[Webkit-unassigned] [Bug 44449] New: treebuilder null ptr crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 23 12:25:20 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=44449
Summary: treebuilder null ptr crash
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: inferno at chromium.org
CC: eric at webkit.org, abarth at webkit.org
credit:kuzzcc
Treebuilder issue, null ptr crash, first goes through couple of asserts
<nobr>
<audio>
<p>
<button autofocus="1"/>
<button autofocus="1"/>
<iframe>
</iframe>
</p>
</audio>
</nobr>
Stacktrace:: hits this assert first
ASSERT(!widgetHierarchyUpdateSuspendCount);
> chrome.dll!WebCore::RenderWidget::setWidgetGeometry(const WebCore::IntRect & frame=((40,15),(300,150))) Line 162 + 0x25 bytes C++
chrome.dll!WebCore::RenderWidget::updateWidgetPosition() Line 346 + 0x35 bytes C++
chrome.dll!WebCore::RenderView::updateWidgetPositions() Line 588 + 0x13 bytes C++
chrome.dll!WebCore::FrameView::performPostLayoutTasks() Line 1611 C++
chrome.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 833 C++
chrome.dll!WebCore::Document::updateLayout() Line 1524 C++
chrome.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets() Line 1556 C++
chrome.dll!WebCore::Element::focus(bool restorePreviousSelection=true) Line 1301 C++
chrome.dll!WebCore::HTMLFormControlElement::attach() Line 144 + 0x14 bytes C++
chrome.dll!WebCore::Element::recalcStyle(WebCore::Node::StyleChange change=NoChange) Line 906 + 0x12 bytes C++
chrome.dll!WebCore::HTMLFormControlElement::recalcStyle(WebCore::Node::StyleChange change=NoChange) Line 234 C++
chrome.dll!WebCore::Element::recalcStyle(WebCore::Node::StyleChange change=NoChange) Line 969 + 0x16 bytes C++
chrome.dll!WebCore::Element::recalcStyle(WebCore::Node::StyleChange change=NoChange) Line 969 + 0x16 bytes C++
chrome.dll!WebCore::Element::recalcStyle(WebCore::Node::StyleChange change=NoChange) Line 969 + 0x16 bytes C++
chrome.dll!WebCore::Document::recalcStyle(WebCore::Node::StyleChange change=NoChange) Line 1448 + 0x16 bytes C++
chrome.dll!WebCore::Document::updateStyleIfNeeded() Line 1492 + 0x14 bytes C++
chrome.dll!WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node> newFocusedNode={m_document=0x07e1b000 m_previous=0x0814cd00 m_next=0x07bff240 ...}) Line 3099 + 0x12 bytes C++
chrome.dll!WebCore::FocusController::setFocusedNode(WebCore::Node * node=0x07bf5d20, WTF::PassRefPtr<WebCore::Frame> newFocusedFrame=NULL) Line 629 C++
chrome.dll!WebCore::Element::focus(bool restorePreviousSelection=true) Line 1316 C++
chrome.dll!WebCore::HTMLFormControlElement::attach() Line 144 + 0x14 bytes C++
chrome.dll!WebCore::ContainerNode::attach() Line 690 + 0x12 bytes C++
chrome.dll!WebCore::Element::attach() Line 817 C++
chrome.dll!WebCore::Node::lazyAttach() Line 783 + 0x12 bytes C++
chrome.dll!WebCore::HTMLTreeBuilder::callTheAdoptionAgency(WebCore::AtomicHTMLToken & token={...}) Line 1844 C++
chrome.dll!WebCore::HTMLTreeBuilder::processEndTagForInBody(WebCore::AtomicHTMLToken & token={...}) Line 2164 C++
chrome.dll!WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken & token={...}) Line 2298 C++
chrome.dll!WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken & token={...}) Line 628 C++
chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken & rawToken={...}) Line 611 C++
chrome.dll!WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield) Line 214 C++
chrome.dll!WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield) Line 162 C++
chrome.dll!WebCore::HTMLDocumentParser::append(const WebCore::SegmentedString & source={...}) Line 321 C++
chrome.dll!WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter * writer=0x07c9398c, const char * data=0x00000000, int length=0, bool shouldFlush=true) Line 55 + 0x1f bytes C++
chrome.dll!WebCore::DocumentWriter::addData(const char * str=0x00000000, int len=0, bool flush=true) Line 200 + 0x20 bytes C++
chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource() Line 221 C++
chrome.dll!WebCore::DocumentWriter::end() Line 207 C++
chrome.dll!WebCore::DocumentLoader::finishedLoading() Line 271 C++
chrome.dll!WebCore::FrameLoader::finishedLoading() Line 2160 C++
chrome.dll!WebCore::MainResourceLoader::didFinishLoading() Line 442 C++
chrome.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x07bfe740) Line 443 + 0xf bytes C++
chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading(WebKit::WebURLLoader * __formal=0x04f4ae58) Line 191 + 0x25 bytes C++
chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(const URLRequestStatus & status={...}, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & security_info="") l!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate * delegate=0x04f3fda8, base::MessagePumpWin::Dispatcher * dispatcher=0x00000000) Line 51 + 0xf bytes C++
chrome.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate=0x04f3fda8) Line 80 + 0x1c bytes C++
chrome.dll!MessageLoop::RunInternal() Line 256 + 0x2a bytes C++
chrome.dll!MessageLoop::RunHandler() Line 229 C++
chrome.dll!MessageLoop::Run() Line 207 C++
chrome.dll!base::Thread::Run(MessageLoop * message_loop=0x04f3fda8) Line 141 C++
chrome.dll!base::Thread::ThreadMain() Line 164 + 0x16 bytes C++
chrome.dll!`anonymous namespace'::ThreadFunc(void * closure=0x010f6a80) Line 26 + 0xf bytes C++
kernel32.dll!@BaseThreadInitThunk at 12() + 0xe bytes
ntdll.dll!___RtlUserThreadStart at 8() + 0x23 bytes
ntdll.dll!__RtlUserThreadStart at 8() + 0x1b bytes
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list