[Webkit-unassigned] [Bug 17313] querySelectorAll() causing crashes when called via dojo.query() wrapper

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 3 04:11:12 PST 2008


http://bugs.webkit.org/show_bug.cgi?id=17313





------- Comment #15 from mrowe at apple.com  2008-03-03 04:11 PDT -------
Created an attachment (id=19493)
 --> (http://bugs.webkit.org/attachment.cgi?id=19493&action=view)
Transcript of debugging session from point of bogus write

Points of interest here are that childStyle looks like garbage when interpreted
as a RenderStyle ($3), but looks sane and matches the InlineTextBox at point of
crash when interpreted as an InlineTextBox ($4).  The transcript also shows the
instruction that stores 0x1000 into memory, and that the address of the store
corresponds to the offset of the m_nextLine member of an InlineTextBox
instance.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list