[Webkit-unassigned] [Bug 43663] New: html5 tree builder crash in adoption agency
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 6 19:09:09 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=43663
Summary: html5 tree builder crash in adoption agency
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jamesr at chromium.org
CC: eric at webkit.org, abarth at webkit.org, tonyg at chromium.org
Seen on chromium reliability bots:
Stack trace:
chrome_2580000!WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks+0x143 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 682]
chrome_2580000!WebCore::RenderBlock::addChildIgnoringContinuation+0xa6 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 761]
chrome_2580000!WebCore::RenderBlock::addChild+0x5b [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 754]
chrome_2580000!WebCore::Node::createRendererIfNeeded+0x108 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\node.cpp @ 1418]
chrome_2580000!WebCore::Element::attach+0x14 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\element.cpp @ 816]
chrome_2580000!WebCore::HTMLImageElement::attach+0x8 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmlimageelement.cpp @ 193]
chrome_2580000!WebCore::ContainerNode::attach+0x1c [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\containernode.cpp @ 638]
chrome_2580000!WebCore::Element::attach+0x1b [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\element.cpp @ 817]
chrome_2580000!WebCore::ContainerNode::attach+0x1c [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\containernode.cpp @ 638]
chrome_2580000!WebCore::Element::attach+0x1b [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\element.cpp @ 817]
chrome_2580000!WebCore::HTMLTreeBuilder::callTheAdoptionAgency+0x280 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmltreebuilder.cpp @ 1752]
chrome_2580000!WebCore::HTMLTreeBuilder::processEndTagForInBody+0x3ca [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmltreebuilder.cpp @ 2077]
chrome_2580000!WebCore::HTMLTreeBuilder::processEndTag+0x1d0 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmltreebuilder.cpp @ 2402]
chrome_2580000!WebCore::HTMLTreeBuilder::constructTreeFromToken+0x37 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmltreebuilder.cpp @ 516]
chrome_2580000!WebCore::HTMLDocumentParser::pumpTokenizer+0x9d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmldocumentparser.cpp @ 173]
chrome_2580000!WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution+0x59 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmldocumentparser.cpp @ 352]
chrome_2580000!WebCore::Document::removePendingSheet+0x39 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\document.cpp @ 2692]
chrome_2580000!WebCore::HTMLLinkElement::sheetLoaded+0x3d [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmllinkelement.cpp @ 372]
chrome_2580000!WebCore::CSSStyleSheet::checkLoaded+0x30 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\css\cssstylesheet.cpp @ 219]
chrome_2580000!WebCore::HTMLLinkElement::setCSSStyleSheet+0x31f [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\html\htmllinkelement.cpp @ 357]
chrome_2580000!WebCore::CachedCSSStyleSheet::checkNotify+0x70 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\cachedcssstylesheet.cpp @ 116]
chrome_2580000!WebCore::CachedCSSStyleSheet::data+0x114 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\cachedcssstylesheet.cpp @ 106]
chrome_2580000!WebCore::Loader::Host::didFinishLoading+0xad [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\loader.cpp @ 416]
chrome_2580000!WebCore::SubresourceLoader::didFinishLoading+0x26 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\subresourceloader.cpp @ 185]
chrome_2580000!WebCore::ResourceLoader::didFinishLoading+0x7 [c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\loader\resourceloader.cpp @ 444]
Repro URL is http://www.sonystyle.com.br/br/site/catalog/LeafCategory.jsp. This was running WebKit r64865
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list