Bug 224262

Summary: REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, cmarcelo, esprehn+autocc, ews-watchlist, kangil.han, koivisto, rbuis, simon.fraser, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=178583
Attachments:
Description Flags
Fixes the crash none

Description Ryosuke Niwa 2021-04-06 20:30:28 PDT 
e.g.

ASSERTION FAILED: isSafeToUpdateStyleOrLayout(*this)
./dom/Document.cpp(2176) : void WebCore::Document::updateLayout()
1   0x3bd844de9 WTFCrash
2   0x3bd844e09 WTFCrashWithSecurityImplication
3   0x3a375c9ea WebCore::Document::updateLayout()
4   0x3a375e272 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
5   0x3a3b1d560 WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&)
6   0x3a3b1d40a WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity)
7   0x3a3b1db5b WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity)
8   0x3a1057907 WebCore::VisibleSelection::visibleStart() const
9   0x3a3a944c3 WebCore::FrameSelection::recomputeCaretRect()
10  0x3a3a8e1bb WebCore::FrameSelection::updateAppearance()
11  0x3a3a8dead WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&)
12  0x3a3a6dce2 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity)
13  0x3a3a8bd55 WebCore::FrameSelection::moveWithoutValidationTo(WebCore::Position const&, WebCore::Position const&, bool, bool, WebCore::SelectionRevealMode, WebCore::AXTextStateChangeIntent const&)
14  0x3a3d3547d WebCore::HTMLTextFormControlElement::setSelectionRange(int, int, WebCore::TextFieldSelectionDirection, WebCore::SelectionRevealMode, WebCore::AXTextStateChangeIntent const&)
15  0x3a3d3635b WebCore::HTMLTextAreaElement::setValueCommon(WTF::String const&)
16  0x3a3d33ff4 WebCore::HTMLTextAreaElement::setNonDirtyValue(WTF::String const&)
17  0x3a3d33cee WebCore::HTMLTextAreaElement::childrenChanged(WebCore::ContainerNode::ChildChange const&)
18  0x3a36fcf77 WebCore::ContainerNode::removeAllChildrenWithScriptAssertion(WebCore::ContainerNode::ChildChange::Source, WebCore::ContainerNode::DeferChildrenChanged)
19  0x3a3703ac6 WebCore::ContainerNode::replaceChildren(WTF::Vector<WTF::Variant<WTF::RefPtr<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>, WTF::DefaultRefDerefTraits<WebCore::Node> >, WTF::String>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)

<rdar://76269714>
Comment 1 Ryosuke Niwa 2021-04-06 22:27:41 PDT 
Created attachment 425355 [details]
Fixes the crash
Comment 2 Ryosuke Niwa 2021-04-07 00:42:48 PDT 
Comment on attachment 425355 [details]
Fixes the crash

Clearing flags on attachment: 425355

Committed r275591 (236236@main): <https://commits.webkit.org/236236@main>
Comment 3 Ryosuke Niwa 2021-04-07 00:42:51 PDT 
All reviewed patches have been landed.  Closing bug.