[Webkit-unassigned] [Bug 12045] Crash under gmalloc at WTF::RefPtr<WebCore::HTMLSliderThumbElement>::operator->
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 26 22:41:09 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=12045
------- Comment #7 from sam at webkit.org 2007-06-26 22:41 PDT -------
Created an attachment (id=15264)
--> (http://bugs.webkit.org/attachment.cgi?id=15264&action=view)
pseudo-patch to demonstrate assertion
After a little analysis of the situation, it seems this crash is happening due
to a bad cast that sometimes works. The issue is that the sliderthumb's
RenderObject expects it's parent renderer to be a RenderSlider and makes the
cast without checking. Adding a simple assert (see attached pseudo-patch) will
crash with even the simplest use of -webkit-appearance: sliderthumb-horizontal
or -webkit-appearance: sliderthumb-vertical without a Slider parent.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list