Bug 44629

Summary: Crash when switching to tiled layer when parent is also a tiled layer
Product: WebKit Reporter: Chris Marrin <cmarrin>
Component: Layout and RenderingAssignee: Chris Marrin <cmarrin>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows 7   
Attachments:
Description Flags
test showing problem
none
Patch with test case simon.fraser: review+

Description Chris Marrin 2010-08-25 11:49:03 PDT 
There is a case (found with a Bing page) where causing a layer to go from non-tiled to tiled causes a crash when that layer has a tiled layer parent. A test case is forthcoming.
Comment 1 Chris Marrin 2010-08-25 13:29:27 PDT 
Created attachment 65466 [details]
test showing problem
Comment 2 Chris Marrin 2010-08-25 15:09:12 PDT 
Created attachment 65479 [details]
Patch with test case
Comment 3 Chris Marrin 2010-08-25 15:12:12 PDT 
rdar://problem/8223788
Comment 4 Simon Fraser (smfr) 2010-08-25 15:17:03 PDT 
Comment on attachment 65479 [details]
Patch with test case

WebCore/platform/graphics/win/WKCACFLayer.h:65
 +          ASSERT(CACFLayerGetUserData(layer) != reinterpret_cast<void*>(0xDeadBeef));
I think 0xDeadBeef should be all lower- or uppercase. 

WebCore/platform/graphics/win/WKCACFLayer.cpp:185
 +      CACFLayerSetUserData(layer(), reinterpret_cast<void*>(0xDeadBeef));
Only do this in debug builds.

Seems like the underlying cause is that we mess with sublayerCount() for tiled layers. It would be nice to find a way to avoid that source of confusion.
Comment 5 Chris Marrin 2010-08-26 10:33:06 PDT 
Landed in http://trac.webkit.org/changeset/66050