[Webkit-unassigned] [Bug 48983] REGRESSION: multicol crashes with positioned elements
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 29 00:50:24 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=48983
SkyLined <skylined at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |skylined at chromium.org
--- Comment #3 from SkyLined <skylined at chromium.org> 2010-12-29 00:50:24 PST ---
This causes one of two NULL ptrs, depending on whether your mouse is hovering over the page or not while reproducing the crash.
Reduced repro:
<body style="position: absolute; -webkit-column-count: 2;">
<div style="overflow: hidden;">
<img style="position: relative; width: 180px;">
</div>
</body>
id: chrome.dll!WebCore::RenderLayer::paintChildLayerIntoColumns ReadAV at NULL (3e28197c414363f3d6c613777e35f7b0)
description: Attempt to read from unallocated NULL pointer-0x4 in chrome.dll!WebCore::RenderLayer::paintChildLayerIntoColumns
application: Chromium 10.0.623.0
stack: chrome.dll!WebCore::RenderLayer::paintChildLayerIntoColumns
chrome.dll!WebCore::RenderLayer::paintPaginatedChildLayer
chrome.dll!WebCore::RenderLayer::paintList
chrome.dll!WebCore::RenderLayer::paintLayer
chrome.dll!WebCore::RenderLayer::paintList
chrome.dll!WebCore::RenderLayer::paintLayer
chrome.dll!WebCore::RenderLayer::paint
chrome.dll!WebCore::FrameView::paintContents
chrome.dll!WebCore::ScrollView::paint
chrome.dll!WebKit::WebFrameImpl::paintWithContext
chrome.dll!WebKit::WebFrameImpl::paint
chrome.dll!RenderWidget::PaintRect
chrome.dll!RenderWidget::DoDeferredUpdate
chrome.dll!RenderWidget::CallDoDeferredUpdate
chrome.dll!MessageLoop::RunTask
chrome.dll!MessageLoop::DoWork
chrome.dll!base::MessagePumpDefault::Run
chrome.dll!MessageLoop::RunInternal
chrome.dll!MessageLoop::Run
...
http://trac.webkit.org/browser/trunk/WebCore/rendering/RenderLayer.cpp#L2599
id: chrome.dll!WebCore::RenderLayer::hitTestChildLayerColumns ReadAV at NULL (190d37d7e428d0f0eb541dd4c90591a6)
description: Attempt to read from unallocated NULL pointer-0x4 in chrome.dll!WebCore::RenderLayer::hitTestChildLayerColumns
application: Chromium 10.0.623.0
stack: chrome.dll!WebCore::RenderLayer::hitTestChildLayerColumns
chrome.dll!WebCore::RenderLayer::hitTestPaginatedChildLayer
chrome.dll!WebCore::RenderLayer::hitTestList
chrome.dll!WebCore::RenderLayer::hitTestLayer
chrome.dll!WebCore::RenderLayer::hitTestList
chrome.dll!WebCore::RenderLayer::hitTestLayer
chrome.dll!WebCore::RenderLayer::hitTest
chrome.dll!WebCore::Document::prepareMouseEvent
chrome.dll!WebCore::EventHandler::prepareMouseEvent
chrome.dll!WebCore::EventHandler::handleMouseMoveEvent
chrome.dll!WebCore::EventHandler::mouseMoved
chrome.dll!WebKit::WebViewImpl::mouseMove
chrome.dll!WebKit::WebViewImpl::handleInputEvent
chrome.dll!RenderWidget::OnHandleInputEvent
chrome.dll!IPC::Message::Dispatch<...>
chrome.dll!RenderWidget::OnMessageReceived
chrome.dll!(unknown)
chrome.dll!MessageRouter::RouteMessage
chrome.dll!MessageRouter::OnMessageReceived
chrome.dll!ChildThread::OnMessageReceived
chrome.dll!RunnableMethod<ProfileWriter,void
chrome.dll!MessageLoop::RunTask
chrome.dll!MessageLoop::DoWork
chrome.dll!base::MessagePumpDefault::Run
chrome.dll!MessageLoop::RunInternal
chrome.dll!MessageLoop::Run
...
http://trac.webkit.org/browser/trunk/WebCore/rendering/RenderLayer.cpp#L3064
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list