RESOLVED DUPLICATE of bug 135514 140455
[Win] Crashes due to invalid RenderLayer::m_enclosingPaginationLayer
https://bugs.webkit.org/show_bug.cgi?id=140455
Summary [Win] Crashes due to invalid RenderLayer::m_enclosingPaginationLayer
Brent Fulgham
Reported 2015-01-14 10:48:33 PST
I have found that a number of layout tests are crashing on Windows in release builds because the RenderLayer's m_enclosingPaginationLayer is invalid. Debugging indicates the following: 1. In RenderLayer::updatePagination(), the RenderLayer sets its m_enclosingPaginationLayer to the result of parent()->enclosingPaginationLayer(IncludeCompositedPaginatedLayers); This is a valid RenderLayer. 2. Later, the RenderLayer we assigned in the first step is deleted during a later stage of layout. 3. RenderLayer::m_enclosingPaginationLayer is not set to nullptr, and becomes a dangling pointer. 4. Later, RenderLayer::hasCompositedLayerInEnclosingPaginationChain() is called, which attempts to call 'isComposited' through the garbage m_enclosingPaginationLayer. The issue seems to be that the destruction of the RenderLayer referenced by m_enclosingPaginationLayer is not communicated back to the RenderLayer holding this pointer, so it doesn't know that the value is invalid.
Attachments
Some dump analysis. (21.02 KB, application/octet-stream)
2015-01-14 11:53 PST, Brent Fulgham
no flags
Simon Fraser (smfr)
Comment 1 2015-01-14 10:59:17 PST
Brent Fulgham
Comment 2 2015-01-14 11:23:54 PST
I wonder if this is only hit in WK1?
Brent Fulgham
Comment 3 2015-01-14 11:28:53 PST
I am seeing this with the test "fast/dynamic/layer-no-longer-paginated.html"
Brent Fulgham
Comment 4 2015-01-14 11:53:03 PST
Created attachment 244627 [details] Some dump analysis.
Simon Fraser (smfr)
Comment 5 2015-01-14 12:02:30 PST
This is exactly rdar://problem/17873488
Brent Fulgham
Comment 6 2015-01-14 13:30:29 PST
*** This bug has been marked as a duplicate of bug 135514 ***
Note You need to log in before you can comment on or make changes to this bug.