[Webkit-unassigned] [Bug 18801] New: Safari Crash in RenderLayer::paintLayer when using Unity plugin

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 29 11:46:37 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18801

           Summary: Safari Crash in RenderLayer::paintLayer when using Unity
                    plugin
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: markharrisevans at gmail.com


Safari crashed in RenderLayer::paintLayer while using the Unity plugin.
While debugging the crash on Mac OS 10.4, I made the following change:
[code]
--- WebCore/rendering/RenderLayer.cpp   (revision 32516)
+++ WebCore/rendering/RenderLayer.cpp   (working copy)
@@ -1621,9 +1621,19 @@
             it[0]->paintLayer(rootLayer, p, paintDirtyRect, haveTransparency,
paintRestriction, paintingRoot);

     // Now walk the sorted list of children with positive z-indices.
+    /*
     if (m_posZOrderList)
         for (Vector<RenderLayer*>::iterator it = m_posZOrderList->begin(); it
!= m_posZOrderList->end(); ++it)
             it[0]->paintLayer(rootLayer, p, paintDirtyRect, haveTransparency,
paintRestriction, paintingRoot);
+    */
+    if( m_posZOrderList )
+    {
+        for( unsigned int i=0; i<m_posZOrderList->size(); ++i )
+        {
+            RenderLayer *rl = m_posZOrderList->at( i );
+            rl->paintLayer( rootLayer, p, paintDirtyRect, haveTransparency,
paintRestriction, paintingRoot );
+        }
+    }

     if (renderer()->hasMask() && shouldPaint && !selectionOnly &&
!damageRect.isEmpty()) {
         setClip(p, paintDirtyRect, damageRect);
[/code]

For some reason moving from the WTF::Vector iterator to walking the array by
index fixed the problem. Dunno about you, but that worries me.

The plugin also seems to trigger a lot of ASSERTS in WebCore when the plugin
performs callbacks to JS/etc.

For access to page and steps to repro, please contact
rick.lee-morang at justleapin.com (reference ticket #993)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list