71264 – ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.

Bug 71264 - ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.

Summary: ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a befo...

Status:	RESOLVED CONFIGURATION CHANGED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Major
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2011-10-31 21:48 PDT by Andy Estes
Modified:	2023-01-20 13:29 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Test case (170 bytes, text/html) 2011-10-31 21:48 PDT, Andy Estes	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andy Estes 2011-10-31 21:48:28 PDT

Created attachment 113125 [details]
Test case

Since HTMLObjectElement::updateWidget() is called during layout, we can do certain things in a beforeload listener that would trigger a reentrant layout and hence a re-entrant call to HTMLObjectElement::updateWidget(). A simple case would be calling event.target.offsetWidth in the listener for an object's beforeload event. See the attached test case. While this triggers an assertion in debug builds, it has no release symptom that I'm aware of.

Comment 1 Andy Estes 2011-10-31 21:48:51 PDT

<rdar://problem/9319618>

Comment 2 Ahmad Saleem 2023-01-20 10:06:47 PST

I am not able to reproduce this assert in Debug WK2 MiniBrowser using build based of 259136@main on attached test case.

Anything else required or any better step to reproduce beside loading this test case in debug build? Thanks!