[Webkit-unassigned] [Bug 16782] New: Reproducible crash in fast/replaced/image-map.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 7 21:39:01 PST 2008 

http://bugs.webkit.org/show_bug.cgi?id=16782

           Summary: Reproducible crash in fast/replaced/image-map.html
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrowe at apple.com


On Leopard I am seeing this test reproducibly crashing.  In a debug build, it
occasionally generates an assertion failure:
ASSERTION FAILED: _beginCount >= 0
(/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/JavaScriptCore/bindings/objc/objc_instance.mm:72
virtual void KJS::Bindings::ObjcInstance::end())

With guard malloc enabled, it crashes 100% of the time with the following
trace:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xd7c47fe4
0x00008384 in -[EventSendingController mouseUp] (self=0xd7c47fe0, _cmd=0x19094)
at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebKitTools/DumpRenderTree/mac/EventSendingController.mm:249
249         down = NO;
(gdb) bt
#0  0x00008384 in -[EventSendingController mouseUp] (self=0xd7c47fe0,
_cmd=0x19094) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebKitTools/DumpRenderTree/mac/EventSendingController.mm:249
#1  0x937bfb7d in __invoking___ ()
#2  0x937bf568 in -[NSInvocation invoke] ()
#3  0x00008c78 in +[EventSendingController replaySavedEvents] (self=0x2a8c0,
_cmd=0x1c404) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebKitTools/DumpRenderTree/mac/EventSendingController.mm:342
#4  0x00008159 in -[EventSendingController mouseUp] (self=0xd7c47fe0,
_cmd=0x19094) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/WebKitTools/DumpRenderTree/mac/EventSendingController.mm:226
#5  0x937bfb7d in __invoking___ ()
#6  0x937bf568 in -[NSInvocation invoke] ()
#7  0x0033254b in KJS::Bindings::ObjcInstance::invokeMethod (this=0xd7c53fe0,
exec=0xbfffe48c, methodList=@0xdc089ff0, args=@0xbfffe250) at
/Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/JavaScriptCore/bindings/objc/objc_instance.mm:186

Full crash trace will be attached in a more readable format.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list