RESOLVED FIXED 173468
Crash due to infinite recursion via FrameSelection::updateAppearanceAfterLayout 
https://bugs.webkit.org/show_bug.cgi?id=173468
Summary Crash due to infinite recursion via FrameSelection::updateAppearanceAfterLayout
Antti Koivisto
Reported 2017-06-16 07:21:13 PDT
Infinite recursion via updateAppearanceAfterLayout: 17 libsystem_kernel.dylib: kdebug_trace ==> 17 WebCore: WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) <== 17 WebCore: WebCore::Document::updateLayout() 17 WebCore: WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) 17 WebCore: WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) 17 WebCore: WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) 17 WebCore: WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::EAffinity) 17 WebCore: WebCore::adjustedSelectionStartForStyleComputation(WebCore::VisibleSelection const&) 17 WebCore: WebCore::Editor::styleForSelectionStart(WebCore::Frame*, WebCore::Node*&) 17 WebKit: WebKit::WebPage::editorState(WebKit::WebPage::IncludePostLayoutDataHint) const 17 WebKit: WebKit::WebPage::updateEditorStateAfterLayoutIfEditabilityChanged() 17 WebCore: WebCore::FrameSelection::updateAppearanceAfterLayout() 17 WebCore: WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 17 WebCore: WebCore::Document::updateLayout() 17 WebCore: WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) 17 WebCore: WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) 17 WebCore: WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) 17 WebCore: WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::EAffinity) 17 WebCore: WebCore::adjustedSelectionStartForStyleComputation(WebCore::VisibleSelection const&) 17 WebCore: WebCore::Editor::styleForSelectionStart(WebCore::Frame*, WebCore::Node*&) 17 WebKit: WebKit::WebPage::editorState(WebKit::WebPage::IncludePostLayoutDataHint) const 17 WebKit: WebKit::WebPage::updateEditorStateAfterLayoutIfEditabilityChanged() 17 WebCore: WebCore::FrameSelection::updateAppearanceAfterLayout() 17 WebCore: WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 17 WebCore: WebCore::Document::updateLayout()
Attachments
patch (7.92 KB, patch)
2017-06-16 07:47 PDT, Antti Koivisto 		rniwa: review+
DetailsFormatted DiffDiff
patch (7.17 KB, patch)
2017-06-17 01:28 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews125 for ios-simulator-wk2 (919.15 KB, application/zip)
2017-06-17 02:55 PDT, Build Bot 		no flags
Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2017-06-16 07:22:11 PDT
<rdar://problem/32597587>
Antti Koivisto
Comment 2 2017-06-16 07:47:09 PDT
Created attachment 313075 [details] patch
Ryosuke Niwa
Comment 3 2017-06-16 18:46:20 PDT
Comment on attachment 313075 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=313075&action=review r=me with the timer in FrameSelection. > Source/WebCore/ChangeLog:11 > + because itmay cause another call to resolveStyle. We have some cases where the style Nit: it *may. > Source/WebCore/page/FrameView.cpp:350 > + m_selectionAppearanceUpdateTimer.stop(); I think it's cleaner to add this timer in FrameSelection. > LayoutTests/editing/selection/updateAppearanceAfterLayout-recursion.html:14 > +link.setAttribute("href", "data:text/css,"+Math.random()); It seems unnecessary to use Math.random()
Antti Koivisto
Comment 4 2017-06-16 23:30:54 PDT
> It seems unnecessary to use Math.random() It is there to defeat memory cache. Otherwise the load may complete synchronously.
Antti Koivisto
Comment 5 2017-06-17 01:28:08 PDT
Created attachment 313191 [details] patch
Build Bot
Comment 6 2017-06-17 02:55:52 PDT
Comment on attachment 313191 [details] patch Attachment 313191 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3946873 New failing tests: webrtc/video-replace-muted-track.html
Build Bot
Comment 7 2017-06-17 02:55:53 PDT
Created attachment 313195 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5
WebKit Commit Bot
Comment 8 2017-06-17 06:02:12 PDT
Comment on attachment 313191 [details] patch Clearing flags on attachment: 313191 Committed r218451: <http://trac.webkit.org/changeset/218451>
WebKit Commit Bot
Comment 9 2017-06-17 06:02:13 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.