[Webkit-unassigned] [Bug 23024] New: Crashes when doing setStyle()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 29 11:00:04 PST 2008 

https://bugs.webkit.org/show_bug.cgi?id=23024

           Summary: Crashes when doing setStyle()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hclam at google.com


Originally filed for Chromium:
http://code.google.com/p/chromium/issues/detail?id=5715

Crashes in WebCore::RenderObject::enclosingLayer()

Stack trace for the crash of WebKit in Windows:
        WebKit.dll!WebCore::RenderObject::enclosingLayer()  Line 495    C++
       
WebKit.dll!WebCore::RenderBlock::addOverhangingFloats(WebCore::RenderBlock *
child=0x7fa69560, int xoff=0, int yoff=0, bool makeChildPaintOtherFloats=true) 
Line 2933 + 0x8 bytes      C++
        WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=false, int & maxFloatBottom=0)  Line 1355 + 0x2b bytes      
C++
        WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=) 
Line 660  C++
        WebKit.dll!WebCore::RenderObject::contentWidth()  Line 570 + 0x56 bytes
C++
        WebKit.dll!WebCore::RenderBlock::maxTopMargin(bool positive=false) 
Line 84 + 0x4a bytes        C++
        WebKit.dll!WebCore::RenderBlock::layout()  Line 571     C++
        WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=true, int & maxFloatBottom=0)  Line 1334     C++
        WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=) 
Line 660  C++
       
WebKit.dll!WebCore::RenderObject::setAnimatableStyle(WTF::PassRefPtr<WebCore::RenderStyle>
style={...})  Line 2209      C++
        WebKit.dll!WebCore::RenderView::pushLayoutState(WebCore::RenderBox *
renderer=0x7f473110, const WebCore::IntSize & offset={...})  Line 112 + 0x31
bytes C++
        WebKit.dll!WebCore::RenderBlock::layoutPositionedObjects(bool
relayoutChildren=true)  Line 1435 + 0x12 bytes    C++
        WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=) 
Line 587 + 0xf bytes      C++
>	WebKit.dll!std::_Pop_heap<WebCore::TimerHeapIterator,int,WebCore::TimerHeapElement>(WebCore::TimerHeapIterator _First={...}, WebCore::TimerHeapIterator _Last={...}, WebCore::TimerHeapIterator _Dest={...}, WebCore::TimerHeapElement _Val={...}, int * __formal=0x100dab20)  Line 2096 + 0x24 bytes	C++
        WebKit.dll!WebCore::ScrollView::visibleContentRect(bool
includeScrollbars=)  Line 172 + 0x77 bytes      C++
        WebKit.dll!WebCore::RenderView::viewHeight()  Line 564  C++
        WebKit.dll!WebCore::RenderBlock::layout()  Line 571     C++
        WebKit.dll!WebCore::RenderView::layout()  Line 121      C++
        WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 562
C++
        WebKit.dll!WebCore::Document::updateLayout()  Line 1209 + 0x9 bytes    
C++
        WebKit.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets() 
Line 1242 C++
        WebKit.dll!WebCore::Element::offsetWidth()  Line 293    C++
        WebKit.dll!WebCore::jsElementOffsetWidth(JSC::ExecState *
exec=0x7fb6813c, const JSC::Identifier & __formal={...}, const
JSC::PropertySlot & slot={...})  Line 212 + 0x8 bytes  C++
        WebKit.dll!JSC::JSValue::get(JSC::ExecState * exec=0x7fb6813c, const
JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 485
+ 0x12 bytes       C++
        WebKit.dll!JSC::Interpreter::cti_op_get_by_id_second(void * *
args=0x00000000)  Line 4519       C++
        WebKit.dll!JSC::Interpreter::execute(JSC::FunctionBodyNode *
functionBodyNode=0x7f1b0e70, JSC::ExecState * callFrame=0x7f651c44,
JSC::JSFunction * function=0x05e9c620, JSC::JSObject * thisObj=0x7f27c3c0,
const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x7f602948,
JSC::JSValue * * exception=0x7fec1b88)  Line 980      C++
        WebKit.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x00000000,
JSC::JSValue * thisValue=0x00000000, const JSC::ArgList & args={...})  Line 83 
     C++
        WebKit.dll!JSC::call(JSC::ExecState * exec=0x7f651c44, JSC::JSValue *
functionObject=0x05e9c620, JSC::CallType callType=CallTypeJS, const
JSC::CallData & callData={...}, JSC::JSValue * thisValue=0x00000000, const
JSC::ArgList & args={...})  Line 40        C++
        WebKit.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event
* event=, bool isWindowEvent=)  Line 115 + 0x1d bytes   C++
       
WebKit.dll!WTF::Vector<WebCore::String,0>::Vector<WebCore::String,0>(const
WTF::Vector<WebCore::String,0> & other={...})  Line 568      C++
        WebKit.dll!WebCore::EventTargetNode::handleLocalEvents(WebCore::Event *
event=0x7f266ea0, bool useCapture=false)  Line 219 + 0xf bytes  C++
       
WebKit.dll!WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>
prpEvent={...}, int & ec=-661981563)  Line 353        C++
       
WebKit.dll!WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>
e={...}, int & ec=0)  Line 273 + 0xb bytes   C++
        WebKit.dll!WebCore::EventTargetNode::dispatchMouseEvent(const
WebCore::AtomicString & eventType={...}, int button=0, int detail=1, int
pageX=692, int pageY=166, int screenX=1462, int screenY=263, bool
ctrlKey=false, bool altKey=false, bool shiftKey=false, bool metaKey=false, bool
isSimulated=false, WebCore::Node * relatedTargetArg=0x00000000,
WTF::PassRefPtr<WebCore::Event> underlyingEvent={...})  Line 581       C++
        WebKit.dll!WebCore::EventTargetNode::dispatchMouseEvent(const
WebCore::PlatformMouseEvent & event={...}, const WebCore::AtomicString &
eventType={...}, int detail=1, WebCore::Node * relatedTarget=0x00000000)  Line
490       C++
        WebKit.dll!WebCore::EventHandler::dispatchMouseEvent(const
WebCore::AtomicString & eventType={...}, WebCore::Node * targetNode=0x7f3fc0c0,
bool cancelable=true, int clickCount=1, const WebCore::PlatformMouseEvent &
mouseEvent={...}, bool setUnder=false)  Line 1566 + 0x28 bytes   C++
        WebKit.dll!WebCore::EventHandler::handleMouseReleaseEvent(const
WebCore::PlatformMouseEvent & mouseEvent=)  Line 1297 + 0x24 bytes      C++
        WebKit.dll!WebView::handleMouseEvent(unsigned int message=0, unsigned
int wParam=0, long lParam=10879668)  Line 1302    C++
        WebKit.dll!WebViewWndProc(HWND__ * hWnd=, unsigned int message=,
unsigned int wParam=, long lParam=)  Line 1732 C++


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list