Bug 224262

Summary: REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, cmarcelo, esprehn+autocc, ews-watchlist, kangil.han, koivisto, rbuis, simon.fraser, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=178583
Attachments:
Description Flags
Fixes the crash none

Ryosuke Niwa
Reported 2021-04-06 20:30:28 PDT
e.g. ASSERTION FAILED: isSafeToUpdateStyleOrLayout(*this) ./dom/Document.cpp(2176) : void WebCore::Document::updateLayout() 1 0x3bd844de9 WTFCrash 2 0x3bd844e09 WTFCrashWithSecurityImplication 3 0x3a375c9ea WebCore::Document::updateLayout() 4 0x3a375e272 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) 5 0x3a3b1d560 WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) 6 0x3a3b1d40a WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity) 7 0x3a3b1db5b WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity) 8 0x3a1057907 WebCore::VisibleSelection::visibleStart() const 9 0x3a3a944c3 WebCore::FrameSelection::recomputeCaretRect() 10 0x3a3a8e1bb WebCore::FrameSelection::updateAppearance() 11 0x3a3a8dead WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&) 12 0x3a3a6dce2 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) 13 0x3a3a8bd55 WebCore::FrameSelection::moveWithoutValidationTo(WebCore::Position const&, WebCore::Position const&, bool, bool, WebCore::SelectionRevealMode, WebCore::AXTextStateChangeIntent const&) 14 0x3a3d3547d WebCore::HTMLTextFormControlElement::setSelectionRange(int, int, WebCore::TextFieldSelectionDirection, WebCore::SelectionRevealMode, WebCore::AXTextStateChangeIntent const&) 15 0x3a3d3635b WebCore::HTMLTextAreaElement::setValueCommon(WTF::String const&) 16 0x3a3d33ff4 WebCore::HTMLTextAreaElement::setNonDirtyValue(WTF::String const&) 17 0x3a3d33cee WebCore::HTMLTextAreaElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) 18 0x3a36fcf77 WebCore::ContainerNode::removeAllChildrenWithScriptAssertion(WebCore::ContainerNode::ChildChange::Source, WebCore::ContainerNode::DeferChildrenChanged) 19 0x3a3703ac6 WebCore::ContainerNode::replaceChildren(WTF::Vector<WTF::Variant<WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node> >, WTF::String>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) <rdar://76269714>
Attachments
Fixes the crash (6.41 KB, patch)
2021-04-06 22:27 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2021-04-06 22:27:41 PDT
Created attachment 425355 [details] Fixes the crash
Ryosuke Niwa
Comment 2 2021-04-07 00:42:48 PDT
Comment on attachment 425355 [details] Fixes the crash Clearing flags on attachment: 425355 Committed r275591 (236236@main): <https://commits.webkit.org/236236@main>
Ryosuke Niwa
Comment 3 2021-04-07 00:42:51 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.