[Webkit-unassigned] [Bug 27137] New: Reproducible crash due to infinite recursion into FrameLoader::gotoAnchor() -> FrameView::layout()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 9 16:43:50 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=27137

           Summary: Reproducible crash due to infinite recursion into
                    FrameLoader::gotoAnchor() -> FrameView::layout()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
               URL: http://hsivonen.iki.fi/doctype/#handling
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: InRadar, NeedsReduction
          Severity: Normal
          Priority: P1
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mitz at webkit.org


<rdar://problem/7043124>

VIsiting the URL makes Safari crash with a stack showing many repititions of

  com.apple.WebCore              0x9547f226 WebCore::FrameLoader::gotoAnchor()
+ 0x56
  com.apple.WebCore              0x9549a348 WebCore::FrameView::layout(bool) +
0x828
  com.apple.WebCore              0x956124ad
WebCore::FrameLoader::gotoAnchor(WebCore::String const&) + 0x26d

We may need to make the going-to-anchor a post-layoiut task. I suspect that
this was introduced by a recent patch to improve locking-to-anchor during
loading, but I haven’t verified this yet.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list