115412 – [BlackBerry] Crash due to an assert in FrameView::doDeferredRepaints

RESOLVED FIXED 115412

[BlackBerry] Crash due to an assert in FrameView::doDeferredRepaints

https://bugs.webkit.org/show_bug.cgi?id=115412

Summary [BlackBerry] Crash due to an assert in FrameView::doDeferredRepaints

Carlos Garcia Campos

Reported 2013-04-30 05:36:10 PDT

PR 328223 Program terminated with signal 11, Segmentation fault. #0 0x7c65208c in WebCore::FrameView::doDeferredRepaints (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:2227 2227 ASSERT(!m_deferringRepaints); (gdb) bt #0 0x7c65208c in WebCore::FrameView::doDeferredRepaints (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:2227 #1 0x7c652036 in WebCore::FrameView::flushDeferredRepaints (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:2219 #2 0x7c6562a4 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:3625 #3 0x78e27506 in BlackBerry::WebKit::WebPagePrivate::requestLayoutIfNeeded (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1347 #4 0x78e2840e in BlackBerry::WebKit::WebPagePrivate::zoomToInitialScaleOnLoad (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1700 #5 0x78e28008 in BlackBerry::WebKit::WebPagePrivate::layoutFinished (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1608 #6 0x78e5cd90 in WebCore::ChromeClientBlackBerry::layoutUpdated (this=0x8104470, frame=0x80ef3b0) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/WebCoreSupport/ChromeClientBlackBerry.cpp:743 #7 0x7c64fba6 in WebCore::FrameView::layout (this=0x8094400, allowSubtree=true) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:1379 #8 0x7c656242 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x8094400) at /home/cgarcia/rim/webkit/Source/WebCore/page/FrameView.cpp:3611 #9 0x78e27506 in BlackBerry::WebKit::WebPagePrivate::requestLayoutIfNeeded (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1347 #10 0x78e2840e in BlackBerry::WebKit::WebPagePrivate::zoomToInitialScaleOnLoad (this=0x8096558) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:1700 #11 0x78e5ce1e in WebCore::ChromeClientBlackBerry::didDiscoverFrameSet (this=0x8104470, frame=0x80ef3b0) at /home/cgarcia/rim/webkit/Source/WebKit/blackberry/WebCoreSupport/ChromeClientBlackBerry.cpp:769 #12 0x7c334e2c in WebCore::HTMLFrameSetElement::attach (this=0x82bedb8) at /home/cgarcia/rim/webkit/Source/WebCore/html/HTMLFrameSetElement.cpp:197 #13 0x7c1a65c8 in WebCore::Node::reattach (this=0x82bedb8) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Node.h:896 #14 0x7c1a0506 in WebCore::Element::recalcStyle (this=0x82bedb8, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:1383 #15 0x7c1a0862 in WebCore::Element::recalcStyle (this=0x821cf38, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:1448 #16 0x7c1a0862 in WebCore::Element::recalcStyle (this=0x821ce18, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:1448 #17 0x7c13fcd4 in WebCore::Document::recalcStyle (this=0x826de00, change=WebCore::Node::NoChange) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1840 #18 0x7c13fede in WebCore::Document::updateStyleIfNeeded (this=0x826de00) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1885 #19 0x7c1400ae in WebCore::Document::updateLayout (this=0x826de00) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1916 #20 0x7c1401b2 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x826de00) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Document.cpp:1954 #21 0x7c19dc64 in WebCore::Element::offsetTop (this=0x821cf38) at /home/cgarcia/rim/webkit/Source/WebCore/dom/Element.cpp:509 #22 0x7cd83e56 in WebCore::jsElementOffsetTop (exec=0x9300058, slotBase=...) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSElement.cpp:321 #23 0x78f0832a in JSC::PropertySlot::getValue (this=0x7dfddc8, exec=0x9300058, propertyName=...) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/PropertySlot.h:76 #24 0x7cc30c36 in JSC::JSValue::get (this=0x7dfddf8, exec=0x9300058, propertyName=..., slot=...) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:639 #25 0x0bee4cac in JSC::LLInt::llint_slow_path_get_by_id (exec=0x9300058, pc=0x8356608) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:917 #26 0x0beeb8fe in llint_op_get_by_id () from libjavascriptcore.so.0 #27 0x0beeb8fe in llint_op_get_by_id () from libjavascriptcore.so.0

Attachments
Patch (8.94 KB, patch) 2013-04-30 05:44 PDT, Carlos Garcia Campos	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Carlos Garcia Campos

Comment 1 2013-04-30 05:44:21 PDT

Created attachment 200102 [details] Patch

Arvid Nilsson

Comment 2 2013-04-30 06:53:38 PDT

Comment on attachment 200102 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=200102&action=review LGTM with some comments > Source/WebKit/blackberry/Api/BackingStore.cpp:393 > + m_webPage->d->updateLayoutAndStyleIfNeededRecursive(); You could consider calling the BackingStorePrivate::requestLayoutIfNeeded() method, which encapsulates this exact call. > Source/WebKit/blackberry/Api/BackingStore.cpp:1108 > void BackingStorePrivate::requestLayoutIfNeeded() const You could consider renaming this method "updateLayoutAndStyleIfNeededRecursive" to fit with the new naming scheme, but I would say the return on investment is low since we're planning to remove the BackingStore class eventually.

Rob Buis

Comment 3 2013-05-13 08:40:08 PDT

Comment on attachment 200102 [details] Patch Ok.

WebKit Commit Bot

Comment 4 2013-05-14 01:52:23 PDT

Comment on attachment 200102 [details] Patch Clearing flags on attachment: 200102 Committed r150060: <http://trac.webkit.org/changeset/150060>

WebKit Commit Bot

Comment 5 2013-05-14 01:52:25 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit BlackBerry

Assignee

Nobody

Reported

2013-04-30 05:36 PDT

Modified

2013-05-14 01:52 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks