155885 – RenderImage::repaintOrMarkForLayout fails when the renderer is detached.

Bug 155885 - RenderImage::repaintOrMarkForLayout fails when the renderer is detached.

Summary: RenderImage::repaintOrMarkForLayout fails when the renderer is detached.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	zalan

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2016-03-25 08:56 PDT by zalan
Modified:	2016-04-06 18:13 PDT (History)
CC List:	12 users (show)

See Also:	155109

Attachments
backtrace (90.34 KB, text/plain) 2016-03-25 08:56 PDT, zalan	no flags	Details
Patch (10.80 KB, patch) 2016-03-25 15:06 PDT, zalan	no flags	Details \| Formatted Diff \| Diff
Patch (10.82 KB, patch) 2016-03-25 15:38 PDT, zalan	zalan: commit-queue-	Details \| Formatted Diff \| Diff
Patch (10.85 KB, patch) 2016-03-25 15:41 PDT, zalan	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zalan 2016-03-25 08:56:19 PDT

Created attachment 274908 [details]
backtrace

see stacktrace.

Comment 1 Radar WebKit Bug Importer 2016-03-25 08:58:59 PDT

<rdar://problem/25359164>

Comment 2 zalan 2016-03-25 09:45:37 PDT

related to bug 155109

Comment 3 zalan 2016-03-25 15:06:47 PDT

Created attachment 274945 [details]
Patch

Comment 4 Simon Fraser (smfr) 2016-03-25 15:14:59 PDT

Comment on attachment 274945 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=274945&action=review

> Source/WebCore/rendering/RenderObject.cpp:716
>      if (!is<RenderBlock>(parent))

This should just be a null check.

Comment 5 zalan 2016-03-25 15:38:24 PDT

Created attachment 274948 [details]
Patch

Comment 6 zalan 2016-03-25 15:41:55 PDT

Created attachment 274949 [details]
Patch

Comment 7 WebKit Commit Bot 2016-03-25 16:45:13 PDT

Comment on attachment 274949 [details]
Patch

Clearing flags on attachment: 274949

Committed r198701: <http://trac.webkit.org/changeset/198701>

Comment 8 WebKit Commit Bot 2016-03-25 16:45:20 PDT

All reviewed patches have been landed.  Closing bug.

Comment 9 Michael Catanzaro 2016-04-06 18:12:18 PDT

FYI I am backporting this to our 2.12.0 package in Fedora. We haven't received many crash reports because we don't have 2.12.0 in any stable release yet, but I've gotten several complaints on Bugzilla and IRC.

(Thanks for fixing it so quickly, Zalan.)

Comment 10 Michael Catanzaro 2016-04-06 18:13:28 PDT

Notable complaint is that this crash occurs on Google shortly after searching for anything (although I wasn't able to reproduce that myself).