Bug 32172 - Fix assertion failure in WebCore::RenderBlock::startDelayUpdateScrollInfo
Summary: Fix assertion failure in WebCore::RenderBlock::startDelayUpdateScrollInfo
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
: 32009 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-12-04 14:11 PST by Adam Langley
Modified: 2012-04-18 16:04 PDT (History)
4 users (show)

See Also:

Attachments
patch (4.19 KB, patch)
2009-12-04 14:13 PST, Adam Langley 		darin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Langley 2009-12-04 14:11:23 PST 
startDelayUpdateScrollInfo calls a function that can end up calling startDelayUpdateScrollInfo again. However, it's static state is inconsistent when this happens leading to an assertion failure (or probably a memory leak if assertions are off).

#0  WebCore::RenderBlock::startDelayUpdateScrollInfo ()
    at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:605
#1  0x0000000000f88b9d in WebCore::RenderFlexibleBox::layoutHorizontalBox 
(this=0x2aaab801ea38, 
    relayoutChildren=false) at 
third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:336
#2  0x0000000000f8a0c0 in WebCore::RenderFlexibleBox::layoutBlock 
(this=0x2aaab801ea38, 
    relayoutChildren=false) at 
third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:242
#3  0x0000000000f49b57 in WebCore::RenderBlock::layout (this=0x2aaab801ea38)
    at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:649
#4  0x0000000000f4d881 in WebCore::RenderObject::layoutIfNeeded (this=0x2aaab801ea38)
    at third_party/WebKit/WebCore/rendering/RenderObject.h:496
#5  0x0000000000f66caf in WebCore::RenderBlock::layoutInlineChildren 
(this=0x2aaab801dc68, 
    relayoutChildren=true, repaintTop=@0x7fffffffbd4c, repaintBottom=@0x7fffffffbd48)
    at third_party/WebKit/WebCore/rendering/RenderBlockLineLayout.cpp:865
#6  0x0000000000f4a1db in WebCore::RenderBlock::layoutBlock (this=0x2aaab801dc68, 
relayoutChildren=true)
    at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:723
#7  0x0000000000fa42c7 in WebCore::RenderLayer::updateScrollInfoAfterLayout 
(this=0x2aaab801dd48)
    at third_party/WebKit/WebCore/rendering/RenderLayer.cpp:1872
#8  0x0000000000f4a90a in WebCore::RenderBlock::finishDelayUpdateScrollInfo ()
    at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:623
#9  0x0000000000f89a58 in WebCore::RenderFlexibleBox::layoutHorizontalBox 
(this=0x2aaab801c0a8, 
    relayoutChildren=false) at 
third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:558
Comment 1 Adam Langley 2009-12-04 14:13:51 PST 
Created attachment 44335 [details]
patch
Comment 2 WebKit Review Bot 2009-12-04 14:15:23 PST 
style-queue ran check-webkit-style on attachment 44335 [details] without any errors.
Comment 3 Darin Adler 2009-12-04 15:43:23 PST 
Comment on attachment 44335 [details]
patch

An OwnPtr would be better than an explicit delete.
Comment 4 Adam Langley 2009-12-08 17:48:21 PST 
Switched to OwnPtr and landed as r51883
Comment 5 Shinichiro Hamaji 2009-12-28 19:04:58 PST 
*** Bug 32009 has been marked as a duplicate of this bug. ***