Bug 71264 - ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a beforeload listener.
: ASSERT(!m_inBeforeLoadEventHandler) triggered when forcing a layout in a befo...
Status: NEW
Product: WebKit
Classification: Unclassified
Component: HTML DOM
: 528+ (Nightly build)
: All All
: P2 Major
Assigned To: Nobody
: InRadar
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-31 21:48 PDT by Andy Estes
Modified: 2013-04-09 04:30 PDT (History)
2 users (show)

See Also:


Attachments
Test case (170 bytes, text/html)
2011-10-31 21:48 PDT, Andy Estes
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andy Estes 2011-10-31 21:48:28 PDT
Created attachment 113125 [details]
Test case

Since HTMLObjectElement::updateWidget() is called during layout, we can do certain things in a beforeload listener that would trigger a reentrant layout and hence a re-entrant call to HTMLObjectElement::updateWidget(). A simple case would be calling event.target.offsetWidth in the listener for an object's beforeload event. See the attached test case. While this triggers an assertion in debug builds, it has no release symptom that I'm aware of.
Comment 1 Andy Estes 2011-10-31 21:48:51 PDT
<rdar://problem/9319618>