[Webkit-unassigned] [Bug 41523] Crash in RenderObject::containingBlock when clearing selection in a display:none node.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 2 11:06:19 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=41523
Ojan Vafai <ojan at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Crash when clearing |Crash in
|selection in a display:none |RenderObject::containingBlo
|node. |ck when clearing selection
| |in a display:none node.
--- Comment #1 from Ojan Vafai <ojan at chromium.org> 2010-07-02 11:06:19 PST ---
#0 0x04c2eb90 in WebCore::RenderObject::containingBlock at RenderObject.cpp:597
#1 0x04ca6dac in WebCore::RenderView::setSelection at RenderView.cpp:426
#2 0x04ca792d in WebCore::RenderView::clearSelection at RenderView.cpp:554
#3 0x04d173b8 in WebCore::SelectionController::updateAppearance at SelectionController.cpp:1442
#4 0x04d19b9c in WebCore::SelectionController::setSelection at SelectionController.cpp:157
#5 0x04d1a7ad in WebCore::SelectionController::clear at SelectionController.cpp:849
#6 0x0450b368 in WebCore::DOMSelection::removeAllRanges at DOMSelection.cpp:374
#7 0x0482bc06 in WebCore::jsDOMSelectionPrototypeFunctionRemoveAllRanges at JSDOMSelection.cpp:361
Looks like "cb" in RenderView.cpp:426 is pointing to garbage.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list