[Webkit-unassigned] [Bug 12353] REGRESSION: Crash on load
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 21 11:04:39 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12353
------- Comment #4 from ddkilzer at webkit.org 2007-01-21 11:04 PDT -------
The bug happens in urchin.js in this JavaScript code:
if ((_userv==1 || _userv==2) && _uSP()) {
var i2=new Image(1,1); // Safari dies executing this line
i2.src=_ugifpath2+"?"+"utmwv="+_uwv+s+"&utmac="+_uacct+"&utmcc="+_uGCS();
i2.onload=function() { _uVoid(); }
}
When HTMLImageElement::setHeight() is called, it eventually reaches
Element::attributes(bool readonly), and the call to
updateStyleAttributeIfNeeded() in that method appears to simply "step off the
the deep end" as if it doesn't know where to find that method.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list