Bug 71264 – ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.

Bug 71264 - ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.


Summary:	ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a befo...

Status:	NEW

Product:	WebKit
Component:	HTML DOM
Version:	528+ (Nightly build)
Platform:	All All

Importance:	P2 Major
Assigned To:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2011-10-31 21:48 PST by Andy Estes
Modified:	2013-04-09 04:30 PST (History)

Attachments
Test case (170 bytes, text/html) 2011-10-31 21:48 PST, Andy Estes	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Andy Estes 2011-10-31 21:48:28 PST

Created an attachment (id=113125) [details]
Test case

Since HTMLObjectElement::updateWidget() is called during layout, we can do certain things in a beforeload listener that would trigger a reentrant layout and hence a re-entrant call to HTMLObjectElement::updateWidget(). A simple case would be calling event.target.offsetWidth in the listener for an object's beforeload event. See the attached test case. While this triggers an assertion in debug builds, it has no release symptom that I'm aware of.

------- Comment #1 From Andy Estes 2011-10-31 21:48:51 PST -------

<rdar://problem/9319618>