Bug 103432 - ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint()) after r135816
Summary: ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(r...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Simon Fraser (smfr)
URL: https://groups.google.com/forum/?from...
Keywords: InRadar
: 105096 105932 123486 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-11-27 09:56 PST by Thiago Marcos P. Santos
Modified: 2013-11-13 12:02 PST (History)
21 users (show)

See Also:

Attachments
Patch (4.66 KB, patch)
2013-01-29 17:45 PST, Simon Fraser (smfr) 		allan.jensen: review+
webkit.review.bot: commit-queue-
Details | Formatted Diff | Diff
Patch (3.57 KB, patch)
2013-04-05 03:34 PDT, Allan Sandfeld Jensen 		no flags Details | Formatted Diff | Diff
Patch (10.09 KB, patch)
2013-11-13 11:25 PST, Simon Fraser (smfr) 		hyatt: review+
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thiago Marcos P. Santos 2012-11-27 09:56:45 PST 
crash log for WebProcess (pid <unknown>):
STDOUT: <empty>
STDERR: ASSERTION FAILED: m_repaintRect == renderer()->clippedOverflowRectForRepaint(renderer()->containerForRepaint())
STDERR: /home/buildslave-1/webkit-buildslave/efl-linux-64-debug-wk2/build/Source/WebCore/rendering/RenderLayer.cpp(554) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlags)
STDERR: 1   0x7fb32587949c WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
STDERR: 2   0x7fb325879577 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
STDERR: 3   0x7fb325879577 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
STDERR: 4   0x7fb325879577 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
STDERR: 5   0x7fb3258792aa WebCore::RenderLayer::updateLayerPositionsAfterOverflowScroll()
STDERR: 6   0x7fb32587d6c2 WebCore::RenderLayer::scrollTo(int, int)
STDERR: 7   0x7fb32587feef WebCore::RenderLayer::setScrollOffset(WebCore::IntPoint const&)
STDERR: 8   0x7fb3256439f2 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&)
STDERR: 9   0x7fb325643c8d WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&)
STDERR: 10  0x7fb325643345 WebCore::ScrollAnimator::notifyPositionChanged()
STDERR: 11  0x7fb325642d79 WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&)
STDERR: 12  0x7fb325643888 WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&)
STDERR: 13  0x7fb32587d4f6 WebCore::RenderLayer::scrollToOffset(WebCore::IntSize const&, WebCore::RenderLayer::ScrollOffsetClamping)
STDERR: 14  0x7fb325812d7b WebCore::RenderLayer::scrollToYOffset(int, WebCore::RenderLayer::ScrollOffsetClamping)
STDERR: 15  0x7fb3257f94f7 WebCore::RenderBox::setScrollTop(int)
STDERR: 16  0x7fb325099631 WebCore::Element::setScrollTop(int)
STDERR: 17  0x7fb325cf6485 WebCore::setJSElementScrollTop(JSC::ExecState*, JSC::JSObject*, JSC::JSValue)
STDERR: 18  0x7fb325cff154 bool JSC::lookupPut<WebCore::JSElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSElement*, bool)
STDERR: 19  0x7fb325cfeb00 void JSC::lookupPut<WebCore::JSElement, WebCore::JSNode>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSElement*, JSC::PutPropertySlot&)
STDERR: 20  0x7fb325cf63ad WebCore::JSElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
STDERR: 21  0x7fb325d9a426 void JSC::lookupPut<WebCore::JSHTMLElement, WebCore::JSElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&)
STDERR: 22  0x7fb325d98645 WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
STDERR: 23  0x7fb325d92a0f void JSC::lookupPut<WebCore::JSHTMLDivElement, WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLDivElement*, JSC::PutPropertySlot&)
STDERR: 24  0x7fb325d91fc9 WebCore::JSHTMLDivElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
STDERR: 25  0x7fb31f713f8b JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
STDERR: 26  0x7fb31f972bec
STDERR: 27  0x7fb31f97be57
Comment 1 Alexey Proskuryakov 2012-11-27 10:18:41 PST 
There is no EFL specific code in crash trace, have you confirmed that this is a EFL only issue?
Comment 2 Simon Fraser (smfr) 2012-11-27 10:24:34 PST 
No other port has reported this assertion.
Comment 3 Thiago Marcos P. Santos 2012-11-27 10:46:38 PST 
(In reply to comment #2)
> No other port has reported this assertion.

Because all of them are skipping the test:

$ grep http/tests/inspector/network/network-xhr-replay.html LayoutTests/platform/* -R
LayoutTests/platform/chromium/TestExpectations:webkit.org/b/96953 [ Win ] http/tests/inspector/network/network-xhr-replay.html [ Timeout ]
LayoutTests/platform/mac/TestExpectations:http/tests/inspector/network/network-xhr-replay.html
LayoutTests/platform/qt/TestExpectations:http/tests/inspector/network/network-xhr-replay.html
LayoutTests/platform/win/TestExpectations:http/tests/inspector/network/network-xhr-replay.html
LayoutTests/platform/wincairo/TestExpectations:http/tests/inspector/network/network-xhr-replay.html
Comment 4 Simon Fraser (smfr) 2012-11-30 11:59:07 PST 
I was able to reproduce this assertion by loading <http://philosophically.com/why-were-pivoting-from-mobile-first-to-web-first> in a fairly narrow window.
Comment 5 Beth Dakin 2012-12-11 14:26:35 PST 
This crash is showing up on the WK-2 bots sometimes when running http/tests/inspector/resource-har-pages.html

I have not been able to repro the crash on my own machine though.
Comment 6 Simon Fraser (smfr) 2013-01-29 16:02:43 PST 
*** Bug 105932 has been marked as a duplicate of this bug. ***
Comment 7 Simon Fraser (smfr) 2013-01-29 16:22:39 PST 
This goes away if I remove the && !m_canSkipRepaintRectsUpdateOnScroll test added by Julien.
Comment 8 Simon Fraser (smfr) 2013-01-29 17:15:14 PST 
*** Bug 105096 has been marked as a duplicate of this bug. ***
Comment 9 Simon Fraser (smfr) 2013-01-29 17:45:43 PST 
Created attachment 185363 [details]
Patch
Comment 10 Allan Sandfeld Jensen 2013-01-30 00:56:06 PST 
Comment on attachment 185363 [details]
Patch

Looks good to me, but it would be nice if the tests it affects were mentioned in the Changelog.
Comment 11 Jonathan Liu 2013-02-13 13:26:31 PST 
It would be good to fix it for Qt 5.0.2. Any update on this?
Comment 12 Jonathan Liu 2013-03-27 03:36:14 PDT 
(In reply to comment #11)
> It would be good to fix it for Qt 5.0.2. Any update on this?

Ping.
Comment 13 WebKit Review Bot 2013-03-27 16:23:28 PDT 
Comment on attachment 185363 [details]
Patch

Rejecting attachment 185363 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=webkit-commit-queue.appspot.com', '--bot-id=gce-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 185363, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Last 500 characters of output:
ce/WebCore/rendering/RenderLayer.h
Hunk #1 succeeded at 1200 (offset 111 lines).
patching file LayoutTests/ChangeLog
Hunk #1 succeeded at 1 with fuzz 3.
patching file LayoutTests/platform/mac/TestExpectations
Hunk #1 FAILED at 1240.
1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/platform/mac/TestExpectations.rej

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Allan Sandfeld Jensen']" exit_code: 1 cwd: /mnt/git/webkit-commit-queue

Full output: http://webkit-commit-queue.appspot.com/results/17293401
Comment 14 Jonathan Liu 2013-03-28 04:07:46 PDT 
Seems the test expectations were already updated by http://trac.webkit.org/changeset/141661/trunk/LayoutTests/platform/mac/TestExpectations
Comment 15 Allan Sandfeld Jensen 2013-04-05 03:34:37 PDT 
Created attachment 196611 [details]
Patch

Rebased patch on top of r141661.
Comment 16 Simon Fraser (smfr) 2013-04-05 08:18:25 PDT 
Comment on attachment 196611 [details]
Patch

Thanks for updating this patch!
Comment 17 WebKit Commit Bot 2013-04-05 10:34:38 PDT 
Comment on attachment 196611 [details]
Patch

Clearing flags on attachment: 196611

Committed r147759: <http://trac.webkit.org/changeset/147759>
Comment 18 WebKit Commit Bot 2013-04-05 10:34:42 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 19 Sergio Villar Senin 2013-06-26 10:33:14 PDT 
I don't think this is fixed yet, I just got this scrolling down this page with the webkitgtk WK1 test browser (I'm using r151992):

ASSERTION FAILED: m_repaintRect == renderer()->clippedOverflowRectForRepaint(renderer()->containerForRepaint())
../../Source/WebCore/rendering/RenderLayer.cpp(809) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlags)
1   0x7ffff30954eb ../WebKit/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7ffff30954eb]
2   0x7ffff46c725b ../WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x110c25b) [0x7ffff46c725b]
3   0x7ffff46c731f ../WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x110c31f) [0x7ffff46c731f]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff30954f0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:339
339	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff30954f0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff46c725b in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x147dcb8, geometryMap=0x7fffffffba10, flags=4)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:809
#2  0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x147f8e8, geometryMap=0x7fffffffba10, flags=4)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:814
#3  0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x147afc8, geometryMap=0x7fffffffba10, flags=4)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:814
#4  0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x820068, geometryMap=0x7fffffffba10, flags=0)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:814
#5  0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x73d308, geometryMap=0x7fffffffba10, flags=0)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:814
#6  0x00007ffff46c6faa in WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll (this=0x73d308)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:760
#7  0x00007ffff45202a6 in WebCore::FrameView::repaintFixedElementsAfterScrolling (this=0x683060) at ../../Source/WebCore/page/FrameView.cpp:2017
#8  0x00007ffff4cedd62 in WebCore::ScrollView::scrollTo (this=0x683060, newOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:392
#9  0x00007ffff4523ed4 in WebCore::FrameView::scrollTo (this=0x683060, newOffset=...) at ../../Source/WebCore/page/FrameView.cpp:3055
#10 0x00007ffff4cedcc6 in WebCore::ScrollView::setScrollOffset (this=0x683060, offset=...) at ../../Source/WebCore/platform/ScrollView.cpp:373
#11 0x00007ffff4ce959c in WebCore::ScrollableArea::scrollPositionChanged (this=0x683098, position=...)
    at ../../Source/WebCore/platform/ScrollableArea.cpp:145
#12 0x00007ffff4ce98b9 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x683098, offset=...)
    at ../../Source/WebCore/platform/ScrollableArea.cpp:190
#13 0x00007ffff4cfa767 in WebCore::ScrollAnimator::notifyPositionChanged (this=0xb01c60, delta=...)
    at ../../Source/WebCore/platform/ScrollAnimator.cpp:142
#14 0x00007ffff4cfa131 in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0xb01c60, offset=...)
    at ../../Source/WebCore/platform/ScrollAnimator.cpp:81
#15 0x00007ffff4ce93f2 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x683098, offset=...)
    at ../../Source/WebCore/platform/ScrollableArea.cpp:124
#16 0x00007ffff4ce94de in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x683098, orientation=WebCore::VerticalScrollbar, 
    offset=2675) at ../../Source/WebCore/platform/ScrollableArea.cpp:132
#17 0x00007ffff3b0ae28 in WebKit::GtkAdjustmentWatcher::adjustmentValueChanged (this=0x642750, adjustment=0x713d90)
    at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:131
#18 0x00007ffff3b0ac1a in WebKit::adjustmentValueChangedCallback (adjustment=0x713d90, watcher=0x642750)
    at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:95
Comment 20 Sergio Villar Senin 2013-06-26 10:38:25 PDT 
(In reply to comment #19)
> I don't think this is fixed yet, I just got this scrolling down this page with the webkitgtk WK1 test browser (I'm using r151992):

I meant this page:
http://praza.com/movementos-sociais/4872/o-pp-rexeita-abolir-as-touradas-porque-non-hai-risco-de-que-proliferen-en-galicia/
Comment 21 Sergio Villar Senin 2013-06-26 10:39:29 PDT 
(In reply to comment #20)
> (In reply to comment #19)
> > I don't think this is fixed yet, I just got this scrolling down this page with the webkitgtk WK1 test browser (I'm using r151992):
> 
> I meant this page:
> http://praza.com/movementos-sociais/4872/o-pp-rexeita-abolir-as-touradas-porque-non-hai-risco-de-que-proliferen-en-galicia/

It's important to note that the crash happens only when scrolling while the page is not fully loaded yet.
Comment 22 Allan Sandfeld Jensen 2013-06-27 03:02:03 PDT 
I can not reproduce that assert. Would it be possible for you to provide more backtrace info, such as the what the different between the cached and calculated repaint rect is?
Comment 23 Tim Horton 2013-07-01 17:48:39 PDT 
100% repro case of the same assertion failure (probably related to rtl) here: https://bugs.webkit.org/show_bug.cgi?id=118269
Comment 24 Tobias Netzel 2013-07-18 13:29:19 PDT 
See my comment in bug 118269 for how I can reproduce this assertion when scrolling a RenderBox that was highlighted by clicking in it. You may have to scroll down to the bottom after highlighting in order to trigger the assertion.

My investigation showed that the RenderObject in question was a RenderBox, and that the difference between the cached and the repainted rect is produced by "r.inflate(v->maximalOutlineSize());" in RenderBox::clippedOverflowRectForRepaint().
Maybe the inflation to the outline size should just be ignored while scrolling? That would mean the  assertion is wrong - and I don't see any rendering artifacts in release builds.
Comment 25 Sergio Villar Senin 2013-07-19 02:11:02 PDT 
(In reply to comment #23)
> 100% repro case of the same assertion failure (probably related to rtl) here: https://bugs.webkit.org/show_bug.cgi?id=118269

Maybe they're different issues because I hit the assertion quite easily in a lot of webpages but your test works fine for me.
Comment 26 Sergio Villar Senin 2013-07-19 02:13:59 PDT 
(In reply to comment #25)
> (In reply to comment #23)
> > 100% repro case of the same assertion failure (probably related to rtl) here: https://bugs.webkit.org/show_bug.cgi?id=118269
> 
> Maybe they're different issues because I hit the assertion quite easily in a lot of webpages but your test works fine for me.

As an example:

1- go to http://www.0d.be/debian/debian-gnome-3.8-status.html
2- click onto the "Display arch details" checkbox
3- scroll down

100% assertion failed
Comment 27 Tobias Netzel 2013-07-19 11:15:06 PDT 
> 1- go to http://www.0d.be/debian/debian-gnome-3.8-status.html
> 2- click onto the "Display arch details" checkbox
> 3- scroll down
> 
> 100% assertion failed

This in turn doesn't assert for me.
However it does have something in common with my case: the render tree is changed by user interaction (mouse click events in our cases), and after that the assertion is hit upon scrolling.
Would be helpful to know what's the difference between the expected and acrual rectangles.
Comment 28 Antti Koivisto 2013-11-07 12:09:46 PST 
I can hit this on http://www.theguardian.com/ pretty quickly by going to articles and scrolling around while the page is loading.

ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint())
/Users/antti/webkit/OpenSource/Source/WebCore/rendering/RenderLayer.cpp(787) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap *, UpdateLayerPositionsAfterScrollFlags)
1   0x11406e780 WTFCrash
2   0x1162be01b WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
3   0x1162be0f9 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
4   0x1162bdda1 WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll()
5   0x1155cb71f WebCore::FrameView::repaintFixedElementsAfterScrolling()
6   0x11654bda5 WebCore::ScrollView::scrollTo(WebCore::IntSize const&)
7   0x1155ce1ae WebCore::FrameView::scrollTo(WebCore::IntSize const&)
8   0x11654bcaf WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&)
9   0x11654bcef non-virtual thunk to WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&)
10  0x116511020 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&)
11  0x116510f8f WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&)
12  0x11652a42f WebCore::ScrollingCoordinator::updateMainFrameScrollPosition(WebCore::IntPoint const&, bool, WebCore::SetOrSyncScrollingLayerPosition)
13  0x11652cc23 WebCore::ScrollingCoordinatorMac::requestScrollPositionUpdate(WebCore::FrameView*, WebCore::IntPoint const&)
14  0x1155cbbb1 WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&)
15  0x1155cbc0f non-virtual thunk to WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&)
16  0x116511382 WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&)
17  0x116513a21 WebCore::ScrollAnimator::notifyPositionChanged(WebCore::FloatSize const&)
18  0x1165181d6 WebCore::ScrollAnimatorMac::notifyPositionChanged(WebCore::FloatSize const&)
19  0x116517d1a WebCore::ScrollAnimatorMac::immediateScrollTo(WebCore::FloatPoint const&)
20  0x116517bf3 WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&)
21  0x116510e6c WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&)
22  0x11654a6fd WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&)
23  0x11654b230 WebCore::ScrollView::setContentsSize(WebCore::IntSize const&)
24  0x1155c3711 WebCore::FrameView::setContentsSize(WebCore::IntSize const&)
25  0x1155c4b83 WebCore::FrameView::adjustViewSize()
26  0x1155c7284 WebCore::FrameView::layout(bool)
27  0x1155d01f9 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive()
28  0x1125a3b7b WebKit::WebPage::layoutIfNeeded()
29  0x11245db4a WebKit::TiledCoreAnimationDrawingArea::flushLayers()
30  0x11245de9c non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers()
31  0x115f9efcc WebCore::LayerFlushScheduler::runLoopObserverCallback()
Comment 29 Simon Fraser (smfr) 2013-11-13 11:17:11 PST 
*** Bug 123486 has been marked as a duplicate of this bug. ***
Comment 30 Simon Fraser (smfr) 2013-11-13 11:17:47 PST 
<rdar://problem/15348150>
Comment 31 Simon Fraser (smfr) 2013-11-13 11:25:55 PST 
Created attachment 216824 [details]
Patch
Comment 32 Dave Hyatt 2013-11-13 11:26:48 PST 
Comment on attachment 216824 [details]
Patch

r=me. Eww.
Comment 33 Simon Fraser (smfr) 2013-11-13 12:02:21 PST 
https://trac.webkit.org/r159218