Bug 166573 - RenderImages with dirty layout after layout on 4chan.org
Summary: RenderImages with dirty layout after layout on 4chan.org
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-29 07:40 PST by Andreas Kling
Modified: 2016-12-29 07:40 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Kling 2016-12-29 07:40:58 PST 
To reproduce:

Open any thread on http://boards.4chan.org/wg/catalog
For example: http://boards.4chan.org/wg/thread/6803455

SHOULD NEVER BE REACHED
/Volumes/Gala/Users/kling/Source/Safari/OpenSource/Source/WebCore/page/FrameView.cpp(218) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const
1   0x10bff565d WTFCrash
2   0x10f368163 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::'lambda'(WebCore::RenderObject const&)::operator()(WebCore::RenderObject const&) const
3   0x10f3680d2 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
4   0x10f354fb5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
5   0x10f35342d WebCore::FrameView::layout(bool)
6   0x10f363fd9 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive()
7   0x108238c15 WebKit::WebPage::layoutIfNeeded()
8   0x107fbfdcc WebKit::TiledCoreAnimationDrawingArea::flushLayers()
9   0x107fc0529 non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers()
10  0x1103db865 WebCore::LayerFlushScheduler::layerFlushCallback()
11  0x1103dcadb WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const
12  0x1103dca8d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_
13  0x1103dca39 std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()()
14  0x10e8afc3a std::__1::function<void ()>::operator()() const
15  0x110c4385a WebCore::RunLoopObserver::runLoopObserverFired()
16  0x110c437e0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*)
17  0x7fff8ff742d7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
18  0x7fff8ff74247 __CFRunLoopDoObservers
19  0x7fff8ff54b76 CFRunLoopRunSpecific
20  0x7fff8f4dfacc RunCurrentEventLoopInMode
21  0x7fff8f4df901 ReceiveNextEventCommon
22  0x7fff8f4df736 _BlockUntilNextEventMatchingListInModeWithFilter
23  0x7fff8da85abc _DPSNextEvent
24  0x7fff8e2001f7 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
25  0x7fff8da7a43d -[NSApplication run]
26  0x7fff8da44d58 NSApplicationMain
27  0x7fffa57b18c7 _xpc_objc_main
28  0x7fffa57b02e4 xpc_main
29  0x106d2418d main
30  0x7fffa554d255 start
31  0x1

ERROR: post-layout: dirty renderer(s)
/Volumes/Gala/Users/kling/Source/Safari/OpenSource/Source/WebCore/page/FrameView.cpp(216) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const

Render tree is too big for a bugzilla comment, but this guy is the culprit:

BA----L- -+*           IMG RenderImage  (1164.50, 193.31) (0.00, 0.00) renderer->(0x12694e330) node->(0x123290420) layout->[normal child]