[Webkit-unassigned] [Bug 44129] New: Crash in WebCore::Node::createRendererIfNeeded()

Tue Aug 17 14:00:16 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=44129

           Summary: Crash in WebCore::Node::createRendererIfNeeded()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: tonyg at chromium.org
                CC: eric at webkit.org, abarth at webkit.org

This was discovered in Chromium 6.0.472.1. Most likely introduced in r64970-65072 (perhaps r65006?).

Reproduces on http://fifax.net/ with AdBlock extension installed. I'm trying to reduce a test case that will demonstrate this without AdBlock.

http://code.google.com/p/chromium/issues/detail?id=52377

Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000020 )
0x565e17e2     [chrome.dll     - node.cpp:1399]     WebCore::Node::createRendererIfNeeded()
0x565f8d21     [chrome.dll     - element.cpp:815]     WebCore::Element::attach()
0x566fe2cf     [chrome.dll     - htmlframeelementbase.cpp:212]     WebCore::HTMLFrameElementBase::attach()
0x567f893c     [chrome.dll     - htmlconstructionsite.cpp:129]     WebCore::HTMLConstructionSite::attachAtSite(WebCore::HTMLConstructionSite::AttachmentSite const &,WTF::PassRefPtr<WebCore::Node>)
0x567f9192     [chrome.dll     - htmlconstructionsite.cpp:445]     WebCore::HTMLConstructionSite::fosterParent(WebCore::Node *)
0x567f91bd     [chrome.dll     - htmlconstructionsite.cpp:95]     WebCore::HTMLConstructionSite::attach<WebCore::Comment>(WebCore::Node *,WTF::PassRefPtr<WebCore::Comment>)
0x567f8b9d     [chrome.dll     - htmlconstructionsite.cpp:219]     WebCore::HTMLConstructionSite::attachToCurrent(WTF::PassRefPtr<WebCore::Element>)
0x567f8c81     [chrome.dll     - htmlconstructionsite.cpp:252]     WebCore::HTMLConstructionSite::insertHTMLElement(WebCore::AtomicHTMLToken &)
0x567c4fe2     [chrome.dll     - htmltreebuilder.cpp:2811]     WebCore::HTMLTreeBuilder::processGenericRawTextStartTag(WebCore::AtomicHTMLToken &)
0x567c24b6     [chrome.dll     - htmltreebuilder.cpp:987]     WebCore::HTMLTreeBuilder::processStartTagForInBody(WebCore::AtomicHTMLToken &)
0x567c2960     [chrome.dll     - htmltreebuilder.cpp:1168]     WebCore::HTMLTreeBuilder::processStartTagForInTable(WebCore::AtomicHTMLToken &)
0x567c3126     [chrome.dll     - htmltreebuilder.cpp:1276]     WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken &)
0x567c18ba     [chrome.dll     - htmltreebuilder.cpp:529]     WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken &)
0x56750bb6     [chrome.dll     - htmldocumentparser.cpp:172]     WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
0x56750aca     [chrome.dll     - htmldocumentparser.cpp:127]     WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
0x56750ed9     [chrome.dll     - htmldocumentparser.cpp:351]     WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution()
0x56750f62     [chrome.dll     - htmldocumentparser.cpp:387]     WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource *)
0x5675898b     [chrome.dll     - cachedscript.cpp:99]     WebCore::CachedScript::checkNotify()
0x56758955     [chrome.dll     - cachedscript.cpp:89]     WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>,bool)
0x5665f028     [chrome.dll     - loader.cpp:415]     WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader *)
0x567563c5     [chrome.dll     - subresourceloader.cpp:183]     WebCore::SubresourceLoader::didFinishLoading()
0x56756ed1     [chrome.dll     - resourceloader.cpp:443]     WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle *)
0x568135d7     [chrome.dll     - resourcehandle.cpp:191]

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.