[Webkit-unassigned] [Bug 22080] New: CRASH at Scrollbar::invalidateRect due to null m_client
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 4 23:49:03 PST 2008
https://bugs.webkit.org/show_bug.cgi?id=22080
Summary: CRASH at Scrollbar::invalidateRect due to null m_client
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: Windows XP
Status: NEW
Severity: Critical
Priority: P1
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: darin at chromium.org
CC: hyatt at apple.com
CRASH at Scrollbar::invalidateRect due to null m_client
I just updated Chrome to use the latest Scrollbar code, and our distributed
reliability test is hitting a crash where m_client is null. The stack trace
looks like so:
[scrollbar.cpp:443] WebCore::Scrollbar::invalidateRect(WebCore::IntRect const
&)
[scrollbarthemecomposite.cpp:233]
WebCore::ScrollbarThemeComposite::invalidatePart(WebCore::Scrollbar
*,WebCore::ScrollbarPart)
[scrollbar.cpp:292] WebCore::Scrollbar::setHoveredPart(WebCore::ScrollbarPart)
[scrollbar.cpp:342] WebCore::Scrollbar::mouseExited()
[eventhandler.cpp:1199]
WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const
&,WebCore::HitTestResult *)
[eventhandler.cpp:1134]
WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const &)
I'm guessing that there must be a code path that leads to setClient(0) being
called on the same Scrollbar that EventHandler's m_lastScrollbarUnderMouse
points to.
I suspect that the right fix involves nulling m_lastScrollbarUnderMouse at the
right time.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list