Bug 180550

Summary: iOS: Many AMP pages hit a release assertion inside Document::updateStyleIfNeeded
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: Layout and RenderingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, simon.fraser, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the crash
none
Add a test simon.fraser: review+

Description Ryosuke Niwa 2017-12-07 15:14:31 PST 
e.g.
0   WebCore                       	0x000000018be6f274 WebCore::Document::updateStyleIfNeeded() + 360 (Document.cpp:1955)
1   WebCore                       	0x000000018be6f1f8 WebCore::Document::updateStyleIfNeeded() + 236 (Document.cpp:1933)
2   WebCore                       	0x000000018cd59434 WebCore::LayoutContext::layout() + 780 (LayoutContext.cpp:490)
3   WebCore                       	0x000000018bedb470 WebCore::RenderWidget::updateWidgetPosition() + 212 (RenderWidget.cpp:339)
4   WebCore                       	0x000000018cd5e724 WebCore::FrameView::updateWidgetPositions() + 312 (FrameView.cpp:4893)
5   WebCore                       	0x000000018cd64f3c WebCore::LayoutContext::runOrScheduleAsynchronousTasks() + 444 (LayoutContext.cpp:222)
6   WebCore                       	0x000000018cd597b0 WebCore::LayoutContext::layout() + 1672 (LayoutContext.cpp:207)
7   WebCore                       	0x000000018bedb470 WebCore::RenderWidget::updateWidgetPosition() + 212 (RenderWidget.cpp:339)
8   WebCore                       	0x000000018cfbf608 WebCore::RenderFrameBase:: (bool, bool) + 100 (RenderFrameBase.cpp:80)
9   WebCore                       	0x000000018bee44d0 WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) + 224 (RenderFrameBase.cpp:62)
10  WebCore                       	0x000000018bedae04 WebCore::RenderIFrame::layout() + 76 (RenderIFrame.cpp:111)
11  WebCore                       	0x000000018cf53e58 WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) + 420 (RenderElement.h:128)
12  WebCore                       	0x000000018be3bf9c WebCore::RenderBlock::layoutPositionedObjects(bool, bool) + 296 (RenderBlock.cpp:1476)
13  WebCore                       	0x000000018be3c4f0 WebCore::RenderBlock::simplifiedLayout() + 552 (RenderBlock.cpp:1335)
14  WebCore                       	0x000000018cf6003c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 72 (RenderBlockFlow.cpp:457)
15  WebCore                       	0x000000018be3bfec WebCore::RenderBlock::layout() + 56 (RenderBlock.cpp:1031)
Comment 1 Ryosuke Niwa 2017-12-07 15:14:44 PST 
<rdar://problem/35410390>
Comment 2 Ryosuke Niwa 2017-12-07 15:19:48 PST 
Created attachment 328747 [details]
Fixes the crash
Comment 3 Ryosuke Niwa 2017-12-07 15:25:05 PST 
Comment on attachment 328747 [details]
Fixes the crash

Clearing flags on attachment: 328747

Committed r225647: <https://trac.webkit.org/changeset/225647>
Comment 4 Ryosuke Niwa 2017-12-07 19:31:38 PST 
Created attachment 328780 [details]
Add a test
Comment 5 Ryosuke Niwa 2017-12-07 20:50:50 PST 
Committed r225670: <https://trac.webkit.org/changeset/225670>