NEW 166573
RenderImages with dirty layout after layout on 4chan.org 
https://bugs.webkit.org/show_bug.cgi?id=166573
Summary RenderImages with dirty layout after layout on 4chan.org
Andreas Kling
Reported 2016-12-29 07:40:58 PST
To reproduce: Open any thread on http://boards.4chan.org/wg/catalog For example: http://boards.4chan.org/wg/thread/6803455 SHOULD NEVER BE REACHED /Volumes/Gala/Users/kling/Source/Safari/OpenSource/Source/WebCore/page/FrameView.cpp(218) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const 1 0x10bff565d WTFCrash 2 0x10f368163 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::'lambda'(WebCore::RenderObject const&)::operator()(WebCore::RenderObject const&) const 3 0x10f3680d2 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker() 4 0x10f354fb5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker() 5 0x10f35342d WebCore::FrameView::layout(bool) 6 0x10f363fd9 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 7 0x108238c15 WebKit::WebPage::layoutIfNeeded() 8 0x107fbfdcc WebKit::TiledCoreAnimationDrawingArea::flushLayers() 9 0x107fc0529 non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() 10 0x1103db865 WebCore::LayerFlushScheduler::layerFlushCallback() 11 0x1103dcadb WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const 12 0x1103dca8d _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN7WebCore19LayerFlushSchedulerC1EPNS3_25LayerFlushSchedulerClientEE3$_0EEEvDpOT_ 13 0x1103dca39 std::__1::__function::__func<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0, std::__1::allocator<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>, void ()>::operator()() 14 0x10e8afc3a std::__1::function<void ()>::operator()() const 15 0x110c4385a WebCore::RunLoopObserver::runLoopObserverFired() 16 0x110c437e0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) 17 0x7fff8ff742d7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 18 0x7fff8ff74247 __CFRunLoopDoObservers 19 0x7fff8ff54b76 CFRunLoopRunSpecific 20 0x7fff8f4dfacc RunCurrentEventLoopInMode 21 0x7fff8f4df901 ReceiveNextEventCommon 22 0x7fff8f4df736 _BlockUntilNextEventMatchingListInModeWithFilter 23 0x7fff8da85abc _DPSNextEvent 24 0x7fff8e2001f7 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 25 0x7fff8da7a43d -[NSApplication run] 26 0x7fff8da44d58 NSApplicationMain 27 0x7fffa57b18c7 _xpc_objc_main 28 0x7fffa57b02e4 xpc_main 29 0x106d2418d main 30 0x7fffa554d255 start 31 0x1 ERROR: post-layout: dirty renderer(s) /Volumes/Gala/Users/kling/Source/Safari/OpenSource/Source/WebCore/page/FrameView.cpp(216) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const Render tree is too big for a bugzilla comment, but this guy is the culprit: BA----L- -+* IMG RenderImage (1164.50, 193.31) (0.00, 0.00) renderer->(0x12694e330) node->(0x123290420) layout->[normal child]
Attachments
Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.