Bug 16951

Summary: Assertion failure in FrameView::scheduleRelayout (!m_frame->document() || !m_frame->document()->inPageCache()) when going back from a page with a focused popup
Product: WebKit Reporter: mitz
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: aroben, timothy
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
Do not allow focus to change in pages that are in the back/forward cache darin: review+

mitz
Reported 2008-01-20 15:47:10 PST
Going back to about:blank from a back/forward-cacheable document that has a focused popup button results in an assertion failure: ASSERTION FAILED: !m_frame->document() || !m_frame->document()->inPageCache() (WebCore/page/FrameView.cpp:714 void WebCore::FrameView::scheduleRelayout()) Steps to reproduce: 1) Go to about:blank 2) Go to data:text/html,%3Cselect%3E 3) Press Tab to focus the popup button 4) Choose History > Back. Backtrace: #0 0x01bc0597 in WebCore::FrameView::scheduleRelayout (this=0x196326d0) at WebCore/page/FrameView.cpp:714 #1 0x01e1216d in WebCore::RenderObject::scheduleRelayout (this=0x19cef64c) at WebCore/rendering/RenderObject.cpp:2738 #2 0x01e1239b in WebCore::RenderObject::markContainingBlocksForLayout (this=0x19c8f3ec, scheduleRelayout=true, newRoot=0x0) at WebCore/rendering/RenderObject.cpp:757 #3 0x01e12493 in WebCore::RenderObject::setNeedsLayout (this=0x19c8f3ec, b=true, markParents=true) at WebCore/rendering/RenderObject.cpp:688 #4 0x01a3a53f in WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc (this=0x19c8f3ec) at RenderObject.h:393 #5 0x01e13112 in WebCore::RenderObject::setStyle (this=0x19c8f3ec, style=0x19c53b1c) at WebCore/rendering/RenderObject.cpp:2321 #6 0x01dcceeb in WebCore::RenderBox::setStyle (this=0x19c8f3ec, newStyle=0x19c53b1c) at WebCore/rendering/RenderBox.cpp:83 #7 0x01db6145 in WebCore::RenderBlock::setStyle (this=0x19c8f3ec, _style=0x19c53b1c) at WebCore/rendering/RenderBlock.cpp:127 #8 0x01db61fd in WebCore::RenderBlock::setStyle (this=0x196c49ec, _style=0x195dfc4c) at WebCore/rendering/RenderBlock.cpp:135 #9 0x01e07af5 in WebCore::RenderMenuList::setStyle (this=0x196c49ec, newStyle=0x195dfc4c) at WebCore/rendering/RenderMenuList.cpp:121 #10 0x01e1598f in WebCore::RenderObject::setAnimatableStyle (this=0x196c49ec, style=0x195dfc4c) at WebCore/rendering/RenderObject.cpp:2162 #11 0x01d8c665 in WebCore::Node::setRenderStyle (this=0x19ced530, s=0x195dfc4c) at WebCore/dom/Node.cpp:1052 #12 0x01b666d6 in WebCore::Element::recalcStyle (this=0x19ced530, change=WebCore::Node::NoChange) at WebCore/dom/Element.cpp:741 #13 0x01bf1a5a in WebCore::HTMLGenericFormElement::recalcStyle (this=0x19ced530, change=WebCore::Node::NoChange) at WebCore/html/HTMLGenericFormElement.cpp:176 #14 0x01c25102 in WebCore::HTMLSelectElement::recalcStyle (this=0x19ced530, ch=WebCore::Node::NoChange) at WebCore/html/HTMLSelectElement.cpp:112 #15 0x01b6686c in WebCore::Element::recalcStyle (this=0x19634870, change=WebCore::Node::NoChange) at WebCore/dom/Element.cpp:765 #16 0x01b6686c in WebCore::Element::recalcStyle (this=0x19e739e0, change=WebCore::Node::NoChange) at WebCore/dom/Element.cpp:765 #17 0x01b39aa6 in WebCore::Document::recalcStyle (this=0x3b5a200, change=WebCore::Node::NoChange) at WebCore/dom/Document.cpp:1103 #18 0x01b2fead in WebCore::Document::updateRendering (this=0x3b5a200) at WebCore/dom/Document.cpp:1126 #19 0x01b31e61 in WebCore::Document::updateDocumentsRendering () at WebCore/dom/Document.cpp:1136 #20 0x01b7799a in WebCore::EventTarget::dispatchGenericEvent (this=0x19ced558, referenceNode=0x19ced530, e=@0xbfffd43c, tempEvent=true) at WebCore/dom/EventTarget.cpp:264 #21 0x01b78912 in WebCore::EventTargetNode::dispatchEvent (this=0x19ced530, e=@0xbfffd478, ec=@0xbfffd474, tempEvent=true) at WebCore/dom/EventTargetNode.cpp:115 #22 0x01b7a0d2 in WebCore::EventTargetNode::dispatchHTMLEvent (this=0x19ced530, eventType=@0x233c5c4, canBubbleArg=false, cancelableArg=false) at WebCore/dom/EventTargetNode.cpp:350 #23 0x01b7a11e in WebCore::EventTargetNode::dispatchBlurEvent (this=0x19ced530) at WebCore/dom/EventTargetNode.cpp:343 #24 0x01c24f31 in WebCore::HTMLSelectElement::dispatchBlurEvent (this=0x19ced530) at WebCore/html/HTMLSelectElement.cpp:590 #25 0x01b35274 in WebCore::Document::setFocusedNode (this=0x3b5a200, newFocusedNode=@0xbfffd544) at WebCore/dom/Document.cpp:2286 #26 0x0032e248 in -[WebHTMLView clearFocus] (self=0x19e28620, _cmd=0x3b98f8) at WebKit/mac/WebView/WebHTMLView.mm:2723 #27 0x003271f4 in -[WebHTMLView resignFirstResponder] (self=0x19e28620, _cmd=0x900d789c) at WebKit/mac/WebView/WebHTMLView.mm:3192 #28 0x90edc2ed in -[NSWindow makeFirstResponder:] ()
Attachments
Do not allow focus to change in pages that are in the back/forward cache (1.28 KB, patch)
2008-01-20 16:53 PST, mitz 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2008-01-20 16:02:14 PST
Note that this does not happen with focused <input> text fields, because in that case -[WebHTMLView maintainsInactiveSelection] returns YES and therefore -resignFirstResponder does not call -clearFocus. I think putting a page into the back/forward cache should never change the focused node in that document (so it should also not dispatch a blur event). That's how it works for text fields, and I see no reason why it should be different for popups.
mitz
Comment 2 2008-01-20 16:53:11 PST
Created attachment 18570 [details] Do not allow focus to change in pages that are in the back/forward cache Cannot make a regression test because the back/forward cache is disabled in DumpRenderTree. Besides clearing the focused node, -[WebHTMLView resignFirstResponder] also clears the selection (if it is not in editable content). The patch leaves the selection clearing behavior intact.
Darin Adler
Comment 3 2008-01-20 17:57:06 PST
Comment on attachment 18570 [details] Do not allow focus to change in pages that are in the back/forward cache r=me
mitz
Comment 4 2008-01-20 18:02:44 PST
Fixed in <http://trac.webkit.org/projects/webkit/changeset/29679>.
Note You need to log in before you can comment on or make changes to this bug.