We've had a lot of bugs in the past with compositing turning off or the GraphicsLayer tree being mutated during painting. See https://bugs.webkit.org/show_bug.cgi?id=54707, http://trac.webkit.org/changeset/45715/trunk/WebCore/rendering/RenderLayer.cpp and others. We should add ASSERT()s to catch this case and some test cases to hit the areas where we've seen this happen in the past.
Created attachment 108549 [details] some assertions, no test case yet
I'm working on reduce a manual test case down to something automated that will make this ASSERT() hit without the fix in https://bugs.webkit.org/show_bug.cgi?id=68727.
Created attachment 108572 [details] Patch
Many bothans died to bring you this test case that reliably fails in DRT prior to http://trac.webkit.org/changeset/95863. The timing is unbelievably sensitive.
Comment on attachment 108572 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=108572&action=review > Source/WebCore/platform/graphics/GraphicsLayer.cpp:65 > +static bool s_inPaintContents = false; I would have used a counter, but that's because I'm paranoid about re-entrancy from working on the parser. :)
Comment on attachment 108572 [details] Patch Clearing flags on attachment: 108572 Committed r96160: <http://trac.webkit.org/changeset/96160>
All reviewed patches have been landed. Closing bug.