[Webkit-unassigned] [Bug 18636] Changing gradients via JavaScript crashes the browser

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 20 09:50:36 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18636


webkit at mattlilek.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |HasReduction




------- Comment #2 from webkit at mattlilek.com  2008-04-20 09:50 PDT -------
r32266 debug build stack trace:

Thread 0 Crashed:
0   com.apple.WebCore                   0x022e207e
WTF::IdentityHashTranslator<int, std::pair<int, WebCore::IntSize>,
WTF::IntHash<int> >::equal(int const&, int const&) + 14 (HashTable.h:269)
1   com.apple.WebCore                   0x022e21f6 std::pair<int,
WebCore::IntSize>* WTF::HashTable<int, std::pair<int, WebCore::IntSize>,
WTF::PairFirstExtractor<std::pair<int, WebCore::IntSize> >, WTF::IntHash<int>,
WTF::PairHashTraits<WTF::HashTraits<int>, WTF::HashTraits<WebCore::IntSize> >,
WTF::HashTraits<int> >::lookup<int, WTF::IdentityHashTranslator<int,
std::pair<int, WebCore::IntSize>, WTF::IntHash<int> > >(int const&) + 334
(HashTable.h:454)
2   com.apple.WebCore                   0x022e50b8 WTF::HashTable<int,
std::pair<int, WebCore::IntSize>, WTF::PairFirstExtractor<std::pair<int,
WebCore::IntSize> >, WTF::IntHash<int>,
WTF::PairHashTraits<WTF::HashTraits<int>, WTF::HashTraits<WebCore::IntSize> >,
WTF::HashTraits<int> >::lookup(int const&) + 24 (HashTable.h:331)
3   com.apple.WebCore                   0x022e50ee
WTF::HashMap<WebCore::RenderObject*, WebCore::IntSize,
WTF::PtrHash<WebCore::RenderObject*>, WTF::HashTraits<WebCore::RenderObject*>,
WTF::HashTraits<WebCore::IntSize> >::get(WebCore::RenderObject* const&) const +
52 (HashMap.h:298)
4   com.apple.WebCore                   0x022e3721
WebCore::CSSImageGeneratorValue::removeClient(WebCore::RenderObject*) + 27
(CSSImageGeneratorValue.cpp:57)
5   com.apple.WebCore                   0x020a830b
WebCore::StyleGeneratedImage::removeClient(WebCore::RenderObject*) + 27
(RenderStyle.cpp:217)
6   com.apple.WebCore                   0x0208b411
WebCore::RenderObject::updateBackgroundImages(WebCore::RenderStyle*) + 195
(RenderObject.cpp:2297)
7   com.apple.WebCore                   0x0208e2bd
WebCore::RenderObject::setStyle(WebCore::RenderStyle*) + 2957
(RenderObject.cpp:2256)
8   com.apple.WebCore                   0x0204f931
WebCore::RenderBox::setStyle(WebCore::RenderStyle*) + 91 (RenderBox.cpp:86)
9   com.apple.WebCore                   0x0202edd3
WebCore::RenderBlock::setStyle(WebCore::RenderStyle*) + 53
(RenderBlock.cpp:129)
10  com.apple.WebCore                   0x0208ad96
WebCore::RenderObject::setAnimatableStyle(WebCore::RenderStyle*) + 126
(RenderObject.cpp:2112)
11  com.apple.WebCore                   0x0200293f
WebCore::Node::setRenderStyle(WebCore::RenderStyle*) + 37 (Node.cpp:1052)
12  com.apple.WebCore                   0x01dc7bb0
WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 920
(Element.cpp:790)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list