Bug 32172

Summary: Fix assertion failure in WebCore::RenderBlock::startDelayUpdateScrollInfo
Product: WebKit Reporter: Adam Langley <agl>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: hamaji, jeffrey+webkit, mjs, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch darin: review+

Adam Langley
Reported 2009-12-04 14:11:23 PST
startDelayUpdateScrollInfo calls a function that can end up calling startDelayUpdateScrollInfo again. However, it's static state is inconsistent when this happens leading to an assertion failure (or probably a memory leak if assertions are off). #0 WebCore::RenderBlock::startDelayUpdateScrollInfo () at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:605 #1 0x0000000000f88b9d in WebCore::RenderFlexibleBox::layoutHorizontalBox (this=0x2aaab801ea38, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:336 #2 0x0000000000f8a0c0 in WebCore::RenderFlexibleBox::layoutBlock (this=0x2aaab801ea38, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:242 #3 0x0000000000f49b57 in WebCore::RenderBlock::layout (this=0x2aaab801ea38) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:649 #4 0x0000000000f4d881 in WebCore::RenderObject::layoutIfNeeded (this=0x2aaab801ea38) at third_party/WebKit/WebCore/rendering/RenderObject.h:496 #5 0x0000000000f66caf in WebCore::RenderBlock::layoutInlineChildren (this=0x2aaab801dc68, relayoutChildren=true, repaintTop=@0x7fffffffbd4c, repaintBottom=@0x7fffffffbd48) at third_party/WebKit/WebCore/rendering/RenderBlockLineLayout.cpp:865 #6 0x0000000000f4a1db in WebCore::RenderBlock::layoutBlock (this=0x2aaab801dc68, relayoutChildren=true) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:723 #7 0x0000000000fa42c7 in WebCore::RenderLayer::updateScrollInfoAfterLayout (this=0x2aaab801dd48) at third_party/WebKit/WebCore/rendering/RenderLayer.cpp:1872 #8 0x0000000000f4a90a in WebCore::RenderBlock::finishDelayUpdateScrollInfo () at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:623 #9 0x0000000000f89a58 in WebCore::RenderFlexibleBox::layoutHorizontalBox (this=0x2aaab801c0a8, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:558
Attachments
patch (4.19 KB, patch)
2009-12-04 14:13 PST, Adam Langley 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Langley
Comment 1 2009-12-04 14:13:51 PST
Created attachment 44335 [details] patch
WebKit Review Bot
Comment 2 2009-12-04 14:15:23 PST
style-queue ran check-webkit-style on attachment 44335 [details] without any errors.
Darin Adler
Comment 3 2009-12-04 15:43:23 PST
Comment on attachment 44335 [details] patch An OwnPtr would be better than an explicit delete.
Adam Langley
Comment 4 2009-12-08 17:48:21 PST
Switched to OwnPtr and landed as r51883
Shinichiro Hamaji
Comment 5 2009-12-28 19:04:58 PST
*** Bug 32009 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.