[Webkit-unassigned] [Bug 21385] New: WebKit/GTK crashes after selecting a file on an <input type=file>
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Oct 5 09:28:17 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=21385
Summary: WebKit/GTK crashes after selecting a file on an <input
type=file>
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Critical
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: cedricv at neonux.com
CC: cedricv at neonux.com
Steps to reproduce the problem :
1. Save simple testcase below to a file :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>file input crasher</title>
</head>
<body>
<input type="file" />
</body>
</html>
2. Open that file with webkit/gtk
3. Click on the "Choose file" button, select any file and press OK (*).
4. WebKit/GTK crashes with the following stacktrace :
#4 <signal handler called>
#5 0xb6c18938 in cairo_save () from /usr/lib/libcairo.so.2
#6 0xb4cb2e64 in ?? ()
#7 0xb646e8aa in WebCore::RenderFileUploadControl::paintObject () from
./libwebkit-1.0.so
#8 0xb644f452 in WebCore::RenderBlock::paint () from ./libwebkit-1.0.so
#9 0xb6441b0f in WebCore::InlineBox::paint () from ./libwebkit-1.0.so
#10 0xb64432da in WebCore::InlineFlowBox::paint () from ./libwebkit-1.0.so
#11 0xb64c5dc3 in WebCore::RootInlineBox::paint () from ./libwebkit-1.0.so
#12 0xb647759c in WebCore::RenderFlow::paintLines () from ./libwebkit-1.0.so
#13 0xb644ebd3 in WebCore::RenderBlock::paintContents () from
./libwebkit-1.0.so
#14 0xb6458bbf in WebCore::RenderBlock::paintObject () from ./libwebkit-1.0.so
#15 0xb644f452 in WebCore::RenderBlock::paint () from ./libwebkit-1.0.so
#16 0xb644eb40 in WebCore::RenderBlock::paintChildren () from
./libwebkit-1.0.so
#17 0xb6458bbf in WebCore::RenderBlock::paintObject () from ./libwebkit-1.0.so
#18 0xb644f452 in WebCore::RenderBlock::paint () from ./libwebkit-1.0.so
#19 0xb644eb40 in WebCore::RenderBlock::paintChildren () from
./libwebkit-1.0.so
#20 0xb6458bbf in WebCore::RenderBlock::paintObject () from ./libwebkit-1.0.so
#21 0xb644f452 in WebCore::RenderBlock::paint () from ./libwebkit-1.0.so
#22 0xb644eb40 in WebCore::RenderBlock::paintChildren () from
./libwebkit-1.0.so
#23 0xb6458bbf in WebCore::RenderBlock::paintObject () from ./libwebkit-1.0.so
#24 0xb644f452 in WebCore::RenderBlock::paint () from ./libwebkit-1.0.so
#25 0xb644eb40 in WebCore::RenderBlock::paintChildren () from
./libwebkit-1.0.so
#26 0xb6458bbf in WebCore::RenderBlock::paintObject () from ./libwebkit-1.0.so
#27 0xb644f452 in WebCore::RenderBlock::paint () from ./libwebkit-1.0.so
#28 0xb6485d8d in WebCore::RenderLayer::paintLayer () from ./libwebkit-1.0.so
#29 0xb64859ed in WebCore::RenderLayer::paintLayer () from ./libwebkit-1.0.so
#30 0xb64860c1 in WebCore::RenderLayer::paint () from ./libwebkit-1.0.so
#31 0xb63ccc08 in WebCore::FrameView::paintContents () from ./libwebkit-1.0.so
#32 0xb63f8e61 in WebCore::ScrollView::paint () from ./libwebkit-1.0.so
#33 0xb63ce82e in WebCore::FrameView::updateControlTints () from
./libwebkit-1.0.so
#34 0xb63c001b in WebCore::FocusController::setActive () from
./libwebkit-1.0.so
#35 0xb61488a2 in webkit_web_view_focus_in_event () from ./libwebkit-1.0.so
This is happening as of rev. 37315, I've bisected the bug to have had been
introduced after rev. 37103 ...
Possibly as soon as rev. 37104 since it happens to be related to some painting
code but I couldn't test further as this revisions and the following are not
building successfully.
* : interestingly it does not crash if one click on Cancel instead, so I guess
it crashes when it paint the filename of the selected file.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list