iOS: Many AMP pages hit a release assertion inside Document::updateStyleIfNeeded
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Dec 2017 04:50:48 +0000 (04:50 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Dec 2017 04:50:48 +0000 (04:50 +0000)
https://bugs.webkit.org/show_bug.cgi?id=180550

Reviewed by Simon Fraser.

Add a test for r225647.

* fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash-expected.txt: Added.
* fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@225670 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash.html [new file with mode: 0644]

index 3a5b96f..ff4c7c3 100644 (file)
@@ -1,3 +1,15 @@
+2017-12-07  Ryosuke Niwa  <rniwa@webkit.org>
+
+        iOS: Many AMP pages hit a release assertion inside Document::updateStyleIfNeeded
+        https://bugs.webkit.org/show_bug.cgi?id=180550
+
+        Reviewed by Simon Fraser.
+
+        Add a test for r225647.
+
+        * fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash-expected.txt: Added.
+        * fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash.html: Added.
+
 2017-12-07  Eric Carlson  <eric.carlson@apple.com>
 
         Simplify log channel configuration UI
diff --git a/LayoutTests/fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash-expected.txt b/LayoutTests/fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash-expected.txt
new file mode 100644 (file)
index 0000000..b8861e5
--- /dev/null
@@ -0,0 +1,3 @@
+This tests that WebKit doesn't crash when there is an non-flattened iframe inside a flattened iframe.
+
+PASS. WebKit did not crash.
diff --git a/LayoutTests/fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash.html b/LayoutTests/fast/frames/flattening/non-flattening-frame-inside-flattening-iframe-crash.html
new file mode 100644 (file)
index 0000000..8b9c858
--- /dev/null
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests that WebKit doesn't crash when there is an non-flattened iframe inside a flattened iframe.</p>
+<div id="container"></div>
+<script>
+
+if (window.testRunner && window.internals) {
+    testRunner.dumpAsText();
+    internals.settings.setFrameFlattening("FullyEnabled");
+}
+
+const container = document.getElementById('container');
+const outerIFrame = document.createElement('iframe');
+container.appendChild(outerIFrame);
+
+const innerIFrame = document.createElement('iframe');
+innerIFrame.setAttribute('scrolling', 'no');
+innerIFrame.style.width = '100px';
+innerIFrame.style.height = '100px';
+
+outerIFrame.contentDocument.body.appendChild(innerIFrame);
+
+let content = '';
+for (let i = 0; i < 50; i++)
+    content += `some text ${i}<br>`;
+
+innerIFrame.contentDocument.body.innerHTML = content;
+
+document.body.getBoundingClientRect();
+container.textContent = 'PASS. WebKit did not crash.';
+
+</script>
+</body>
+</html>