[Webkit-unassigned] [Bug 24247] Crash in WebCore::RenderBlock::deleteLineBoxTree()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 3 16:22:02 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=24247





------- Comment #2 from sky at google.com  2009-03-03 16:22 PDT -------
I don't have a distilled case yet, but I can repro this. Before the crash I'm
hitting an ASSERT in RenderObjectChildList::appendChildNode because newChild is
a table selection. Here's the stack:

        chrome.dll!WebCore::RenderTableSection::isTableSection()  Line 50      
C++
>	chrome.dll!WebCore::RenderObjectChildList::appendChildNode(WebCore::RenderObject * owner=0x06a43b54, WebCore::RenderObject * newChild=0x0512fa64, bool fullAppend=true)  Line 135 + 0x2f bytes	C++
        chrome.dll!WebCore::RenderInline::splitFlow(WebCore::RenderObject *
beforeChild=0x00000000, WebCore::RenderBlock * newBlockBox=0x06a43a04,
WebCore::RenderObject * newChild=0x06a1d174, WebCore::RenderBoxModelObject *
oldCont=0x00000000)  Line 353   C++
       
chrome.dll!WebCore::RenderInline::addChildIgnoringContinuation(WebCore::RenderObject
* newChild=0x06a1d174, WebCore::RenderObject * beforeChild=0x00000000)  Line
218   C++
        chrome.dll!WebCore::RenderInline::addChild(WebCore::RenderObject *
newChild=0x06a1d174, WebCore::RenderObject * beforeChild=0x00000000)  Line 152
+ 0x17 bytes  C++
        chrome.dll!WebCore::Node::createRendererIfNeeded()  Line 1241 + 0x21
bytes      C++
        chrome.dll!WebCore::Element::attach()  Line 700 C++
        chrome.dll!WebCore::HTMLTableElement::attach()  Line 644        C++
       
chrome.dll!WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>
newChild={...}, int & ec=0, bool shouldLazyAttach=false)  Line 497 + 0x1d bytes
  C++
        chrome.dll!WebCore::NodeInternal::appendChildCallback(const
v8::Arguments & args={...})  Line 270 + 0x1f bytes  C++
        chrome.dll!v8::internal::Builtin_HandleApiCall(int __argc__=2,
v8::internal::Object * * __argv__=0x0562ef70)  Line 380 + 0xe bytes      C++
        05de016c()      
        chrome.dll!v8::internal::Invoke(bool construct=false,
v8::internal::Handle<v8::internal::JSFunction> func={...},
v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=0,
v8::internal::Object * * * args=0x00000000, bool *
has_pending_exception=0x0562f117)  Line 90 + 0x34 bytes      C++
       
chrome.dll!v8::internal::Execution::Call(v8::internal::Handle<v8::internal::JSFunction>
func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int
argc=0, v8::internal::Object * * * args=0x00000000, bool *
pending_exception=0x0562f117)  Line 116 + 0x1f bytes      C++
        chrome.dll!v8::Script::Run()  Line 1047 + 0x19 bytes    C++
        chrome.dll!WebCore::V8Proxy::RunScript(v8::Handle<v8::Script>
script={...}, bool inline_code=false)  Line 1428 + 0x13 bytes     C++
        chrome.dll!WebCore::V8Proxy::Evaluate(const WebCore::String &
fileName={...}, int baseLine=0, const WebCore::String & str={...},
WebCore::Node * n=0x00000000)  Line 1382 + 0x19 bytes  C++
        chrome.dll!WebCore::ScriptController::evaluate(const
WebCore::ScriptSourceCode & sourceCode={...})  Line 232    C++
        chrome.dll!WebCore::ScriptElementData::evaluateScript(const
WebCore::ScriptSourceCode & sourceCode={...})  Line 180 + 0x17 bytes        C++
       
chrome.dll!WebCore::ScriptElementData::notifyFinished(WebCore::CachedResource *
o=0x06ad4028)  Line 205 + 0x15 bytes    C++
        chrome.dll!WebCore::CachedScript::checkNotify()  Line 108 + 0x13 bytes 
C++
       
chrome.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>
data={...}, bool allDataReceived=true)  Line 99   C++
       
chrome.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader *
loader=0x06ad5638)  Line 304    C++
        chrome.dll!WebCore::SubresourceLoader::didFinishLoading()  Line 183 +
0x21 bytes        C++
       
chrome.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle *
__formal=0x06ad5fc0)  Line 416 + 0xf bytes       C++
        chrome.dll!WebCore::ResourceHandleInternal::OnCompletedRequest(const
URLRequestStatus & status={...})  Line 632 + 0x1e bytes    C++
        chrome.dll!ResourceDispatcher::OnRequestComplete(int request_id=13,
const URLRequestStatus & status={...})  Line 417 + 0x13 bytes       C++
        chrome.dll!DispatchToMethod<ResourceDispatcher,void (__thiscall
ResourceDispatcher::*)(int,URLRequestStatus const
&),int,URLRequestStatus>(ResourceDispatcher * obj=0x050ca508, void (int, const
URLRequestStatus &)* method=0x010ed840, const Tuple2<int,URLRequestStatus> &
arg={...})  Line 400 + 0x15 bytes C++
        chrome.dll!IPC::MessageWithTuple<Tuple2<int,URLRequestStatus>
>::Dispatch<ResourceDispatcher,void (__thiscall
ResourceDispatcher::*)(int,URLRequestStatus const &)>(const IPC::Message *
msg=0x06a44d90, ResourceDispatcher * obj=0x050ca508, void (int, const
URLRequestStatus &)* func=0x010ed840)  Line 1157 + 0x11 bytes    C++
        chrome.dll!ResourceDispatcher::DispatchMessageW(const IPC::Message &
message={...})  Line 464 + 0x12 bytes      C++
        chrome.dll!ResourceDispatcher::OnMessageReceived(const IPC::Message &
message={...})  Line 278  C++
        chrome.dll!RenderView::OnMessageReceived(const IPC::Message &
message={...})  Line 340 + 0x19 bytes     C++
        chrome.dll!MessageRouter::RouteMessage(const IPC::Message & msg={...}) 
Line 39 + 0x13 bytes    C++
        chrome.dll!MessageRouter::OnMessageReceived(const IPC::Message &
msg={...})  Line 30 + 0x13 bytes       C++
        chrome.dll!ChildThread::OnMessageReceived(const IPC::Message &
msg={...})  Line 64 + 0x17 bytes C++
        chrome.dll!IPC::ChannelProxy::Context::OnDispatchMessage(const
IPC::Message & message={...})  Line 174 + 0x1b bytes     C++
        chrome.dll!DispatchToMethod<IPC::ChannelProxy::Context,void (__thiscall
IPC::ChannelProxy::Context::*)(IPC::Message const
&),IPC::Message>(IPC::ChannelProxy::Context * obj=0x04fa3928, void (const
IPC::Message &)* method=0x010d6cd0, const Tuple1<IPC::Message> & arg={...}) 
Line 393 + 0xf bytes   C++
        chrome.dll!RunnableMethod<IPC::ChannelProxy::Context,void (__thiscall
IPC::ChannelProxy::Context::*)(IPC::Message const &),Tuple1<IPC::Message>
>::Run()  Line 308 + 0x1e bytes C++
        chrome.dll!MessageLoop::RunTask(Task * task=0x06a44d68)  Line 308 + 0xf
bytes   C++
        chrome.dll!MessageLoop::DeferOrRunPendingTask(const
MessageLoop::PendingTask & pending_task={...})  Line 319    C++
        chrome.dll!MessageLoop::DoWork()  Line 408 + 0xc bytes  C++
        chrome.dll!base::MessagePumpForUI::DoRunLoop()  Line 208 + 0x1d bytes  
C++
       
chrome.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate
* delegate=0x0562feb4, base::MessagePumpWin::Dispatcher *
dispatcher=0x00000000)  Line 52 + 0xf bytes    C++
        chrome.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate *
delegate=0x0562feb4)  Line 78 + 0x1c bytes   C++
        chrome.dll!MessageLoop::RunInternal()  Line 197 + 0x2a bytes    C++
        chrome.dll!MessageLoop::RunHandler()  Line 181  C++
        chrome.dll!MessageLoop::Run()  Line 155 C++
        chrome.dll!base::Thread::ThreadMain()  Line 159 C++
        chrome.dll!`anonymous namespace'::ThreadFunc(void * closure=0x04fa32e4)
 Line 26 + 0xf bytes    C++
        kernel32.dll!7c80b713()         
        [Frames below may be incorrect and/or missing, no symbols loaded for
kernel32.dll]      


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list