Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bf80e3eedd686c0fe2ecce39b3143e6279a89103
https://github.com/WebKit/WebKit/commit/bf80e3eedd686c0fe2ecce39b3143e6279a89103
Author: Zak Ridouh <[email protected]>
Date: 2026-06-05 (Fri, 05 Jun 2026)
Changed paths:
A
LayoutTests/fast/scrolling/scroll-update-during-grid-layout-crash-expected.txt
A LayoutTests/fast/scrolling/scroll-update-during-grid-layout-crash.html
M Source/WebCore/rendering/RenderLayerScrollableArea.cpp
Log Message:
-----------
[grid layout] Don't call viewportContentsChanged() from scroll updates during
render tree layout
<https://bugs.webkit.org/show_bug.cgi?id=309595>
<rdar://170531390>
Reviewed by Simon Fraser.
RenderLayerScrollableArea::scrollTo() calls
LocalFrameView::viewportContentsChanged() which computes visibility
rects by querying renderer geometry via applyRecursivelyWithVisibleRect.
When scrollTo() is invoked during render tree layout (e.g. via
updateScrollInfoAfterLayout during grid pre-layout), containing blocks
may not have completed layout yet. This causes an assertion failure in
gridAreaRangeForOutOfFlow when trying to resolve percentage padding on
an absolutely positioned iframe against a grid area that hasn't been
populated yet.
Guard the viewportContentsChanged() call with isInRenderTreeLayout().
This is safe because performPostLayoutTasks() already calls
viewportContentsChanged() unconditionally after every layout completes.
*
LayoutTests/fast/scrolling/scroll-update-during-grid-layout-crash-expected.txt:
Added.
* LayoutTests/fast/scrolling/scroll-update-during-grid-layout-crash.html: Added.
* Source/WebCore/rendering/RenderLayerScrollableArea.cpp:
(WebCore::RenderLayerScrollableArea::scrollTo):
Originally-landed-as: 305413.639@rapid/safari-7624.2.5.110-branch
(b6e4815bf940). rdar://176059267
Canonical link: https://commits.webkit.org/314622@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
