The attached testcase reproduces this assertion 100% of the time in DumpRenderTree, but (not yet) in Safari or Minibrowser. Similar to https://bugs.webkit.org/show_bug.cgi?id=103432.
Created attachment 205847 [details] testcase
I’m going to land this testcase with https://bugs.webkit.org/show_bug.cgi?id=118176.
(In reply to comment #2) > I’m going to land this testcase with https://bugs.webkit.org/show_bug.cgi?id=118176. If the test-case is landed, does that mean the bug is fixed or is the test now partially failing?
(In reply to comment #3) > (In reply to comment #2) > > I’m going to land this testcase with https://bugs.webkit.org/show_bug.cgi?id=118176. > > If the test-case is landed, does that mean the bug is fixed or is the test now partially failing? Partially skipped.
I can reproduce this in both Safari 5.0.6 and Minibrowser WK1 by doing the following (you'll need a google account for this): 1. go to [http://code.google.com/p/chromium/issues/detail?id=244592] 2. log in 3. scroll down and click in the box to add new comment, so that the text input cursor is blinking in that box 4. scroll up Here the crash upon scrolling is "enabled" by the fact of having clicked in the box. Clicking inside the box and then clicking outside of it doesn't "disable" it.
Looks like this causes heavily broken rendering in release mode.
To clarify, I know that this test renders wrong in release builds (tracked internally at Apple as <rdar://problem/14391146>), I don't know how closely that's related to the assertion failure.