71264 – ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.

Bug 71264 - ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.

Summary: ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a befo...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	HTML DOM (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Major
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2011-10-31 21:48 PDT by Andy Estes
Modified:	2013-04-09 04:30 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Test case (170 bytes, text/html) 2011-10-31 21:48 PDT, Andy Estes	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andy Estes 2011-10-31 21:48:28 PDT

Created attachment 113125 [details]
Test case

Since HTMLObjectElement::updateWidget() is called during layout, we can do certain things in a beforeload listener that would trigger a reentrant layout and hence a re-entrant call to HTMLObjectElement::updateWidget(). A simple case would be calling event.target.offsetWidth in the listener for an object's beforeload event. See the attached test case. While this triggers an assertion in debug builds, it has no release symptom that I'm aware of.

Comment 1 Andy Estes 2011-10-31 21:48:51 PDT

<rdar://problem/9319618>