[Webkit-unassigned] [Bug 18135] Crash in Frame::tree appending iframe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 3 15:28:09 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18135
------- Comment #7 from ian.eng.webkit at gmail.com 2008-04-03 15:28 PDT -------
I think the problem is in
35 com.apple.WebKit 0x001b3a70 +[WebFrame(WebInternal)
_createFrameWithPage:frameName:frameView:ownerElement:] + 314 (WebFrame.mm:283)
36 com.apple.WebKit 0x001af315 +[WebFrame(WebInternal)
_createSubframeWithOwnerElement:frameName:frameView:] + 107 (WebFrame.mm:295)
37 com.apple.WebKit 0x001bcf05
WebFrameLoaderClient::createFrame(WebCore::KURL const&, WebCore::String const&,
WebCore::HTMLFrameOwnerElement*, WebCore::String const&, bool, int, int) + 527
(WebFrameLoaderClient.mm:1052)
frame->init() is called before it was appended to the tree, but it has parent
set already. init() triggers removeChild operation which thinks the child frame
is in the tree, but it is not.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list