[Webkit-unassigned] [Bug 31680] New: chrome!WebCore::Document::updateLayoutIgnorePendingStylesheets NULL pointer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 19 13:07:04 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31680
Summary: chrome!WebCore::Document::updateLayoutIgnorePendingSty
lesheets NULL pointer
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Created an attachment (id=43518)
--> (https://bugs.webkit.org/attachment.cgi?id=43518)
Repro
The following HTML triggers a NULL pointer in
chrome!WebCore::Document::updateLayoutIgnorePendingStylesheets:
<SCRIPT>
sel = window.getSelection();
doc = document.implementation.createDocumentType('c');
sel.setBaseAndExtent(doc);
</SCRIPT>
Relevant call stack:
WebCore::Document::updateLayoutIgnorePendingStylesheets(void)+0x4
WebCore::VisiblePosition::canonicalPosition(class WebCore::Position * position
= 0x0012f184)+0x3a
WebCore::VisiblePosition::init(class WebCore::Position * position = 0x0012f184,
WebCore::EAffinity affinity = DOWNSTREAM (1))+0x25
WebCore::VisiblePosition::VisiblePosition(class WebCore::Node * node =
0x05639fc0, int offset = 715827888, WebCore::EAffinity affinity = DOWNSTREAM
(1))+0x46
WebCore::DOMSelection::setBaseAndExtent(class WebCore::Node * baseNode =
0x05639fc0, int baseOffset = 715827888, class WebCore::Node * extentNode =
0x00000000, int extentOffset = 429496759, int * ec = 0x0012f204)+0x39
WebCore::DOMSelectionInternal::setBaseAndExtentCallback(class v8::Arguments *
args = 0x0112f254)+0x180
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list