From f341af1d7265eee880355f10ef5d479c9ebceaf2 Mon Sep 17 00:00:00 2001 From: Aliaksandr Kalenik Date: Sun, 29 Sep 2024 17:25:26 +0200 Subject: [PATCH] LibWeb: Forbid reentrancy of style-layout-repaint in EventLoop::process Fixes crashing on https://playbiolab.com/ in VERIFY(page.client().is_ready_to_paint()) caused by attempting to start the next repaint before the ongoing repaint is done. --- .../Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp | 11 +++++++++++ Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.h | 2 ++ 2 files changed, 13 insertions(+) diff --git a/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp b/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp index 26a3ee6d080..9858c32c031 100644 --- a/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp +++ b/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp @@ -177,6 +177,17 @@ void EventLoop::process() // 8. Microtasks: Perform a microtask checkpoint. perform_a_microtask_checkpoint(); + if (m_is_running_reflow_steps) { + // NOTE: If we entered style-layout-repaint steps, then we need to wait for them to finish before doing next iteration. + schedule(); + return; + } + + m_is_running_reflow_steps = true; + ScopeGuard const guard = [this] { + m_is_running_reflow_steps = false; + }; + // 9. Let hasARenderingOpportunity be false. [[maybe_unused]] bool has_a_rendering_opportunity = false; diff --git a/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.h b/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.h index d50a0d894fc..287840c893c 100644 --- a/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.h +++ b/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.h @@ -113,6 +113,8 @@ private: bool m_execution_paused { false }; bool m_skip_event_loop_processing_steps { false }; + + bool m_is_running_reflow_steps { false }; }; EventLoop& main_thread_event_loop();