startDelayUpdateScrollInfo calls a function that can end up calling startDelayUpdateScrollInfo again. However, it's static state is inconsistent when this happens leading to an assertion failure (or probably a memory leak if assertions are off). #0 WebCore::RenderBlock::startDelayUpdateScrollInfo () at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:605 #1 0x0000000000f88b9d in WebCore::RenderFlexibleBox::layoutHorizontalBox (this=0x2aaab801ea38, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:336 #2 0x0000000000f8a0c0 in WebCore::RenderFlexibleBox::layoutBlock (this=0x2aaab801ea38, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:242 #3 0x0000000000f49b57 in WebCore::RenderBlock::layout (this=0x2aaab801ea38) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:649 #4 0x0000000000f4d881 in WebCore::RenderObject::layoutIfNeeded (this=0x2aaab801ea38) at third_party/WebKit/WebCore/rendering/RenderObject.h:496 #5 0x0000000000f66caf in WebCore::RenderBlock::layoutInlineChildren (this=0x2aaab801dc68, relayoutChildren=true, repaintTop=@0x7fffffffbd4c, repaintBottom=@0x7fffffffbd48) at third_party/WebKit/WebCore/rendering/RenderBlockLineLayout.cpp:865 #6 0x0000000000f4a1db in WebCore::RenderBlock::layoutBlock (this=0x2aaab801dc68, relayoutChildren=true) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:723 #7 0x0000000000fa42c7 in WebCore::RenderLayer::updateScrollInfoAfterLayout (this=0x2aaab801dd48) at third_party/WebKit/WebCore/rendering/RenderLayer.cpp:1872 #8 0x0000000000f4a90a in WebCore::RenderBlock::finishDelayUpdateScrollInfo () at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:623 #9 0x0000000000f89a58 in WebCore::RenderFlexibleBox::layoutHorizontalBox (this=0x2aaab801c0a8, relayoutChildren=false) at third_party/WebKit/WebCore/rendering/RenderFlexibleBox.cpp:558
Created attachment 44335 [details] patch
style-queue ran check-webkit-style on attachment 44335 [details] without any errors.
Comment on attachment 44335 [details] patch An OwnPtr would be better than an explicit delete.
Switched to OwnPtr and landed as r51883
*** Bug 32009 has been marked as a duplicate of this bug. ***