[Webkit-unassigned] [Bug 13243] New: REGRESSION (NativeListBox): Repro crash/assert when using scroll wheel on a list box taller than its contents

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Mar 31 06:10:47 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=13243

           Summary: REGRESSION (NativeListBox): Repro crash/assert when
                    using scroll wheel on a list box taller than its
                    contents
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh
               URL: data:text/html,<select multiple><option>Scrollwheel
                    here</option></select>
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: Regression, NeedsRadar, NativeListBox
          Severity: Critical
          Priority: P1
         Component: Forms
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mitz at webkit.org


Open the URL, position the mouse inside the list box and use the scroll wheel
to scroll up or down. Crashes r20610. In a debug build you get:

ASSERTION FAILED: i < size()
(JavaScriptCore.framework/PrivateHeaders/Vector.h:406 const T& WTF::Vector<T,
inlineCapacity>::at(size_t) const [with T = WebCore::HTMLElement*, long
unsigned int inlineCapacity = 0ul])


Thread 0 Crashed:
0   com.apple.WebCore                   0x0165f2b8
WTF::Vector<WebCore::HTMLElement*, (unsigned long)0>::at(unsigned long) const +
120 (Vector.h:406)
1   com.apple.WebCore                   0x0165f320
WTF::Vector<WebCore::HTMLElement*, (unsigned long)0>::operator[](int) const +
44 (Vector.h:415)
2   com.apple.WebCore                   0x0144b4f8
WebCore::RenderListBox::paintItemBackground(WebCore::RenderObject::PaintInfo&,
int, int, int) + 96 (RenderListBox.cpp:351)
3   com.apple.WebCore                   0x0144ce20
WebCore::RenderListBox::paintObject(WebCore::RenderObject::PaintInfo&, int,
int) + 300 (RenderListBox.cpp:268)
4   com.apple.WebCore                   0x01181bc4
WebCore::RenderBlock::paint(WebCore::RenderObject::PaintInfo&, int, int) + 672
(RenderBlock.cpp:1326)
[...]


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list