[Webkit-unassigned] [Bug 15241] Reproducible crash in WebCore::bidiNext inside NetNewsWire

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 19 16:48:28 PDT 2007


http://bugs.webkit.org/show_bug.cgi?id=15241





------- Comment #4 from adele at apple.com  2007-09-19 16:48 PDT -------
looks like its crashing at:
237                 if (!skipInlines && !oldEndOfInline &&
current->isInlineFlow()) {

9/19/07 4:33 PM Adele Peterson:
I think current might be already released.
(gdb) p *current
$2 = {
  <WebCore::CachedResourceClient> = {
    _vptr$CachedResourceClient = 0x6c
  }, 
  members of WebCore::RenderObject: 
  m_style = 0x1c691b7c, 
  m_node = 0x0, 
  m_parent = 0x0, 
  m_previous = 0x0, 
  m_next = 0x0, 
  m_verticalPosition = 8191, 
  m_needsLayout = false, 
  m_normalChildNeedsLayout = false, 
  m_posChildNeedsLayout = false, 
  m_prefWidthsDirty = true, 
  m_floating = false, 
  m_positioned = false, 
  m_relPositioned = false, 
  m_paintBackground = false, 
  m_isAnonymous = false, 
  m_isText = false, 
  m_inline = true, 
  m_replaced = true, 
  m_isDragging = false, 
  m_hasLayer = false, 
  m_hasOverflowClip = false, 
  m_hasOverrideSize = false, 
  m_hasCounterNodeMap = false

9/19/07 4:33 PM Adele Peterson:
btw, I used Mark's steps to repro.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list