.apple.WebCore 0x0123d37e WebCore::HTMLObjectElement::attach() + 280 43 com.apple.WebCore 0x0123d252 WebCore::HTMLObjectElement::recalcStyle(WebCore::Node::StyleChange) + 132 44 com.apple.WebCore 0x0120f5ed WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 989 45 com.apple.WebCore 0x0120f5ed WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 989 46 com.apple.WebCore 0x0120f5ed WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 989 47 com.apple.WebCore 0x0120f5ed WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 989 48 com.apple.WebCore 0x010d0650 WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 1212 49 com.apple.WebCore 0x010c709f WebCore::Document::updateRendering() + 49 50 com.apple.WebCore 0x010c9292 WebCore::Document::updateDocumentsRendering() + 56 51 com.apple.WebCore 0x01377317 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 131 52 com.apple.WebCore 0x01020010 WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 308 53 com.apple.WebCore 0x01020629 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) + 817 54 com.apple.WebCore 0x010e51c6 WebCore::CachedScript::checkNotify() + 68 55 com.apple.WebCore 0x010e5326 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 278 56 com.apple.WebCore 0x010e7b0f WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 339 57 com.apple.WebCore 0x0137e1ca WebCore::SubresourceLoader::didFinishLoading() + 168 58 com.apple.WebCore 0x0137c692 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24 59 com.apple.WebCore 0x01359669 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 115 60 com.apple.Foundation 0x9285bd74 -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 176 61 com.apple.Foundation 0x92859e19 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 748 62 com.apple.Foundation 0x92859ab5 _sendCallbacks + 201 63 com.apple.CoreFoundation 0x9082cf92 CFRunLoopRunSpecific + 1213 64 com.apple.CoreFoundation 0x9082cace CFRunLoopRunInMode + 61 65 com.apple.HIToolbox 0x92ded8d8 RunCurrentEventLoopInMode + 285 66 com.apple.HIToolbox 0x92decf19 ReceiveNextEventCommon + 184 67 com.apple.HIToolbox 0x92dece39 BlockUntilNextEventMatchingListInMode + 81 68 com.apple.AppKit 0x93273465 _DPSNextEvent + 572 69 com.apple.AppKit 0x93273056 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 70 com.apple.Safari 0x00005ff4 0x1000 + 20468 71 com.apple.AppKit 0x9326cddb -[NSApplication run] + 512 72 com.apple.AppKit 0x93260d2f NSApplicationMain + 573 73 com.apple.Safari 0x00002302 0x1000 + 4866 74 com.apple.Safari 0x00048ef1 0x1000 + 294641
Attachments
Defer updateWidget() until after attach() (4.94 KB, patch)
2007-10-23 18:45 PDT, mitz 		mitz: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2007-10-06 16:00:46 PDT
Like bug 14899, !d->m_view->needsLayout() is causing this to fail.
mitz
Comment 2 2007-10-23 10:46:07 PDT
This bug belongs to the general "letting arbitrary stuff happen under attach()" category. In this case, the plugin that was just created puts up a sheet which changes the window's key status and triggers a redisplay.
mitz
Comment 3 2007-10-23 17:29:54 PDT
Reduction: <object type="application/x-oleobject"></object>
mitz
Comment 4 2007-10-23 18:45:52 PDT
Created attachment 16825 [details] Defer updateWidget() until after attach()
Eric Seidel (no email)
Comment 5 2007-10-23 18:53:50 PDT
Comment on attachment 16825 [details] Defer updateWidget() until after attach() Looks like gold to me.
mitz
Comment 6 2007-10-23 19:02:58 PDT
Fixed in <http://trac.webkit.org/projects/webkit/changeset/26941>.
mitz
Comment 7 2007-10-23 19:27:28 PDT
Backed out in r26946.
mitz
Comment 8 2007-10-23 19:28:19 PDT
Comment on attachment 16825 [details] Defer updateWidget() until after attach() This patch caused test regressions. I think waiting until after layout was a mistake. The updating should happen sooner.
mitz
Comment 9 2007-11-02 15:36:41 PDT
Bug 15804 has a patch that should fix this instance of the bug, but not the general problem.
mitz
Comment 10 2007-11-02 20:45:39 PDT
Fixed by fixing bug 15804 in r27378.
Note You need to log in before you can comment on or make changes to this bug.