Bug 180550

Summary: iOS: Many AMP pages hit a release assertion inside Document::updateStyleIfNeeded
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: Layout and RenderingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, simon.fraser, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the crash
none
Add a test simon.fraser: review+

Ryosuke Niwa
Reported 2017-12-07 15:14:31 PST
e.g. 0 WebCore 0x000000018be6f274 WebCore::Document::updateStyleIfNeeded() + 360 (Document.cpp:1955) 1 WebCore 0x000000018be6f1f8 WebCore::Document::updateStyleIfNeeded() + 236 (Document.cpp:1933) 2 WebCore 0x000000018cd59434 WebCore::LayoutContext::layout() + 780 (LayoutContext.cpp:490) 3 WebCore 0x000000018bedb470 WebCore::RenderWidget::updateWidgetPosition() + 212 (RenderWidget.cpp:339) 4 WebCore 0x000000018cd5e724 WebCore::FrameView::updateWidgetPositions() + 312 (FrameView.cpp:4893) 5 WebCore 0x000000018cd64f3c WebCore::LayoutContext::runOrScheduleAsynchronousTasks() + 444 (LayoutContext.cpp:222) 6 WebCore 0x000000018cd597b0 WebCore::LayoutContext::layout() + 1672 (LayoutContext.cpp:207) 7 WebCore 0x000000018bedb470 WebCore::RenderWidget::updateWidgetPosition() + 212 (RenderWidget.cpp:339) 8 WebCore 0x000000018cfbf608 WebCore::RenderFrameBase:: (bool, bool) + 100 (RenderFrameBase.cpp:80) 9 WebCore 0x000000018bee44d0 WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) + 224 (RenderFrameBase.cpp:62) 10 WebCore 0x000000018bedae04 WebCore::RenderIFrame::layout() + 76 (RenderIFrame.cpp:111) 11 WebCore 0x000000018cf53e58 WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool) + 420 (RenderElement.h:128) 12 WebCore 0x000000018be3bf9c WebCore::RenderBlock::layoutPositionedObjects(bool, bool) + 296 (RenderBlock.cpp:1476) 13 WebCore 0x000000018be3c4f0 WebCore::RenderBlock::simplifiedLayout() + 552 (RenderBlock.cpp:1335) 14 WebCore 0x000000018cf6003c WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 72 (RenderBlockFlow.cpp:457) 15 WebCore 0x000000018be3bfec WebCore::RenderBlock::layout() + 56 (RenderBlock.cpp:1031)
Attachments
Fixes the crash (2.71 KB, patch)
2017-12-07 15:19 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Add a test (2.67 KB, patch)
2017-12-07 19:31 PST, Ryosuke Niwa 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2017-12-07 15:14:44 PST
<rdar://problem/35410390>
Ryosuke Niwa
Comment 2 2017-12-07 15:19:48 PST
Created attachment 328747 [details] Fixes the crash
Ryosuke Niwa
Comment 3 2017-12-07 15:25:05 PST
Comment on attachment 328747 [details] Fixes the crash Clearing flags on attachment: 328747 Committed r225647: <https://trac.webkit.org/changeset/225647>
Ryosuke Niwa
Comment 4 2017-12-07 19:31:38 PST
Created attachment 328780 [details] Add a test
Ryosuke Niwa
Comment 5 2017-12-07 20:50:50 PST
Committed r225670: <https://trac.webkit.org/changeset/225670>
Note You need to log in before you can comment on or make changes to this bug.