[Webkit-unassigned] [Bug 22080] New: CRASH at Scrollbar::invalidateRect due to null m_client

Tue Nov 4 23:49:03 PST 2008

https://bugs.webkit.org/show_bug.cgi?id=22080

           Summary: CRASH at Scrollbar::invalidateRect due to null m_client
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: Windows XP
            Status: NEW
          Severity: Critical
          Priority: P1
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: darin at chromium.org
                CC: hyatt at apple.com

CRASH at Scrollbar::invalidateRect due to null m_client

I just updated Chrome to use the latest Scrollbar code, and our distributed
reliability test is hitting a crash where m_client is null.  The stack trace
looks like so:

[scrollbar.cpp:443] WebCore::Scrollbar::invalidateRect(WebCore::IntRect const
&)
[scrollbarthemecomposite.cpp:233]
WebCore::ScrollbarThemeComposite::invalidatePart(WebCore::Scrollbar
*,WebCore::ScrollbarPart)
[scrollbar.cpp:292] WebCore::Scrollbar::setHoveredPart(WebCore::ScrollbarPart)
[scrollbar.cpp:342] WebCore::Scrollbar::mouseExited()
[eventhandler.cpp:1199]
WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const
&,WebCore::HitTestResult *)
[eventhandler.cpp:1134]
WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const &)

I'm guessing that there must be a code path that leads to setClient(0) being
called on the same Scrollbar that EventHandler's m_lastScrollbarUnderMouse
points to.

I suspect that the right fix involves nulling m_lastScrollbarUnderMouse at the
right time.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.