Bug 115303 - Assertion while scrolling news.google.com
Summary: Assertion while scrolling news.google.com
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows 7
: P2 Normal
Assignee: Allan Sandfeld Jensen
URL: https://bugreports.qt-project.org/bro...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-27 02:26 PDT by Jonathan Liu
Modified: 2013-08-27 02:59 PDT (History)
6 users (show)

See Also:

Attachments
Patch (1.42 KB, patch)
2013-04-27 02:59 PDT, Jonathan Liu 		no flags Details | Formatted Diff | Diff
Patch (2.47 KB, patch)
2013-04-27 22:05 PDT, Jonathan Liu 		no flags Details | Formatted Diff | Diff
Patch (1.64 KB, patch)
2013-08-26 08:11 PDT, Allan Sandfeld Jensen 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Liu 2013-04-27 02:26:19 PDT 
I get a crash while scrolling page with debug build of Qt Demo Browser in Qt 5.0.2 and Qt 5.1.

Instructions to reproduce:
1. Open http://news.google.com/
2. Click the scrollbar on the right and drag up and down rapidly while the embedded YouTube flash video is loading
3. Refresh page
4. Repeat steps 2-3 until you get assertion failure

I have reproduced the issue using http://download.qt-project.org/official_releases/qt/5.0/5.0.2/qt-windows-opensource-5.0.2-msvc2010_32-x86-offline.exe. Debug output and stack trace below:

ASSERTION FAILED: !view() || (!view()->isInLayout() && !view()->isPainting())
dom\Document.cpp(1885) : WebCore::Document::updateStyleIfNeeded
1   029A5272
2   029A5421
3   029A5419
4   029A5510
5   0294BE46
6   0293F478
7   02EB4F3E
8   02EB4ED0
9   02EB5003
10  03646EF0
11  03646D5C
12  032B1061
13  02852A42
14  036285CE
15  03839A58
16  03838A30
17  0373E062
18  0373AF56
19  0379FEE6
20  031B211D
21  1729FDEA
22  17100527
23  1730A188
24  176560D1
25  17656959
26  17661D9A
27  1761606B
28  1764ADC9
First-chance exception at 0x029a5277 (Qt5WebKitd.dll) in browser.exe: 0xC0000005: Access violation writing location 0xbbadbeef.
Unhandled exception at 0x029a5277 (Qt5WebKitd.dll) in browser.exe: 0xC0000005: Access violation writing location 0xbbadbeef.


Qt5WebKitd.dll!WebCore::Document::updateStyleIfNeeded()  Line 1885 + 0x5e bytes	C++
Qt5WebKitd.dll!WebCore::Document::updateLayout()  Line 1916	C++
Qt5WebKitd.dll!WebCore::Document::updateLayout()  Line 1914	C++
Qt5WebKitd.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets()  Line 1954	C++
Qt5WebKitd.dll!WebCore::HTMLEmbedElement::renderWidgetForJSBindings()  Line 74	C++
Qt5WebKitd.dll!WebCore::HTMLPlugInElement::pluginWidget()  Line 158 + 0x10 bytes	C++
Qt5WebKitd.dll!WebCore::pluginScriptObjectFromPluginViewBase(WebCore::HTMLPlugInElement * pluginElement=0x11109a40, JSC::JSGlobalObject * globalObject=0x0bf8ee40)  Line 60 + 0x8 bytes	C++
Qt5WebKitd.dll!WebCore::pluginScriptObject(JSC::ExecState * exec=0x0c7e00c0, WebCore::JSHTMLElement * jsHTMLElement=0x0c459160)  Line 90 + 0x12 bytes	C++
Qt5WebKitd.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x0c7e00c0, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x0c459160)  Line 115 + 0xd bytes	C++
Qt5WebKitd.dll!WebCore::pluginElementCustomGetOwnPropertySlot<WebCore::JSHTMLEmbedElement,WebCore::JSHTMLElement>(JSC::ExecState * exec=0x0c7e00c0, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLEmbedElement * element=0x0c459160)  Line 58 + 0x15 bytes	C++
Qt5WebKitd.dll!WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x0c7e00c0, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...})  Line 38 + 0x15 bytes	C++
Qt5WebKitd.dll!WebCore::JSHTMLEmbedElement::getOwnPropertySlot(JSC::JSCell * cell=0x0c459160, JSC::ExecState * exec=0x0c7e00c0, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...})  Line 137 + 0x14 bytes	C++
Qt5WebKitd.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x0c7e00c0, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...})  Line 1204 + 0x1d bytes	C++
Qt5WebKitd.dll!JSC::JSValue::get(JSC::ExecState * exec=0x0c7e00c0, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...})  Line 1464 + 0x14 bytes	C++
Qt5WebKitd.dll!cti_op_get_by_id(void * * args=0x003e6a28)  Line 1532	C++
Qt5WebKitd.dll!@cti_op_create_this@4()  + 0xdf bytes	C++
Qt5WebKitd.dll!JSC::JITCode::execute(JSC::JSStack * stack=0x105b5418, JSC::ExecState * callFrame=0x0c7e0058, JSC::JSGlobalData * globalData=0x0bb44150)  Line 134 + 0x29 bytes	C++
Qt5WebKitd.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x16afb700, JSC::ExecState * callFrame=0x0bf8efa8, JSC::JSObject * thisObj=0x1303ff60)  Line 979 + 0x28 bytes	C++
Qt5WebKitd.dll!JSC::evaluate(JSC::ExecState * exec=0x0bf8efa8, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, JSC::JSValue * returnedException=0x00000000)  Line 77	C++
Qt5WebKitd.dll!_NPN_Evaluate(_NPP * instance=0x152fbf68, NPObject * o=0x11951608, _NPString * s=0x003e7618, _NPVariant * variant=0x003e7608)  Line 269 + 0x51 bytes	C++
NPSWF32_11_6_602_180.dll!1729fdea() 	
[Frames below may be incorrect and/or missing, no symbols loaded for NPSWF32_11_6_602_180.dll]	
NPSWF32_11_6_602_180.dll!17100527() 	
NPSWF32_11_6_602_180.dll!172eb4c4() 	
NPSWF32_11_6_602_180.dll!1730a188() 	
NPSWF32_11_6_602_180.dll!176560d1() 	
NPSWF32_11_6_602_180.dll!17656959() 	
NPSWF32_11_6_602_180.dll!17661d9a() 	
NPSWF32_11_6_602_180.dll!1761606b() 	
NPSWF32_11_6_602_180.dll!1763a17b() 	
NPSWF32_11_6_602_180.dll!1764adc9() 	
NPSWF32_11_6_602_180.dll!17636ffb() 	
NPSWF32_11_6_602_180.dll!1764adc9() 	
NPSWF32_11_6_602_180.dll!176478d8() 	
NPSWF32_11_6_602_180.dll!17656e3a() 	
NPSWF32_11_6_602_180.dll!17656d05() 	
NPSWF32_11_6_602_180.dll!17656e6e() 	
NPSWF32_11_6_602_180.dll!176568ab() 	
NPSWF32_11_6_602_180.dll!17661d9a() 	
NPSWF32_11_6_602_180.dll!1761606b() 	
NPSWF32_11_6_602_180.dll!17656e3a() 	
NPSWF32_11_6_602_180.dll!17656e3a() 	
NPSWF32_11_6_602_180.dll!17656e3a() 	
NPSWF32_11_6_602_180.dll!17656e3a() 	
NPSWF32_11_6_602_180.dll!176560d1() 	
NPSWF32_11_6_602_180.dll!17656d05() 	
NPSWF32_11_6_602_180.dll!17656e6e() 	
NPSWF32_11_6_602_180.dll!17639d96() 	
NPSWF32_11_6_602_180.dll!17639d7d() 	
NPSWF32_11_6_602_180.dll!17661c00() 	
NPSWF32_11_6_602_180.dll!175fc735() 	
NPSWF32_11_6_602_180.dll!172e6a61() 	
NPSWF32_11_6_602_180.dll!172e4c3d() 	
NPSWF32_11_6_602_180.dll!172e31e0() 	
NPSWF32_11_6_602_180.dll!172e4ba4() 	
NPSWF32_11_6_602_180.dll!172e6c64() 	
NPSWF32_11_6_602_180.dll!172fb4a8() 	
NPSWF32_11_6_602_180.dll!17353082() 	
NPSWF32_11_6_602_180.dll!171d2c49() 	
NPSWF32_11_6_602_180.dll!172a5449() 	
NPSWF32_11_6_602_180.dll!17299816() 	
Qt5WebKitd.dll!WebCore::PluginView::setNPWindowRect(const WebCore::IntRect & rect={...})  Line 856 + 0x2b bytes	C++
Qt5WebKitd.dll!WebCore::PluginView::paintIntoTransformedContext(HDC__ * hdc=0x6d0140af)  Line 572	C++
Qt5WebKitd.dll!WebCore::PluginView::paint(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::IntRect & rect={...})  Line 668	C++
Qt5WebKitd.dll!WebCore::RenderWidget::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 293	C++
Qt5WebKitd.dll!WebCore::RenderEmbeddedObject::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 168	C++
Qt5WebKitd.dll!WebCore::InlineBox::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::LayoutUnit __formal={...}, WebCore::LayoutUnit __formal={...})  Line 241	C++
Qt5WebKitd.dll!WebCore::InlineFlowBox::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::LayoutUnit lineTop={...}, WebCore::LayoutUnit lineBottom={...})  Line 1118	C++
Qt5WebKitd.dll!WebCore::RootInlineBox::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::LayoutUnit lineTop={...}, WebCore::LayoutUnit lineBottom={...})  Line 211	C++
Qt5WebKitd.dll!WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject * renderer=0x1532669c, WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 264	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2938	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 3060	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2772	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox * child=0x1532669c, WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::PaintInfo & paintInfoForChild={...}, bool usePrintRect=false)  Line 2991	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::PaintInfo & paintInfoForChild={...}, bool usePrintRect=false)  Line 2957 + 0x1d bytes	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2952	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 3060	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2772	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3419	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3223	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3205	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0> * list=0x111796f0, WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3507	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3444	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3223	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3205	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0> * list=0x14989b10, WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3507	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3444	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=0)  Line 3223	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=0)  Line 3205	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paint(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::LayoutRect & damageRect={...}, unsigned int paintBehavior=0, WebCore::RenderObject * paintingRoot=0x00000000, WebCore::RenderRegion * region=0x00000000, unsigned int paintFlags=0)  Line 3011	C++
Qt5WebKitd.dll!WebCore::FrameView::paintContents(WebCore::GraphicsContext * p=0x003ec0c4, const WebCore::IntRect & rect={...})  Line 3257	C++
Qt5WebKitd.dll!WebCore::ScrollView::paint(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::IntRect & rect={...})  Line 1076	C++
Qt5WebKitd.dll!WebCore::RenderWidget::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 293	C++
Qt5WebKitd.dll!WebCore::InlineBox::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::LayoutUnit __formal={...}, WebCore::LayoutUnit __formal={...})  Line 241	C++
Qt5WebKitd.dll!WebCore::InlineFlowBox::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::LayoutUnit lineTop={...}, WebCore::LayoutUnit lineBottom={...})  Line 1118	C++
Qt5WebKitd.dll!WebCore::RootInlineBox::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::LayoutUnit lineTop={...}, WebCore::LayoutUnit lineBottom={...})  Line 211	C++
Qt5WebKitd.dll!WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject * renderer=0x153241dc, WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 264	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2938	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 3060	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2772	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox * child=0x153241dc, WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::PaintInfo & paintInfoForChild={...}, bool usePrintRect=false)  Line 2991	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...}, WebCore::PaintInfo & paintInfoForChild={...}, bool usePrintRect=false)  Line 2957 + 0x1d bytes	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2952	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 3060	C++
Qt5WebKitd.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo={...}, const WebCore::LayoutPoint & paintOffset={...})  Line 2772	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3419	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3223	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3205	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0> * list=0x1112ffa0, WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3507	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3444	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3223	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3205	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0> * list=0x15054ed0, WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3507	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=224)  Line 3444	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=0)  Line 3223	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo={...}, unsigned int paintFlags=0)  Line 3205	C++
Qt5WebKitd.dll!WebCore::RenderLayer::paint(WebCore::GraphicsContext * context=0x003ec0c4, const WebCore::LayoutRect & damageRect={...}, unsigned int paintBehavior=0, WebCore::RenderObject * paintingRoot=0x00000000, WebCore::RenderRegion * region=0x00000000, unsigned int paintFlags=0)  Line 3011	C++
Qt5WebKitd.dll!WebCore::FrameView::paintContents(WebCore::GraphicsContext * p=0x003ec0c4, const WebCore::IntRect & rect={...})  Line 3257	C++
Qt5WebKitd.dll!QWebFrameAdapter::renderRelativeCoords(QPainter * painter=0x003ec1a0, int layers=255, const QRegion & clip={...})  Line 533	C++
Qt5WebKitWidgetsd.dll!QWebFrame::render(QPainter * painter=0x003ec1a0, QFlags<enum QWebFrame::RenderLayer> layer={...}, const QRegion & clip={...})  Line 643 + 0x1d bytes	C++
Qt5WebKitWidgetsd.dll!QWebFrame::render(QPainter * painter=0x003ec1a0, const QRegion & clip={...})  Line 654	C++
Qt5WebKitWidgetsd.dll!QWebView::paintEvent(QPaintEvent * ev=0x003ecad0)  Line 835	C++
Qt5Widgetsd.dll!QWidget::event(QEvent * event=0x003ecad0)  Line 8002	C++
Qt5WebKitWidgetsd.dll!QWebView::event(QEvent * e=0x003ecad0)  Line 734	C++
Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0ba12ac0, QEvent * e=0x003ecad0)  Line 3398 + 0x11 bytes	C++
Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x0ba12ac0, QEvent * e=0x003ecad0)  Line 3363 + 0x10 bytes	C++
Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0ba12ac0, QEvent * event=0x003ecad0)  Line 767 + 0x15 bytes	C++
Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x0ba12ac0, QEvent * event=0x003ecad0)  Line 206 + 0x38 bytes	C++
Qt5Widgetsd.dll!QWidgetPrivate::drawWidget(QPaintDevice * pdev=0x0b98f4c4, const QRegion & rgn={...}, const QPoint & offset={...}, int flags=4, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x0b97e280)  Line 5127 + 0xe bytes	C++
Qt5Widgetsd.dll!QWidgetBackingStore::sync()  Line 1085	C++
Qt5Widgetsd.dll!QWidgetPrivate::syncBackingStore()  Line 1673	C++
Qt5Widgetsd.dll!QWidget::event(QEvent * event=0x11177540)  Line 8140	C++
Qt5Widgetsd.dll!QMainWindow::event(QEvent * event=0x11177540)  Line 1472	C++
Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0127a578, QEvent * e=0x11177540)  Line 3398 + 0x11 bytes	C++
Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x0127a578, QEvent * e=0x11177540)  Line 3363 + 0x10 bytes	C++
Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0127a578, QEvent * event=0x11177540)  Line 767 + 0x15 bytes	C++
Qt5Cored.dll!QCoreApplication::sendEvent(QObject * receiver=0x0127a578, QEvent * event=0x11177540)  Line 203 + 0x39 bytes	C++
Qt5Cored.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x0ac4efb0)  Line 1368 + 0x12 bytes	C++
Qt5Cored.dll!QCoreApplication::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0)  Line 1228 + 0x11 bytes	C++
Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 515 + 0xa bytes	C++
qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents()  Line 86 + 0xd bytes	C++
Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd=0x000712c8, unsigned int message=1025, unsigned int wp=0, long lp=0)  Line 423	C++
user32.dll!766362fa() 	
user32.dll!76636d3a() 	
user32.dll!76636ce9() 	
user32.dll!766377c4() 	
user32.dll!7663788a() 	
Qt5Cored.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 744	C++
qwindowsd.dll!QWindowsGuiEventDispatcher::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 78 + 0xd bytes	C++
Qt5Cored.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 137	C++
Qt5Cored.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 212 + 0x26 bytes	C++
Qt5Cored.dll!QCoreApplication::exec()  Line 1020 + 0x15 bytes	C++
Qt5Guid.dll!QGuiApplication::exec()  Line 1184	C++
Qt5Widgetsd.dll!QApplication::exec()  Line 2674	C++
browser.exe!main(int argc=1, char * * argv=0x0ac4d4a8)  Line 51 + 0x6 bytes	C++
browser.exe!WinMain(HINSTANCE__ * instance=0x01320000, HINSTANCE__ * prevInstance=0x00000000, char * __formal=0x001891a1, int cmdShow=10)  Line 131 + 0x12 bytes	C++
browser.exe!__tmainCRTStartup()  Line 547 + 0x2c bytes	C
browser.exe!WinMainCRTStartup()  Line 371	C
kernel32.dll!74db33aa() 	
ntdll.dll!77319ef2() 	
ntdll.dll!77319ec5()
Comment 1 Jonathan Liu 2013-04-27 02:35:51 PDT 
void Document::updateStyleIfNeeded()
{
    ASSERT(isMainThread());
    ASSERT(!view() || (!view()->isInLayout() && !view()->isPainting()));

    if ((!m_pendingStyleRecalcShouldForce && !childNeedsStyleRecalc()) || inPageCache())
        return;

    AnimationUpdateBlock animationUpdateBlock(m_frame ? m_frame->animation() : 0);
    recalcStyle(NoChange);
}

When the assertion failure occurs:
view(): 00000000314c17e0
view()-isInLayout(): 0
view()-isPainting(): 1
m_pendingStyleRecalcShouldForce: 0
childNeedsStyleRecalc(): 0
inPageCache(): 0

The assertion was added to check that the view is not in layout and is not painting when calling recalcStyle. As recalcStyle is not called in this situation, the assertion failure can be avoided by moving the assertion to after the early return.
Comment 2 Jonathan Liu 2013-04-27 02:59:32 PDT 
Created attachment 199900 [details]
Patch
Comment 3 Simon Fraser (smfr) 2013-04-27 10:15:09 PDT 
Comment on attachment 199900 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=199900&action=review

> Source/WebCore/ChangeLog:8
> +
> +        Reviewed by NOBODY (OOPS!).
> +
> +        * dom/Document.cpp:

This needs some explanation of the change. Which part of the assertion was firing? Why? How does the change solve this?
Comment 4 Jonathan Liu 2013-04-27 22:05:34 PDT 
Created attachment 199957 [details]
Patch
Comment 5 Simon Fraser (smfr) 2013-04-28 11:36:38 PDT 
Comment on attachment 199957 [details]
Patch

I think this is just papering over the cracks. It's wrong for updateStyleIfNeeded() to get called during painting, period. Yes, plugins that run script when being painted can cause this. They are evil plugins, but we can't stop them.

Mac has a code path that paints plugins into bitmaps earlier, and then paints those bitmaps during the painting code. Maybe Qt needs the  same thing.
Comment 6 Allan Sandfeld Jensen 2013-08-26 08:09:34 PDT 
The ugly thing here is that a simple access to the script-object will trigger a layout attempt.
Comment 7 Allan Sandfeld Jensen 2013-08-26 08:11:55 PDT 
Created attachment 209655 [details]
Patch
Comment 8 Anders Carlsson 2013-08-26 11:58:42 PDT 
Comment on attachment 209655 [details]
Patch

Who is accessing script elements during painting? Do you have a backtrace?
Comment 9 Anders Carlsson 2013-08-26 11:59:07 PDT 
(In reply to comment #8)
> (From update of attachment 209655 [details])
> Who is accessing script elements during painting? Do you have a backtrace?

Err, I see now that you do have a backtrace!
Comment 10 Allan Sandfeld Jensen 2013-08-27 02:59:32 PDT 
Comment on attachment 209655 [details]
Patch

Clearing flags on attachment: 209655

Committed r154672: <http://trac.webkit.org/changeset/154672>
Comment 11 Allan Sandfeld Jensen 2013-08-27 02:59:39 PDT 
All reviewed patches have been landed.  Closing bug.