[Webkit-unassigned] [Bug 18135] Crash in Frame::tree appending iframe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 27 08:48:15 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18135
webkit at mattlilek.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Component|Frames |WebCore Misc.
Ever Confirmed|0 |1
Keywords| |HasReduction
OS/Version|Windows XP |All
Platform|PC |All
Summary|Reproducible crash when |Crash in Frame::tree
|appending iframe |appending iframe
------- Comment #2 from webkit at mattlilek.com 2008-03-27 08:48 PDT -------
Confirmed with r31371:
0 com.apple.WebCore 0x01ce0207 WebCore::Frame::tree() const
+ 9 (Frame.cpp:1677)
1 com.apple.WebCore 0x01d0382d
WebCore::FrameTree::removeChild(WebCore::Frame*) + 155 (FrameTree.cpp:83)
2 com.apple.WebCore 0x01cf9805
WebCore::FrameLoader::detachFromParent() + 261 (FrameLoader.cpp:3347)
3 com.apple.WebCore 0x01cf9888
WebCore::FrameLoader::frameDetached() + 28 (FrameLoader.cpp:3328)
4 com.apple.WebCore 0x01d36086
WebCore::HTMLFrameOwnerElement::willRemove() + 56
(HTMLFrameOwnerElement.cpp:49)
5 com.apple.WebCore 0x01bed0a5
WebCore::willRemoveChild(WebCore::Node*) + 77 (ContainerNode.cpp:363)
6 com.apple.WebCore 0x01bed4a8
WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 590
(ContainerNode.cpp:396)
7 com.apple.WebCore 0x01e47480
WebCore::JSNode::removeChild(KJS::ExecState*, KJS::List const&) + 80
(JSNodeCustom.cpp:92)
8 com.apple.WebCore 0x01e45294
WebCore::jsNodePrototypeFunctionRemoveChild(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 96 (JSNode.cpp:328)
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list